Citing the need for robust engineering practices and modern weapon systems to defeat adversaries, the Department of Defense adopted a Digital Engineering (DE) strategy for the development of critical defense systems. DE is an integrated digital development approach that leverages structure in an organization’s data to support life cycle activities from system concept through system disposal. This approach includes the usage of software to integrate data across systems, which is radically different than the traditional process of designing systems that rely on manual synthesis of data.

Three use cases– cybersecurity, product lifecycles and mission engineering – have come to the forefront of the conversation about how to best infuse digital engineering practices into the development of DoD systems.

Cybersecurity is a particularly important area of focus because of the known breadth and depth of attacks and the myriad of bad actors – from cybercriminals to nation states – intent on doing harm to the United States or our interests. This is why, in 2022, the DoD re-issued its cybersecurity Risk Management Framework (RMF) for DoD systems, which establishes framework and policy, assigns responsibilities, and prescribes procedures for executing and maintaining the RMF.

The Challenge: Managing Risk Amid Engineering Complexities

The engineering complexity and precise tooling that exists today can yield tremendous amounts of cybersecurity data that are inherently interrelated. This can make cyber risk management, including adherence to the RMF, exponentially more difficult. It also renders traditional document-based engineering processes unmanageable. As requirements change, budgets change, tests fail, or schedules slip, teams miss a critical opportunity to leverage this data.

At the same time, many of the current DoD cybersecurity practices and tools are often disconnected from virtual infrastructure, increasing the time needed to achieve and sustain an Authorization To Operate (ATO) on government networks. Clearly, a different approach to both IT system development and their associated ATOs is needed.

The Approach: Digital Engineering to Enhance Threat Detection

GDIT’s DE approach, an agile, non-linear, and model-driven framework, includes digital threads that provide continuous awareness of the performance of cybersecurity controls.

GDIT’s DE approach also includes a model profile that contains a stereotype for cyber controls. As an example, we can examine a “System-Generated Alerts” control and deploy system monitoring software to generate alerts. When an IT engineer works alongside a cyber analyst to develop the appropriate solution for this control, our framework automatically updates its digital thread and builds a model of the solution to relate it to the applicable cyber control. From there, we use our visualization solution to allow users to further interact with the data via queries, searches, and filters.

The Impact: Increased Security, Faster Compliance

By populating a digital thread with cybersecurity data during the lifecycle of an IT system, stakeholders have access to the information they need to make an objective analysis, resulting in faster decisions with increased security. This is an important distinction because in document-based implementations, such information is typically lost.

The increased awareness also enhances threat detection and the security of IT systems and reduces time to ATO. It allows organizations to achieve a level of precision in digital engineering with traceability through all phases of the systems engineering lifecycle: program definition (concept of operations; requirements and architecture; design), implementation, and project test and integration, including verification, validation, operations, and maintenance.

With these clear and tangible benefits, it’s easy to see why digital engineering is the future of modern engineering – within the DoD and beyond.