Survivability

Definition

Survivability

the quality factor representing the degree to which a system or component prevents, detects, reacts, and adapts to harm to valuable assets caused by enemy military action

Valuable Asset

an asset that is valuable to legitimate stakeholders of the system, whereby:

• The valuable assets can be:
  • People (e.g., users, maintainers, military personnel, civilians),
  • Property (e.g., military equipment, weapons systems, civilian property),
  • The environment, and
  • Services provided by the system.
• The system is responsible for protecting the valuable assets from harm (e.g., battle damage).
• The harm must be considered significant to at least one of the legitimate stakeholders of the system.

Classification

As illustrated in the preceding figure, Survivability is part of the following inheritance hierarchy:

• Type: Concrete
• Superclass: Defensibility
• Subclasses:
  • None

Responsibilities

The typical responsibilities of Survivability are to:

• Model the degree to which a system or component prevents, detects, reacts, and adapts to harm to valuable assets due to enemy military action.
• Support the analysis and specification of survivability requirements.

Subfactors

As a kind of defensibility, survivability can be decomposed into the following two hierarchies of survivability subfactors:

• Defensibility Problem Subfactors.
  Defensibility problem subfactors represent the kinds of problems from which defensibility (including survivability) is intended to defend systems:
  • Harm.
    Harm (a.k.a., loss) is any significant negative consequence to a valuable asset:
    • TBD Harm.
      Casualties and battle damage
  • Incidents.
    An incident is any unplanned, unintended, unauthorized, (but not necessarily unexpected) event or series of related events that could cause unintentional harm to one or more valuable assets:
    • Survivability Incidents.
      Survivability incidents are incidents that could cause malicious harm to one or more valuable assets:
      • Attacks are survivability incidents intended by an attacker to cause harm to valuable assets:
        • Successful attacks are attacks that succeed in causing harm to one or more assets.
        • Unsuccessful attacks are attacks that do not succeed in causing harm to one or more assets.
  • Dangers.
    Dangers are one or more conditions, situations, or states of a system that in conjunction with conditions in the environment of the system can cause or contribute to the occurrence of one or more related incidents:
    • Threats.
      Threats are dangers that can cause survivability incidents (e.g., the existance of enemy forces).
  • Risks.
    Risk is the magnitude of the potential harm to a valuable asset occurring due to a danger. A typical conservative measure of risk is the sum (over all dangers) of the products of (1) probability that the danger will cause harm multiplied by (2) the largest credible negative impact of the harm on the asset (i.e., its criticality, severity, or damage). Using the mathematics of conditional probabilities, the probability that a danger will cause harm can be calculated (estimated) as the products of the following terms: (A) the probability that the system-internal dangerous conditions exist multiplied by (B) the probability that the system-external dangerous conditions exist given that the system-internal dangerous conditions exist multiplied by (C) the probability that an incident will occur given that the danger exists multiplied by (D) the probability that the incident will cause the harm given that the incident occurs.
    • Survivability Risks.
      Survivability risks are the risks due to threats resulting in attacks causing malicious harm to valuable assets.
• Defensibility Solution Subfactors.
  Defensibility solution subfactors represent the kinds of solutions that defensibility (including survivability) is intended to provide:
  • Protection.
    Protection is the defensibility subfactor representing the degree to which a system or component prevents [malicious] harm, dangers [threats], [survivability] incidents, and [survivability] risks.
  • Detection.
    Detection is the defensibility subfactor representing the degree to which a system or component detects the occurrence of [malicious] harm, dangers [threats], [survivability] incidents, and [survivability] risks.
  • Reaction.
    Reaction is the defensibility subfactor representing the degree to which a system or component responds to the occurrence of [malicious] harm, dangers [threats], [survivability] incidents, and [survivability] risks.
  • Adaptation.
    Adaptation is the defensibility subfactor representing the degree to which a system or component modifies itself as the result of the occurrence of [malicious] harm, dangers [threats], [survivability] incidents, and [survivability] risks to avoid them in the future.

Measures

Survivability is typically measured in terms of:

• Amount of battle damage that can be sustained while still successfully performing its mission

Mechanisms

Typical mechanisms for achieving survivability include:

• Armour
• Electromagnetic Pulse (EMP) Shielding
• Radiation Hardening
• Redundancy
• Ruggedizing

Guidelines

The following guidelines have been found to be useful when producing survivability quality subfactors:

• Survivability is improved by improving:
  • Threat avoidance (low susceptibility)
  • Threat damage tolerance (low vulnerability)