Resiliency in Systems Engineering Context
Bill Scherlis is a professor of computer science at Carnegie Mellon University (CMU). He recently completed a second tour at DARPA, where he served as Director of the Information Innovation Office (I2O) from Sept 2019 to May 2022 and as Special Assistant to the Director from May to Sept 2022. As I2O director, he led program managers in the development of research programs in cyber operations, secure and resilient systems, AI, and information operations. As special assistant, he developed technical strategy for the engineering of secure, adaptable, resilient, and capable systems (SARC).
He is currently serving as a Special Advisor to the Director of the CMU Software Engineering Institute and, additionally, as a Special Advisor to the CMU VP for Research.
Prior to the recent DARPA tour, Scherlis served for twelve years as head of the Institute for Software Research in the CMU School of Computer Science. He founded the CMU PhD program in software engineering, now in its third decade. He joined the Carnegie Mellon faculty after completing an A.B. at Harvard University in applied mathematics, a year in the Department of Artificial Intelligence at the University of Edinburgh (Scotland) as a John Knox Fellow, and a Ph.D. in computer science at Stanford University. His research relates to software assurance, cybersecurity, software analysis, and safe concurrency.
Scherlis has testified before Congress on federal software sustainment, on computing technology and innovation, and on roles for a Federal CIO. He has chaired two National Research Council (NRC) study committees. He is a Fellow of the IEEE and a lifetime National Associate of the National Academy of Sciences.
ABSTRACT
We consider possibilities for advancing the practice of engineering mission systems that are both highly capable and significantly more resilient, secure, and adaptable. Although our community has discussed means, motives, and opportunities over a period of many years, I believe that it is now timely to take bold steps. This is due to a confluence of factors that include not just technology advances and growth in threat capability, but also rapidly evolving mission aspirations, successes in adapting acquisition practice, and adaptations to business norms in the supply chain.
My talk focuses primarily on technology drivers, but also touches on how they interact with the mission and business realities. Technology drivers include both challenges, such as the expanding attack surfaces in both software and hardware, and opportunities, which range from new kinds of technical evidence to support assurance judgments to the design of architectural structures to enhance resiliency of large heterogeneous systems.