First, it's worth starting by providing some background on why you should care about data centricity. If you live in the defense space as I do, you will be intimately familiar with the Department of Defense (DoD) push toward data centricity. As you should recall, in 2020 the U.S. Air Force's Chief Data Office introduced VAULTIS (Visible, Accessible, Understandable, Linked, Trustworthy, Interoperable, Secure) strategy. Its goal was to accelerate the DoD’s transition to becoming a data-centric organization that uses data at speed and scale for operational advantage and increased efficiency.  

Since then many talks originating from within the DoD have continued to stress the need for it. As recently as 18 Jan 2024, the Defense Innovation Board published "BUILDING A DoD DATA ECONOMY," which focuses on how data centricity is needed to solve myriad defense systems problems. The report states that the DoD needs a unified, scalable, seamless data access approach. 

A key takeaway is that by adopting a data centric approach it will enable the DoD to develop and deploy critical defense systems faster.

Given the efforts to push for this important change in how we design defense systems, why is wide-scale adoption happening so slowly? The report states "the open-systems approach simply equates to lost revenue for defense contractors," so perhaps they aren't as motivated. The report's proposal to address this is to add new requirements to the NDAA in 2025, including the need for "all DoD vendor agreements to incorporate clear language on data rights and interoperability that manages data procured or generated under defense industrial contracts, and that facilitates, safeguards, and future-proofs DoD’s access to this data."  If this takes effect, it would be HUGE!

As the world's leading expert in data-centric software communications over the last 20 years, RTI is naturally on board. At the request of the Navy, we helped create the Object Management Group^® (OMG^®) Data Distribution Service (DDS^™) standard. It is the only transparent data-centric communications protocol – meaning, the structure of the entire network packet, including all of the data payload attributes, are known to the network. This brings enormous value, both to the DoD and to the system. We can utilize this information to optimize the flow of data, and secure the data in ways that were previously impossible.

Model-Based Systems Engineering

Model-Based Systems Engineering (MBSE) is an approach to systems engineering that uses models as the primary means of information exchange, rather than traditional documents. MBSE aims to improve the understanding, communication, and management of complex systems through the use of digital models, facilitating analysis, validation, and verification across the entire life cycle of the system. MBSE provides the ability to capture several aspects of a system's design: System and Software Requirements, Design Descriptions, Interface Definitions, Data and Information Modeling, System and Software Architecture, and Testing and Validation. However, the depth of detail of the models that are developed is left to the user.

Of late, MBSE is having an important resurgence within the DoD, and in particular the Department of the Air Force (DAF) – though we frequently run into customers across the DoD that are using MBSE, and most often Dassault Cameo System Modeler™ in particular.

When the models are developed with detail, the value of MBSE can be realized throughout the product life cycle – if rigorous processes are followed. However, this often doesn't happen because these added processes can slow software development.  In such cases, MBSE is used during the design phase and then abandoned. As software development continues, the developers choose not to propagate design changes back to the models – which ends up significantly reducing their value. A lack of integration with the rest of the software development chain can be a contributing factor. 

While this less rigorous approach has its upsides in the way of faster more agile development, users end up losing all of the potential downstream value that it can bring to enhance efficiency, reduce risks, and improve system quality and adaptability. Our research is producing compelling reasons to reconsider this.

The Intersection of Data Centricity and MBSE

Dassault Cameo (branded as NoMagic MagicDraw before Dassault acquired it) has long supported the OMG DDS constructs (participants, topics, publishers, subscribers, data types, and QoS) so that systems architects could include them in their models. Once completed they could generate the corresponding DDS IDL that could be used for downstream development with RTI Connext. This capability provides important  upstream benefits at design time: it eliminates the need to handcraft these files (which will be especially cumbersome for very large systems), allowing you to move to the software development phase sooner. Yet this just skims the surface of the myriad benefits that data-centric MBSE could bring. We have been exploring several directions over the past five years (and continue to explore) under an array of defense research contracts.

Research to Advance the Potential for Data-Centric MBSE

Under a series of research funding efforts supported by DARPA and the DAF, RTI's Research Team has been exploring and developing additive capabilities tied to data centricity that has the potential to bring value to MBSE throughout the product lifecycle –from development to operation, including delivering substantial cost savings in development time; design, development, and operational cybersecurity benefits; and, easing future system evolution and integrations.

Here we highlight two important research efforts:  

1. Modeling Data-Centric Cybersecurity. This effort has focused on introducing threat modeling constructs into SysML using Cameo. These constructs facilitate the user's ability to document threats to the target system using our prototype Cameo DDS Security plugin. By elevating cybersecurity to first-citizen status within their models, this brings important additive value to MBSE:  it provides a means to capture security requirements and a vehicle for traceability.
   
   However, the real innovation is that our plugin will validate the correctness of the threat models, and subsequently auto-generate all of the configuration files needed to configure the system's DDS security protections. This eliminates the need to hand configure and craft these security configurations, which is a highly complex and error prone effort. See our recent Future Airborne Capability Environment^® Consortium paper on our plugin: MBSE-Driven Cybersecurity.
2. Detecting Operational Deviations. Building off of the research above, we are exploring how we can utilize data-centric MBSE models to detect deviations (threats, anomalies, faults) in operational behaviors. Most existing commercial threat and anomaly detection solutions leverage AI to try to figure out what is going on within the network. Because the network payloads are opaque, customers often pay for data dissectors to look inside to help the cyber software try to figure out what's going on. Of course, this approach to attempt to understand what your system is doing in order to detect threats and anomalies will only get you so far.
   
   However, these payloads are transparent to Connext, because it is data-centric and built on DDS. Connext can therefore actually see each and every data type that each source emits, and what each data sink consumes.  

By comparing the observed network communications against the user's Cameo models, we can now quickly and accurately detect and visualize these deviations, eliminating false positives – and we can detect new classes of deviations. These capabilities can add immeasurable benefit when using MBSE –well beyond the initial design stage of a system.  

Data-centric MBSE represents a significant leap forward in enhancing the Department of Defense's (DoD) operational capabilities and security posture. RTI's pioneering MBSE work in cybersecurity models and anomaly detection, showcases just a few of the practical benefits and the critical importance of adopting a data-centric approach in defense systems engineering. In the future we plan to share further blogs on our MBSE-related research activities, as we move towards the potential enactment of new requirements in the NDAA 2025.

About the author:

Paul Pazandak, Director of Research, RTI

With over 25 years of experience in leading and executing advanced research projects, Paul manages the RTI Research team. Working on cutting-edge technologies in domains such as distributed systems, AI, machine learning, cybersecurity, medical device communications, and more, RTI Research collaborates with RTI’s Products group to develop new and innovative capabilities for our customers.

Paul maintains strategic and tactical partnerships with Fortune 100 companies, national labs, academia, and the DoD to create and deliver impactful research that solves real-world challenges.