A Framework of Survivability Requirement Specification for Critical Information Systems

Survivability represents a system´s ability to provide essential services in the presence of attacks and failures, and to recover full services in a timely manner when the environment improves. For many critical systems used in national defense, healthcare, and utility infrastructure, survivability is a key requirement. Currently, there is a lack of research on systematic reasoning and specification of the requirements for system survivability from a user´s perspective. In this paper, we present methods that enable users to specify measureable and certifiable survivability requirements and represent their survivability policy. A survivability decision model is proposed which complies with both survivability practical evidence and theoretical models. From the perspective of system acquisition and engineering, survivability requirement is the important first step in survivability specification, compliance formulation, and proof verification. A military Command and Control (C-2) system is used throughout the paper as an illustrative example for user´s survivability requirement specification and representation.