Methods for Assessing Military Systems

Is your security strategy built on data or just another opinion? In high-stakes security environments, gut instinct is not a methodology. Protecting critical infrastructure requires quantitative, repeatable frameworks that turn assumptions into defensible decisions. Here are three proven methodologies every serious security leader should have in their toolbox: 1. CARVER Methodology Originally developed by the U.S. military and intelligence community, CARVER is now a cornerstone of defensive vulnerability assessments across government and international organizations. It applies a numerical scoring model (1–5) across six dimensions: Criticality – Single points of failure Accessibility – Ease of reaching the target Recoverability – Time to restore operations Vulnerability – Effectiveness of existing controls Effect – Consequences of a successful attack Recognizability – How obvious the target is Result: prioritize assets, not hand-waving debates. 2. EASI Model Estimation of Adversary Sequence Interruption (EASI) answers a brutally honest question: Will your security system actually stop an attacker? Using Adversary Sequence Diagrams (ASDs), EASI maps every plausible attack path—from perimeter breach to final objective and calculates the probability of interruption. The weakest path is exposed, quantified, and no longer theoretical. Hope is not a control. Probability is. 3. Business Process Security Risk Assessment Security failures don’t always start at the fence line. Often, they begin inside broken processes. This methodology evaluates risks embedded in daily operations training gaps, poor task execution, weak validation revealing vulnerabilities that hardware alone can’t fix. Because even the best locks fail when procedures don’t exist. Why does this matter to your budget These methodologies don’t just find gaps they create leverage: Standardized, defensible assessments Clear justification for security investments Prioritize, cost-effective risk reduction Translation for leadership: Here’s the risk, here’s the math, here’s what we fund first. Is your organization making security decisions with data, or with opinions dressed up as experience? #SecurityAssessment #RiskManagement #CARVER #CriticalInfrastructure #PhysicalSecurity #RiskScoring #SecurityStrategy

The GC REAIM - Global Commission on Responsible Artificial Intelligence in the Military Domain policy note series has released a few more papers, including this one I collaborated on with Ariel Conn and Catherine Tessier. The paper presents an approach for assessing autonomous and AI-enabled capabilities within weapon systems. You can freely access the policy note here: https://lnkd.in/dwqbtv_w

FMEA: Mastering it Right First Time To answer increasing consumer and B2B quality demands, identifying and mitigating risks is crucial for ensuring product quality and operational efficiency. One powerful tool that helps companies achieve this is Failure Mode and Effects Analysis (FMEA). FMEA is a systematic, proactive method used to identify potential failures in a system, product or process before they occur. Developed by the U.S. military in the 1940s, FMEA evaluates how components might fail and the consequences of those failures, allowing teams to prioritize risks based on severity, occurrence, and detection. Types of FMEA ✅ System FMEA (SFMEA) : Focuses on system-level functions, interfaces, and interactions between subsystems or with the environment. It is typically used early, at architecture or concept level, to understand high-level risks before DFMEA. ✅ Design FMEA (DFMEA): Focuses on potential failures during the design phase. It helps identify risks early, ensuring that products meet safety and reliability standards before production begins. ✅ Process FMEA (PFMEA): Analyzes risks within manufacturing processes. It identifies potential issues that could arise during production, enabling teams to implement effective control plans. 7 Steps of FMEA* 1️⃣ Planning & Preparation: Assemble a cross-functional team with diverse expertise to define the scope and objectives of the analysis. 2️⃣ Structure Analysis: Identify the system or process components and their functions. 3️⃣ Function Analysis: Determine the focuses on system-level functions, interfaces, and interactions between subsystems or with the environment. Expected functions of each component and what customers expect from them. 4️⃣ Failure Analysis: Identify potential failure modes for each function through brainstorming sessions. 5️⃣ Risk Analysis: Assess the severity, occurrence, and detection of each failure mode to calculate the ‘Action Priority Number’ (APN). 6️⃣ Optimization: Develop action plans to mitigate high-risk failure modes based on their APN scores. 7️⃣ Results Documentation: Document findings and actions taken to ensure continuous improvement. Benefits of FMEA 🎯Early Detection of Risks: Identifies potential failures before they occur, allowing organizations to implement proactive solutions 🎯Cost Reduction: By addressing risks early in the design or production phases, companies can avoid expensive rework or recalls later on 🎯Improved Product Quality: Enhances reliability by detecting design flaws before they escalate into costly issues 🎯Compliance with Safety Standards: Ensures adherence to industry regulations, reducing legal liabilities associated with product failures 🎯Enhanced Collaboration: Promotes teamwork among cross-functional teams as they work together to identify and mitigate risks. FMEA is not just a risk management tool; it's a strategic approach that can significantly enhance operational excellence.

Air Force Research Lab Pioneers New AI Testing Framework for Military Systems ROME, NY - In a groundbreaking development, researchers from the Air Force Research Laboratory (AFRL) and Information Systems Laboratories, Inc. (ISL) have introduced a novel framework for #testing #deeplearning (#DL) #artificialintelligence (#AI) systems used in military applications. The research, detailed in a recently approved technical report, addresses one of the most significant challenges in modern military technology: how to thoroughly test and validate AI-driven systems before deployment. Dr. Joe Guerci, from ISL and lead author of the study, along with colleagues Dr. Sandeep Gogineni and Dr. Daniel L. Stevens, developed what they call "DE-T&E" (#DigitalEngineering Testing & Evaluation). The framework builds upon decades of AFRL's experience in radar systems and recent advances in digital engineering. "Traditional testing methods simply weren't designed for the complexity of modern AI systems," explains Dr. Guerci. "Our approach combines digital twin technology with generative AI to identify potential failures before they occur in real-world operations." The team demonstrated their framework using an advanced #radar system, showcasing how it can detect potential problems that conventional testing might miss. The work leverages ISL's RFView simulation software, which has been refined over decades of radar systems modeling. The research comes at a crucial time, following the Department of Defense's recent Instruction 5000.97, which mandates digital engineering approaches for new military programs. "What makes this approach particularly valuable is its ability to discover 'Black Swan' events - rare but potentially catastrophic scenarios that traditional testing might miss," notes Dr. Gogineni, a Senior Member of IEEE and expert in radar systems. The framework's development involved collaboration between ISL's San Diego facility and AFRL's Information Directorate in Rome, NY. The research team also included Robert W. Schutz, Gavin I. McGee, Brian C. Watson, and Hoan K. Nguyen from ISL, contributing expertise in various aspects of systems engineering and AI. This breakthrough comes as the military increasingly relies on AI-driven systems, from autonomous vehicles to advanced radar systems. The new testing framework provides a path forward for validating these complex systems while meeting rigorous military specifications. The research has been approved for public release by AFRL and represents a significant step forward in ensuring the reliability and safety of AI systems in military applications. As AI continues to play a larger role in defense technology, frameworks like DE-T&E will be crucial in maintaining the U.S. military's technological edge while ensuring system safety and reliability.