Cyber-resilient methodology on system design

In 2023, within the INTERSECT project, we developed an initial system-level perspective on cyber resilience in complex systems (TNO R11859 -available upon request). This work focused on bringing together safety, security, and cybersecurity into a unified reasoning approach, highlighting the need to address risks across multiple layers of system design. Rather than treating these domains separately, the work established the basis for an integrated methodology that connects system behavior, threats, and stakeholder concerns early in the design process.

The project was also linked to TRANSACT in which a patient’s safety measures and methodologies were explored further in detail.

From Insight to Program: seed ERP – Cyber-secure Systems by Design

These early insights led to the initiation of a Seed ERP on cyber-secure system design. The goal was to further explore how cybersecurity can be structurally embedded into systems engineering practices. Within this phase, the focus was on shaping the methodology in Research Line 1 (RL1), where we worked on structuring the approach around system concepts, stakeholder needs, and risk considerations. The methodology design was still evolving but already aimed at providing engineers with a structured way to reason about cyber resilience throughout the system lifecycle.

Methodology Development in ERP (R10875)

Following the successful Seed ERP, the full ERP allowed the methodology to mature into a structured and reusable approach. This resulted in the development of the cyber-resilient system design methodology (TNO R10875), where the earlier concepts were translated into defined workflows and levels. The methodology now provides a step-based approach that connects system design, risk management, and operational assessment, enabling traceability from high-level capabilities down to concrete resilience measures.
More information (pdf, 1.4 MB)

From Methodology to Application: SecureArch

During the evolution from Seed ERP to ERP, discussions with industry partners revealed a strong interest in applying parts of the methodology in practice - particularly in the area of risk assessment. This led to the creation of the SecureArch project, where one part of the methodology was further developed and applied in an industry-driven context. SecureArch focuses on security risk assessment within system development and operation, translating methodology concepts into actionable processes that support decision-making in real-world scenarios.