The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
The recommended approach, a standard methodology used in systems engineering,1 consists of five fundamental steps:
Defining the problem, the objectives, and the criteria for evaluating success or failure
Identifying ways to meet the objectives, namely potential R&D projects
Evaluating the alternatives identified in Step 2 against the objectives defined in Step 1
Deciding on a course of action
Implementing the decision
DOT itself is best placed to decide how to organize these steps internally, assign responsibilities for managing the various elements, and ensure their coordination with other agencies and with owners and operators throughout the transportation sector. As noted elsewhere in this report, no matter what approach is adopted, the crosscutting problem of improving security should not be divided up according to transportation modes. Rather, part of DOT's strategy should be to assign lead responsibility for security R&D to a single person or office. Other changes in organization or approach may also be necessary to implement certain elements of the strategy, such as the involvement of owners and operators. Beyond these recommendations, however, it would be outside this study's charge to take a position on organizational or procedural matters that are internal to DOT.
Defining the Problem and Objectives
The first step, defining the problem and objectives, is critical for everything that follows because it determines the criteria for evaluating potential R&D projects and making decisions. Because this is also the most difficult step, it should be given high priority and undertaken with great care. A common error is to pay insufficient attention to this step, or even ignore it completely, and jump directly to the identification of possible solutions. Perhaps thinking up potential solutions gives one a sense that rapid progress is being made and appears to provide more scope for creativity, but making that error can have serious consequences. That is why the main focus of this study is on developing a strategy for R&D rather than providing a specific agenda of R&D projects.
Defining the problem begins with identifying the needs that generated it, such as the need to prevent attacks or mitigate their impact, and describing the circumstances in which the problem exists. (The categorization of security needs will be used later to categorize R&D responses. See Box 3-1.) In general terms,
The field of systems engineering has developed an extensive body of literature and experience over the past 50 years or so. For readers unfamiliar with the field, Appendix A briefly summarizes some key points and provides references for further reading.