Skip to Main Content
This paper describes how the Assurance Case Approach (ACA) was applied for Cyber Security and Critical National Infrastructure resilience, using for a single asset an individual Assurance Case (AC), and for system-of-systems clustering a `Mesh' case concept. Despite its common use in the Safety domain, the ACA concept had not been applied to a dynamic situation. It allowed for Cases to be clustered using a `Mesh' Case to summarise a particular ecosystem/environment. This ACA is defined using basic elements of an assurance case ie Claim, argument and evidence - often associated with a legal analogy. Using the case study research method , the main methodology as stated in the paper combined the organisational learning cycle  with the 6-step based process based on a GSN  and CAE  notational hybrid for the construction of an argument structure. This was implemented with a CII asset, and further pilotted to demonstrate the ACA for other CII nodes . The clustering using the `Mesh' cases closely aligns with Interdependency Analysis for the UK interconnected system-of-systems. Further work is required to expand the `Mesh' case principle for the 21st century information-centric ecosystem to provide a continual resilience work process framework, which eventually must include real-time inputs.