Defining Example: The Internet
System: The system consists of the network of hosts, routers, and other devices connected to the Internet. People interact with the devices connected to the Internet and, through them, with each other. Software runs on the devices. Web sites, service providers, and other organizations exist at higher levels of aggregation of people, devices, and software.
Environment: The internet is embedded within modern society to such a degree that it can be accessed from nearly anywhere within the developed world.
System of Systems: The hosts, routers, devices and the people, organizations, infrastructure that use them may all be viewed as complicated and complex systems in their own right.
Complex: The interactions between entities in the Internet give rise to behaviors that can not be predicted simply from knowledge of the properties of the entities themselves, even assuming that were possible in principle. New innovations in software/devices or small changes in state, such as whether a particular user clicks on an e-mail attachment infected with a virus or not, can lead to large changes in Internet state (and large-scale observables such as traffic patterns).
Adaptive: Software, devices, and organizations undergo adaptive change constantly, either in response to competitive pressures, as a result of failures of components that require replacement, or simply in response to changes in traffic patterns (e.g. to avoid congestion). People are inventing and using the system; people learn.
Aspirations: Security is difficult owing to the complex interactions between different components of hardware and software even at the level of individual hosts and devices. Control systems for vital installations such as power plants are connected to the Internet for ease of administration and to facilitate collection and processing of data, but this introduces vulnerabilities. Other critical infrastructures, such as financial organizations and governments, maintain connections to the Internet to facilitate their operations, which also exposes them to attacks that originate on the Internet. Ideally, we aspire to protect the privacy of individuals and organizations, the integrity of financial and other transactions, and the vital installations and systems that use the Internet.
Approaches: The internet is constantly evolving; all possible approaches can and must be applied to this system across the spectrum from observation, experiment, design, control, manipulation, to modeling.
Attainability: At present, it is very hard to analyze the security properties of systems that maintain connections to the Internet due to the large number of interactions between software and hardware on these systems and other software and hardware entities on the Internet. In addition to the increasing numbers of entities and interactions among them, the growth in software and hardware complexity over time exacerbates the difficulty of ensuring secure connectivity. This growth in complexity, on the other hand, is being driven by competitive pressures to make hosts and other devices more useful and flexible.