21.1 INTRODUCTION

Geddes et al. (1998) informally define system of systems (SoS) to be “a collection of interacting systems embedded in a dynamic environment.” Maier (1998) provides a more precise definition that requires constituent systems of an SoS to work collaboratively toward the common SoS objective while at the same time having operational and managerial independence. Such independence implies that in addition to performing SoS-related tasks, the constituent systems have the autonomy to perform other non-SoS-related tasks as well. The most beneficial attribute of SoS is one of “achieving a total force effect, which surpasses the sum of the individual systems” (Matthews and Collier, 2003) working collaboratively to achieve SoS functionalities. These benefits, however, come at the expense of unpredictable emergent behaviors arising from interactions and collaboration (Hall-May, 2007) between multiple systems, and it is important for an SoS to selectively rein in such destructive behaviors (Edwards, 1996). Such destructive behaviors can be the result of design deficiencies that may get manifested either due to nonmalicious actions resulting from mistakes and accidents or from malicious intrusions into the cyber systems (CSs) associated with individual constituent systems. Since our focus is on SoS security, the discussion in this chapter limits itself dealing with improper SoS behaviors ...