Introduction

The safe and secure functioning of critical systems is dependent on system behavior, human behavior, and interactions among systems and humans. While current model‐based systems engineering (MBSE) approaches and tools enable excellent capture of known and wanted behaviors, they generally fall short on ability to assist with the discovery of unknown and unwanted behaviors that have not yet been considered or documented. This is a hard problem because “unknown unknowns” seem by definition to be out of reach. Scenarios that could cause things to break down are often difficult to expose before seeing examples of those breakdowns (too often, during real operations). But a new approach and tool developed at the Naval Postgraduate School is shedding a glimmer of light on this dark corner. The Monterey Phoenix (MP) modeling environment was designed to model behaviors and interactions exhaustively to help us map out what we know we want. Students and researchers were surprised to find an additional property not deliberately designed into MP: the sets of synthetic example scenarios that MP generates also contained some unexpected yet plausible behaviors for the modeled system. That is, behaviors that no one on the project thought about before seeing them in MP‐generated scenarios.

This is a highly relevant ...