As highlighted in our previous articles, cybersecurity has become a central concern for organizations designing and operating complex cyber-physical systems.
In his article, Stéphane Lacrampe explained how Model-Based Systems Engineering (MBSE) enables a system-level understanding of cyber risks, improves collaboration between stakeholders, and facilitates impact analysis. Building on this, Victor Roland explored how MBSE supports compliance with major European regulations such as NIS2 and the Cyber Resilience Act (CRA).
Across both frameworks, a common need emerges. Organizations must understand their systems in depth, assess risks continuously, and demonstrate compliance through structured and traceable information.
MBSE provides the right foundation to address these challenges. The question then becomes: How can this approach be effectively implemented in practice?
Why Capella is particularly well suited for cybersecurity challenges
Capella is a widely adopted MBSE tool designed to support the engineering of complex systems. Its strengths go beyond modeling capabilities alone. They lie in its methodological foundation and its ecosystem.
One of Capella’s key differentiators is its native support for the ARCADIA methodology. Unlike generic modeling tools, Capella is built around a structured engineering approach that guides users from operational analysis to system architecture and design, while managing requirements in a transversal way. This makes it possible to link requirements to elements across all layers of the system, ensuring strong consistency between stakeholder needs, architecture, and design choices.
This is particularly relevant for cybersecurity. ARCADIA promotes a clear understanding of system context, stakeholders, and interactions before diving into technical solutions. It helps identify critical assets, interfaces, and dependencies, which are essential for assessing cyber risks in cyber-physical systems.
Another important aspect is traceability, which is central to both NIS2 and CRA compliance. Capella can be integrated with external requirement management tools such as Polarion, DOORS Next, Jama Connect, or Codebeamer®, through solutions such as Publication for Capella. This integration makes it possible to connect cybersecurity requirements to system elements in a consistent way, ensuring alignment between engineering and compliance activities.
In addition, a tool like M2Doc enables the generation of structured documentation directly from Capella models. This is particularly useful for producing compliance evidence, audit reports, or technical documentation that highlights the links between requirements, architecture, and risk mitigation measures.
Together, these capabilities make Capella a strong platform to implement MBSE in a cybersecurity context, bridging the gap between system engineering, risk management, and regulatory compliance.
Going further with DARC: Integrating cybersecurity into system models
While Capella provides the foundation, addressing cybersecurity in a structured way often requires additional capabilities. This is where the DARC (Design Assurance and Risk Control) open-source add-on comes into play.
DARC extends Capella by introducing concepts and tools dedicated to cybersecurity analysis directly within the system model.
One of its main contributions is the ability to model threats, vulnerabilities, and risks in relation to system elements. Instead of managing cybersecurity as a separate activity, DARC integrates it into the engineering process. Components, functions, and interfaces can be associated with potential threats or weaknesses, making risks explicit within the architecture.
DARC also introduces the notion of Primary Asset, which represents the critical elements that must be protected, such as sensitive data, essential functions, or mission-critical capabilities. By explicitly identifying these primary assets within the model, it becomes easier to focus risk analysis efforts, assess potential impacts, and prioritize protection measures. This asset-centric approach strengthens the link between system architecture and cybersecurity objectives, ensuring that the most critical elements are consistently taken into account throughout the engineering process.
DARC also supports the definition of security requirements and countermeasures, and their allocation to system elements. This reinforces the secure-by-design approach by ensuring that mitigation strategies are directly linked to identified risks.
Another key capability lies in risk assessment and analysis. By leveraging the system model, DARC helps evaluate the impact of threats, identify critical components, and prioritize mitigation actions. This is made possible through the use of dedicated cybersecurity layers, which extend standard Capella diagrams to graphically identify concepts such as threats, vulnerabilities, and risks. A layer allows the presentation of a diagram to be adapted in order to focus on specific aspects of the modeled system, without altering the underlying architecture. By activating these layers, users can switch to a cybersecurity-focused view of the system, making analyses more efficient and aligned with the need for impact analysis highlighted in previous articles.
Traceability is again a central benefit. DARC makes it possible to establish links between threats, vulnerabilities, risks, requirements, and architectural elements. This structured view is essential to demonstrate how cybersecurity is addressed, which is a core expectation of both NIS2 and CRA.
Finally, DARC contributes to better collaboration between stakeholders. By embedding cybersecurity concepts into the same model used by system engineers, it creates a shared language between engineering, cybersecurity, and compliance teams.
Conclusion
Cybersecurity is now a fundamental dimension of system engineering, reinforced by regulations such as NIS2 and the Cyber Resilience Act.
As discussed in our previous articles, MBSE provides the necessary foundation to address these challenges. Capella brings this approach to life through a structured methodology, strong traceability capabilities, and an ecosystem that supports integration and documentation.
With the addition of DARC, cybersecurity can be fully integrated into system models, from risk identification to mitigation and compliance demonstration. This combination enables organizations to move beyond fragmented approaches and adopt a consistent, model-based strategy to design secure and resilient systems.
Feel free to get in touch to discuss this sensitive topic.