Information and communications technology (ICT) is an umbrella term that includes any communication device or application, encompassing: radio, television, cellular phones, computer and network hardware and software, satellite systems, and so on, as well as the various services and applications associated with them, such as videoconferencing and distance learning. Traditional and conventional approaches to the design, implementation, and validation of ICT systems typically deal with one core system concern or two system concerns at a time, for example, the functional correctness or reliability of an enterprise system, or security and privacy of a database. Additional aspects are often addressed by a separate engineering activity. 

This separation of concerns has led to system engineering practices that are not designed to reflect, detect, or manage the interdependencies of such aspects, for example, the interplay between security and safety in modern car electronics, or between security, privacy, and reliability in connected medical devices. Current trends and innovation in ICT, however, suggest a convergence of disciplines and risk domains in order to deal effectively and predictively with such interdependencies. But due to the inherent complexity of such interdependencies and the dynamic operational environments, identification and mitigation of composite risks in systems remains a challenge. 

The environment that requires risk management and mitigation be a central and integral part of engineering methods for future ICT systems. To address the requirements of the modern computing environment, we need a new approach to risk, where risk modeling is included in design as its integral part. In this chapter, we identify some of the key challenges and issues that a vision of risk engineering brings to current engineering practice; notably, issues of risk composition, the multidisciplinary nature of risk, the design, development, and use of risk metrics, and the need for an extensible risk language. The chapter provides an initial view on the foundational mechanisms we need to build in order to support the vision of risk engineering: risk ontology, risk modeling and composition, and risk language.