Cyber-Informed Engineering

Managing cyber risk from concept to operation 

Cyber-Informed Engineering (CIE) builds tools for high-level implementation into curriculum, design standards, certification and curriculum accreditation.

CIE deepens the cybersecurity protections for critical infrastructure by providing guidance to allow defenses from cyber attack to be engineered in from the early design lifecycle of infrastructure systems. It provides additional mechanisms to mitigate the worst consequences of cyber-attack and leverages digitally-based defenses prioritized by the consequences of cyber attack to the process and infrastructure of the critical infrastructure asset owner. CIE provides a framework for a change in philosophy and engineering practices for system design to proactively secure existing infrastructure and build novel future technology designed to withstand the modern and future cyber-adversary.

The DOE Office for Office of Cybersecurity, Energy Security, and Emergency Response (CESER) sponsors INL CIE initiatives and coordinates the CIE program that includes Idaho National Laboratory (INL); the National Renewable Energy Laboratory (NREL), and industry, academic, and other partners in support of the Department of Energy’s National Cyber-Informed Engineering Strategy, and the National Cybersecurity Strategy.

Implementing the Cyber-Informed Engineering Strategy

CIE Resource Library

CIE Implementation Guide

National Cyber-Informed Engineering Strategy

The U.S. Department of Energy’s National CIE Strategy seeks to guide energy sector efforts to incorporate cybersecurity practices into the design life cycle of engineered systems to reduce cyber risk.

DOE CIE Strategy Document

National Cybersecurity Strategy

The Department of Energy’s National CIE Strategy was highlighted in the National Cyber Strategy, published in March, 2023 to ensure proactive cybersecurity for our clean energy future.

National Cybersecurity Strategy Implementation Plan

CIE is integral to the nation’s National Cybersecurity Strategy Implementation Plan. In section 4.4.3, DOE announces an initiative to build and refine training, tools, and support for engineers and technicians using Cyber-Informed Engineering principles.


CIE COMMUNITY OF PRACTICE

2nd Wednesday of January, April, July, and October 9 AM MT / 11 AM ET quarterly

Standards Working Group
1st Wednesday at 9 AM MT / 11 AM ET monthly 

Education Working Group
3rd Wednesday at 9 AM MT / 11 AM ET monthly

Development Working Group
4th Wednesday at 9 AM MT / 11 AM ET monthly

CIE Highlights

CIE is the WHAT and CCE is a HOW

The Department of Energy (DOE) and INL have developed a framework to guide the application of cybersecurity principles across the engineering design lifecycle. The Cyber-Informed Engineering (CIE) framework and body of knowledge drives the inclusion of cybersecurity as a foundational element of risk management for engineering of functions aided by digital technology. Consequence-Driven Cyber-Informed Engineering (CCE) is a rigorous process for applying CIE’s core principles to a specific organization, facility, or mission by identifying their most critical functions, methods and means an adversary would likely use to manipulate or compromise them, and determining the most effective means of removing or mitigating those risks.

CIE emphasizes “engineering out” potential risk in key areas, as well as ensuring resiliency and response maturity within the design of the engineered system. The following CIE framework shows some of the key focus areas and how the relate to the CCE Methodology. CCE walks an organization through core components of CIE in CCE’s 4-phase process to evaluate and remove or mitigate weaknesses in their critical functions.

Auburn University hosts Energy Security: Cyber Informed Engineering

INL’s Zach Tudor and other industry leaders discussed this CIE strategy, why it matters and how you can help with implementation.

More

Fermilab Colloquium 2016

Cyber informed engineering (CIE) is a body of knowledge and methodologies to characterize and mitigate risks presented by the introduction of digital technology in this formerly analog environment, focused on the application of traditional engineering techniques informed by an awareness of cyber-security threat and mitigation methods. This talk will describe how managers and engineers can participate in mitigating cyber-security risk in engineering projects throughout the design and installation life cycle.

More

Resilience Week CIE Presentation

October 19-23, 2020

By Virginia Wright

More

Better Securing the Now and the Next: Applying Engineering Base Principles to Achieve Demonstrably Better Cybersecurity

Pesented by Andy Bochman and Virginia Wright

More

CIE – Domestic Nuclear Cyber

An introduction of CIE and how it pertains to nuclear energy and cybersecurity. 

By Virginia Wright

More

Contact Information

Michelle Farrell

Cyber-Informed Engineering Program Team

Cyber-Informed Engineering (CIE)

Idaho National Laboratory