
Managing Cyber Risk from Concept To Operation
In this section we have listed supporting papers and presentations to the CIE foundations. In addition, there is supplemental information on complimentary and supporting efforts to the program.
Written by Nuclear Threat Initiative (NTI) staff with the assistance of Michael Assante, Robert Anderson and Rob Hoffman
Cyber threats are increasingly one of the major threat facing governments and industrial facility operators. One of the foundational issues that makes protection from such attacks increasingly difficult is the complexity of today’s networks and systems.
INL Report by Robert Anderson, Jacob Benjamin, Virginia Wright, Luis Quinones, Jonathan Paz
Published March 2017
A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.
Published June 2016
Written by Virginia Wright
Cyber informed engineering (CIE) is a body of knowledge and methodologies to characterize and mitigate risks presented by the introduction of digital technology in this formerly analog environment, focused on the application of traditional engineering techniques informed by an awareness of cyber-security threat and mitigation methods. This talk will describe how managers and engineers can participate in mitigating cyber-security risk in engineering projects throughout the design and installation life cycle.
International Conference on Research Reactors: Safe Management and Effective Utilization, 2015
Written by Rob Anderson and Joseph Price
This paper examines the need for cyber-informed engineering practices that encompass the entire engineering life cycle. Cyber-informed engineering, as referenced in this paper, is the inclusion of cybersecurity into the engineering process. This paper addresses several attributes of this process and the long-term goal of developing additional cyber-safety basis analysis and trust principles. With a culture of free information-sharing exchanges, and potentially a lack of security expertise, new risk analysis and design methodologies need to be developed to address this rapidly evolving (cyber) threatscape.
RSA Conference 2019
Presenters: Virginia Wright and Andrew Bochman
It is dawning on critical infrastructure operators that even the best cyber-hygiene—the sum total of all we now do in cybersecurity—cannot be counted on to keep well-resourced attackers from touching their most critical processes and the systems that support them. This talk will introduce a new approach that draws from engineering first principals to take the highest value targets off the table.
An introduction of CIE and how it pertains to nuclear energy and cybersecurity.
By Virginia Wright
Accelerate Training provides participants with a fundamental knowledge of the CCE methodology focused on securing the nation’s critical infrastructure systems. Participants should be critical infrastructure owners, operators, vendors, and manufacturers.
To schedule training, please contact:
cce@inl.gov