"Engineering Cybersecurity into US Critical Infrastructure"
The Biden administration's National Cybersecurity Strategy recommends a security-by-design approach, which includes holding software vendors accountable for upholding a "duty of care" to consumers and designing systems to "fail safely and recover quickly." The strategy identifies the need to implement a "national cyber-informed engineering strategy" for energy infrastructure in order to achieve significantly more effective cybersecurity protections. To ensure high levels of safety and reliability, the engineers who build complex infrastructure systems adhere to standards and procedures. However, most of these procedures were developed before the start of modern cybersecurity and, therefore, do not make engineers consider cyber threats and design cybersecurity defenses. Through its cyber-informed engineering initiative, the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) of the Department of Energy (DOE) aims to address this issue. CESER is working with National Laboratories to educate engineers on designing systems to eliminate cyberattack entry points and mitigate their effects. Early in the system design process, engineers can identify the system's critical functions and determine how to engineer them to mitigate the effects of digital disruption or misuse. This cyber-informed engineering, when coupled with a robust Information Technology (IT) security strategy, provides the opportunity to defend systems much more effectively than IT security alone can. The Idaho National Laboratory pioneered cyber-informed engineering concepts and is collaborating with CESER to educate industry, academia, and government on how to apply these concepts to real-world problems. This article continues to discuss cyber-informed engineering.
Harvard Business Review reports "Engineering Cybersecurity into US Critical Infrastructure"