Shifting Left for Energy SecurityApril 4, 2023 Tweet
Interview with Ginny Wright, Program Director at Idaho National Lab, and Marc Sachs, former White House Advisor and Deputy Director for Research at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security
Managing Risk from Concept to Operation: This is the focus of the Cyber-Informed Engineering Initiative (CIE), originated by Idaho National Laboratory (INL) and advanced by the Department of Energy. Grown from earlier Congressional direction regarding threats to the national energy infrastructure identified by the Office of National Intelligence, the recommendations reflect an ‘evolutionary’ shift to a ‘security-by-design’ mindset, according to Jennifer Granholm, Secretary, U.S. Department of Energy.
The National Strategy for CIE was published in June of 2022, and program directors have since been focused on execution and quick implementation across the existing energy infrastructure and into new development and technologies. It is already gaining interest across the country and overseas.
In this video interview, “Ginger” Wright and Marc Sachs talk about their involvement in the CIE program since its early days, and how they helped create the national strategy for Congress to protect the U.S. power infrastructure.
“The DOE took a bold approach with the advice of academics, government officials, asset owners, vendors, and the national laboratories. They developed plans to make everyone aware of cyber-informed engineering and add it to engineering education so today’s engineers can start to perform risk management regarding cyber failures and adversary action against digital devices as part of their core engineering risk management,” Wright explains.
In other words, engineers that understand safety, and CIE enables them to help developers incorporate cyber, they say.
CIE addresses a broad range of principles from secure information architecture, design simplification, digital asset awareness, interdependency evaluation, supply chain, culture and training, layered defenses, and resilience. In this interview, Wright and Sachs distill down these best practices and how they can be implemented across engineering and development organizations.
Additional Resource Links:
- Addressing IOT’s Impact on Software Engineering, a GrammaTech whitepaper
- NIST Cybersecurity Framework (for Improving Critical Infrastructure Cybersecurity)
- MITRE ATT&CK®
- Consequence-Driven CIE
- Cyber Testing for Resilient Industrial Control Systems
- Explainable AI in DOE Development
Get involved in CIE Communities of Practice: email email@example.com
Click here for a Free SBOM from GrammaTech, and get started with your SBOMs.