Cyber-Informed Engineering: The Need for a New Risk Informed and Design Methodology
- Idaho National Laboratory
Current engineering and risk management methodologies do not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Current methodologies focus on equipment failures or human error as initiating events for a hazard, while cyber attacks use the functionality of a trusted system to perform operations outside of the intended design and without the operator’s knowledge. These threats can by-pass or manipulate traditionally engineered safety barriers and present false information, invalidating the fundamental basis of a safety analysis. Cyber threats must be fundamentally analyzed from a completely new perspective where neither equipment nor human operation can be fully trusted. A new risk analysis and design methodology needs to be developed to address this rapidly evolving threatscape.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE National Nuclear Security Administration (NNSA)
- DOE Contract Number:
- AC07-05ID14517
- OSTI ID:
- 1236850
- Report Number(s):
- INL/CON-15-34244
- Resource Relation:
- Conference: International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange , Vienna, Austria, 6/1/2015 - 6/5/2015
- Country of Publication:
- United States
- Language:
- English
Similar Records
Risk informed cyber security for nuclear power plants - 342
Countering Cyber Sabotage: Introducing Consequence-Driven Cyber-Informed Engineering (CCE)
Related Subjects
Engineering
Methodology
Nuclear
Risk
Consequence-Driven Cyber-Informed Engineering
Cyber-Informed Engineering
CIE
CCE
Cybersecurity Resilience
Consequence-based Targeting
Energy Transition
Integrating Cybersecurity
Cyber Risk
Cyber Supply Chain Risk
Cyber-Resilience
Cyber Threat and Vulnerability