Cyber-Informed Engineering: The Need for a New Risk Informed and Design Methodology
- Idaho National Laboratory
Current engineering and risk management methodologies do not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Current methodologies focus on equipment failures or human error as initiating events for a hazard, while cyber attacks use the functionality of a trusted system to perform operations outside of the intended design and without the operator’s knowledge. These threats can by-pass or manipulate traditionally engineered safety barriers and present false information, invalidating the fundamental basis of a safety analysis. Cyber threats must be fundamentally analyzed from a completely new perspective where neither equipment nor human operation can be fully trusted. A new risk analysis and design methodology needs to be developed to address this rapidly evolving threatscape.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE National Nuclear Security Administration (NNSA)
- DOE Contract Number:
- AC07-05ID14517
- OSTI ID:
- 1236850
- Report Number(s):
- INL/CON-15-34244
- Country of Publication:
- United States
- Language:
- English
Similar Records
Risk informed cyber security for nuclear power plants - 342
Critical infrastructure systems of systems assessment methodology.
Related Subjects
CIE
Consequence-Driven Cyber-Informed Engineering
Consequence-based Targeting
Cyber
Cyber Risk
Cyber Supply Chain Risk
Cyber Threat and Vulnerability
Cyber-Informed Engineering
Cyber-Resilience
Cybersecurity Resilience
Energy Transition
Engineering
Integrating Cybersecurity
Methodology
Nuclear
Risk