Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Cyber-Informed Engineering Implementation Guide: Version 1.0 [Slides]

Technical Report ·
DOI:https://doi.org/10.2172/2004921· OSTI ID:2004921
 [1];  [2];  [2];  [3];  [1];  [4];  [1];  [5];  [1];  [3];  [2];  [1];  [2];  [5];  [1];  [6];  [1];  [3];  [1];  [7] more »;  [8];  [1];  [8];  [8];  [1];  [1];  [2];  [5];  [5];  [1];  [1];  [9];  [1];  [5];  [8];  [8];  [1];  [8];  [5];  [1] « less
  1. Idaho National Laboratory (INL), Idaho Falls, ID (United States)
  2. 1898 & Co., Kansas City, MO (United States)
  3. Nexight Group LLC, Silver Spring, MD (United States)
  4. Univ. of Texas at San Antonio, TX (United States)
  5. West Yost Associates, Davis, CA (United States)
  6. US Department of Energy (USDOE), Washington, DC (United States)
  7. Boise State Univ., ID (United States)
  8. National Renewable Energy Laboratory (NREL), Golden, CO (United States)
  9. Auburn Univ., AL (United States)
+ Show Author Affiliations

This Implementation Guide describes the principles of Cyber-Informed Engineering (CIE) and outlines questions that engineering teams should consider during each phase of a system's lifecycle to effectively employ these principles. It describes what it means to engineer systems in a cyber-informed way, rather than offering a comprehensive, step-by-step process or procedure for CIE implementation. This guide complements - but does not replace - the application of cybersecurity standards or practices currently in place within an organization. Engineers and technicians that design critical energy infrastructure installations can use this Implementation Guide to integrate the 12 principles of CIE into each phase of the engineering lifecycle, from concept to retirement. The guide is aimed at system or design engineers, rather than software engineers or operational cybersecurity practitioners. The engineers who design, build, operate, and maintain the physical infrastructure are best positioned to leverage a system's engineering design to diminish the severity of cyber attacks or digital technology failures. CIE expands cybersecurity decisions into the engineering space, not by asking engineers to become cyber experts, but by calling on engineers to apply engineering tools and make engineering decisions that improve cybersecurity outcomes. CIE examines the engineering consequences that a sophisticated cyber attacker could achieve and drives engineering changes that may provide deterministic mitigations to limit or eliminate those consequences.

Research Organization:
National Renewable Energy Laboratory (NREL), Golden, CO (United States)
Sponsoring Organization:
USDOE Office of Cyber Security, Energy Security, and Emergency Response (CESER)
DOE Contract Number:
AC36-08GO28308
OSTI ID:
2004921
Report Number(s):
NREL/TP--5R00-87145; INL/RPT--23-74072; MainId:87920; UUID:0df6365d-373d-49ef-8bfd-57b8c82a40ef; MainAdminID:70672
Country of Publication:
United States
Language:
English

Similar Records

Cyber-Informed Engineering Implementation Guide
Program Document · Tue Sep 05 00:00:00 EDT 2023 · OSTI ID:1995796
Cyber-Informed Engineering Principles: What’s in it for me?
Conference · Mon Oct 23 00:00:00 EDT 2023 · OSTI ID:2298974
On the Application of Cyber-Informed Engineering (CIE)
Conference · Fri Nov 29 23:00:00 EST 2024 · OSTI ID:2467509

Related Subjects

24 POWER TRANSMISSION AND DISTRIBUTION
97 MATHEMATICS AND COMPUTING
Cyber Informed Engineering
Cyber Resilience
Cybersecurity
Cybersecurity Culture
Security by Design
Systems Engineering