Cyber-Informed Engineering Guidance—Implementing CIE in Early Systems Engineering Lifecycle Stages

Traditionally, cybersecurity is not considered in the design process. Design engineers typically focus on building safety and reliability into their products and applications. Security against malicious cyber incidents is often an afterthought, resulting in deployment of security solutions during installation or operation. Unfortunately, waiting to consider cybersecurity until later in the systems engineering lifecycle often results in less effective and more expense security. Idaho National Laboratory (INL) developed the concept of Cyber-Informed Engineering (CIE) in 2015 to provide a framework that enables cybersecurity to be built into systems beginning at the conceptual design stage. In addition to ongoing research by INL, the U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security, and Emergency Response has recently developed a National CIE Strategy document for incorporating CIE into the design and operation of infrastructure systems reliant on digital monitoring or controls. This paper provides a brief review of this National CIE Strategy as well as a roadmap to historical, current, and future CIE research by INL through the U.S. DOE Office of Nuclear Energy (NE) Cybersecurity Crosscutting Technology Development Program. A near-term focus of the DOE-NE’s research and development is to extend the foundational CIE work into detailed guidance for implementation during initial systems engineering stages in nuclear digital instrumentation and control projects and to demonstrate use of the guidance in an integrated energy systems project.