Cyber-informed engineering principles for designing secure infrastructure systems

The Biden administration seeks to shift the approach of “let the buyer beware” to a security-by-design strategy for critical infrastructure software systems

A security-by-design strategy includes making software vendors liable for upholding a “duty of care” to consumers and designing software systems to “fail safely and recover quickly"

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is leading the national cyber-informed engineering initiative to improve cybersecurity protections for infrastructure systems

CESER and National Laboratories are working to educate engineers on designing systems that limit the impacts of cyberattacks and remove avenues for digital disruption or misuse

Cyber-informed engineering principles require the identification of critical functions and subsystems with the potential for catastrophic consequences if misused by adversaries

Cyber-informed engineering provides opportunities to protect systems more effectively than IT security alone can by using engineered controls

Cyber-informed engineering also calls for engineers to plan response approaches that allow the overall system to continue to function even when critical elements or features are knocked out of commission

Know More

Learn more about active threat actors and insightful information from Sectrio's OT and IoT global threat landscape assessment report 2023