Engineering-Grade security in the US DOE Cyber Informed Engineering Strategy | Episode #100

Picture of Waterfall team

Waterfall team

Apple Podcasts Google Podcasts Spotify RSS Icon

Cyber Informed Engineering – the new US DOE Strategy includes unhackable safeties, manual operations, and other engineering-grade protections, in addition to traditional cybersecurity. In a very special episode #100 of the Industrial Security Podcast, Cheri Caddy, the USA’s Deputy Assistant Cyber Director joins us to look at the strategy to create a new engineering discipline – one in which engineering principles, tools and techniques contribute every bit as much as do traditional IT security techniques.

 
Listen now or Download for later

SUBSCRIBE

THE INDUSTRIAL SECURITY PODCAST HOSTED BY ANDREW GINTER AND NATE NELSON AVAILABLE EVERYWHERE YOU LISTEN TO PODCASTS​

Go To The Podcast Channel ️

“Designing the physical parts of the system

so that they can’t be compromised

requires a change of mindset – a change in thinking.”

Cheri Caddy

Cheri Caddy is back in the White House after several years working with national labs in the Department of Energy. At the DOE, Cheri led the development of the new national CIE strategy. While the strategy started as focused on the energy sector, Cheri reports that the scope is broadening to include multiple industries, and especially critical infrastructures.


OT security trends 2022 US DOE National Cyber-Informed Engineering Strategy-June 2022
DOE Cyber-Informed Engineering Strategy Report

Cyber-Informed Engineering

In very broad terms, the strategy plots a course to a new engineering discipline. Most engineers who are involved in plant automation need to understand at least some cyber risk and cybersecurity principles and practices. Digging deeper, a number of kinds of engineers have much more concrete contributions to make to the job of managing threats to public safety and to reliable operations due to cyber threats. In particular:

  • Safety engineering – if physical mitigations such as over-pressure valves can prevent injuries, casualties and impacts on public safety, then no cyber attack can bring about those unacceptable outcomes.
  • Automation & protection engineering – if focusing protections from cyber threats on protective relays and other equipment protection systems can prevent damage to important and long-lead-time equipment, then no cyber attack can bring about these unacceptable outcomes.
  • Network engineering – if we can design networks so that online attacks simply cannot reach automation equipment, then no online attack from the IT network or from the Internet can bring about unacceptable outcomes.

cyber informed engineering tacoma narrows bridge collapse howard clifford running off
Engineering, not “hope”

Cybersecurity

Cybersecurity has a role to play as well, but cybersecurity protections are generally not seen as engineering-grade. For example, imagine that we have a high-tech bridge that must be actively controlled to suppress harmonics and safely support the specified traffic loads – controlled by computers. The worst-case consequences of compromise are that the bridge collapses, because it is controlled incorrectly on a windy day, or in the middle of rush hour.

If we deploy a classic NIST Cybersecurity Framework program to protect the bridge automation, what do we have? We have all of our IT and OT and Internet networks connected, with a few firewalls and software security measures thrown in. We hope that no attack can breach these defenses, but we know that’s not true. All software has vulnerabilities after all, both discovered and undiscovered. So, we deploy the detect, respond and recover pillars of the NIST CSF. And we hope to detect attacks in progress before they cause unacceptable consequences – the bridge collapsing. We hope that we can scramble incident response teams and have those teams interrupt the attack before there are unacceptable consequences. And if the attack succeeds, we hope that our response teams can recover full operation again before the bridge collapses.

Would you drive across this bridge every day if you knew the design engineer hoped that the bridge would stand up to the specified load for the specified number of decades? Hope is not good engineering.

A Strategy

The new US CIE Strategy does not however define the new engineering discipline, it lays out a roadmap to such a definition. Idaho National Labs has launched a new Community of Interest / Community of Practice (CoI / CoE) to help define the body of knowledge that will become Cyber-Informed Engineering, propagate that body of knowledge into educational institutions and professional engineering training programs, and more generally help to realize the strategy. Interested participants are invited to send mail to cie@inl.gov – participants from both within and outside the USA are welcome.

Episode #100

Episode #100 was special in a couple of other ways as well. For example, we always ask our guests to introduce themselves, but our co-hosts never do the same. So Andrew did an introduction, and the mystery-man Nate Nelson, Andrew’s co-host introduced himself too as a freelance writer in the cybersecurity space. And we reminisced a bit about four years of episodes and what we’ve learned from them.

Previous episodes

Share

Stay up to date

Subscribe to our blog and receive insights straight to your inbox