New DOE CIE Strategy builds cybersecurity practices into design life cycle of engineered systems

New DOE CIE Strategy builds cybersecurity practices into design life cycle of engineered systems

The U.S. Department of Energy (DOE) released the National Cyber-Informed Engineering (CIE) Strategy this week, which looks at guiding the efforts of the energy sector to incorporate cybersecurity practices into the design life cycle of engineered systems to reduce cyber risk. The CIE Strategy is a shift away from the prevailing structure, where the cybersecurity for most critical infrastructure control systems is addressed separately from system design and engineering. This gap has resulted in an expanding list of additive security technologies that are introduced after the fact to mitigate cyber vulnerabilities.

Conforming with congressional direction, the Office of Cybersecurity, Energy Security, and Emergency Response (CESER)-led Securing Energy Infrastructure Executive Task Force (SEI ETF) developed the National CIE Strategy, building on foundational work developed at Idaho National Laboratory. The strategy concentrates on enabling the energy sector to lead the nation in incorporating CIE into the design and operation of infrastructure systems that rely on digital monitoring or controls. 

CIE is an emerging method to integrate cybersecurity considerations into the conception, design, development, and operation of any physical system with digital connectivity, monitoring, or control. CIE approaches use design decisions and engineering controls to mitigate or even eliminate avenues for cyber-enabled attacks or reduce the consequences of an attack.

The National CIE Strategy is built on five integrated pillars that offer a set of recommendations to incorporate CIE as a common practice across the energy sector. These parameters include awareness to promulgate a universal and shared understanding of CIE; education to embed CIE into formal education, training, and credentials; and development to build the body of knowledge by which CIE is applied to specific recommendations. It also considers current infrastructure that applies CIE principles to existing systematically, important critical infrastructure, and future infrastructure that conducts R&D and develops an industrial base to build CIE into new infrastructure systems and emerging technology. 

Together, these approaches provide the body of knowledge, the diverse and expanded workforce, and the engineering and manufacturing capacity to apply CIE to existing energy infrastructure and engineer future energy systems to eliminate or reduce the ability of a cyber-enabled attack to succeed.

Key considerations for the CIE Strategy implementation are grouped into Design and Organizational principles. The design and operational principles include consequence-focused design, engineered controls, secure information architecture, design simplification, resilient layered defenses, and active defense. The organizational principles cover interdependency evaluation, digital asset awareness, cyber-secure supply chain controls, planned resilience with no assumed security, engineering information control, and cybersecurity culture.

CIE guides an engineering team to consider and mitigate the potential for cyber compromise throughout the engineering design lifecycle, leveraging engineering solutions to limit the pathways for cyber sabotage, exploitation, theft, and misuse within the system. In a fully mature CIE design, requirements would be developed to describe expectations for how the system would function and specific high-consequence cyber impacts that must be prevented within the system design. 

During the design process, the team would make affirmative decisions about how to accomplish those requirements best, whether by enacting manual engineering controls, limiting digital functionality, employing operational cybersecurity solutions, enacting monitoring schemes, or combining all the above. As a result, a future cyber compromise risk would be tracked and diminished as a fundamental engineering risk.

The National CIE Strategy embraces ‘secure by design’ and ‘zero trust’ software security strategies and expands these concepts beyond software engineering to the engineering of cyber-physical systems. The secure-by-design software development shifts the security focus from finding and patching vulnerabilities to eliminating design flaws in the architecture of a software system. Additionally, the strategy expands to build secure architectures into physical infrastructure systems with digital access or control. 

A zero-trust architecture removes any implicit trust from devices or user accounts, moving away from the concept of a security perimeter that keeps attackers out. The CIE Strategy embodies this approach by assuming that compromise is likely and deploying resilient layered defenses that minimize possible consequences when an asset or credential is compromised. 

While the National CIE Strategy has been developed for the energy sector, it can serve as a leverageable model for other critical infrastructure sectors to adopt and incorporate CIE into industry practices. CIE concepts and strategies include foundational engineering principles that apply to all types of engineering for critical infrastructure. Embedding CIE methods into the education and credentials of the nation’s next generation of engineers and industrial control system (ICS) technicians will create a cyber-aware workforce that can design and manufacture resilient infrastructure systems across sectors. 

The National CIE Strategy follows a similar move by the U.S. Department of Health & Human Services (HHS) Food and Drug Administration (FDA) agency, which announced draft guidance availability in April. The document provides recommendations to the healthcare industry regarding cybersecurity device design, labeling, and the documentation that the agency recommends to be included in premarket submissions for devices with cybersecurity risks. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.

Last week, the CESER announced a highly-selective education program called the Operational Technology (OT) Defender Fellowship. The program gives middle- and senior-level OT security managers in the energy sector an opportunity to learn about the strategies used to target U.S. energy infrastructure and the cybersecurity tools and tactics the federal government uses to counter them.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related