Cyber-Informed Engineering (CIE) Practitioners’ Workshop

Cyber-Informed Engineering (CIE) Practitioners’ Workshop

CIE Practitioners’ Virtual Workshop
September 6, 2023 (
11:00 am – 5:00 pm ET)

The CIE Practitioners’ Workshop targets the engineers and practitioners who:

• Design, build, and operate energy systems and other critical industrial control systems;
• Develop cybersecurity and engineering standards; and
• Train and certify the next generation of ICS engineers.

CIE expands cyber “secure-by-design” concepts beyond the digital realm to the engineering of cyber-physical systems. CIE uses engineering expertise to evaluate and mitigate cyber risk early in the design stage, using engineering design and controls, not traditional cyber tools.

Implementing CIE requires a cultural shift for engineering and cybersecurity teams, and new approaches in research, design, operations, education, and standards. The CIE Practitioners’ Workshop invites all industry stakeholders to learn about CIE principles, how to build CIE-proficient teams, building the business case for CIE, addressing CIE in research and standards, and the specific issues engineers must address to incorporate CIE concepts into risk and liability assessments.

OPENING SESSION

KICKOFF AND KEYNOTE SPEAKERS (11:00 AM to 11:50 AM ET)

Welcome:
Dr. Stephanie Johnson, U.S. Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (DOE CESER)

Remarks:
Cheri Caddy, Deputy Assistant National Cyber Director, Office of the National Cyber Director

Senior Leader Panel:
Zachary Tudor, Associate Laboratory Director for National and Homeland Security, Idaho National Laboratory (INL) and
Juan Torres, Associate Laboratory Director of Energy Systems Integration, National Renewable Energy Laboratory (NREL)

Remarks:
Lauren Zabierek, U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (DHS CISA)

Overview of CIE Implementation Guide

CHOOSE A TRACK

TRACK ONE (12:00 PM TO 2:50 PM ET)

FANTASY CIE: DRAFTING A CIE DREAM TEAM

12:00 PM to 12:50 PM ET
What types of practitioners should be included in CIE processes? Who should be considered as stakeholders? How can a variety of voices be integrated to provide security insights through CIE process?
Speakers: Andrew Ohrt and Daniel Groves, West Yost


ENGAGING CYBERSECURITY IN ENGINEERING // ADDING A CONSEQUENCE-BASED PERSPECTIVE TO CYBERSECURITY

1:00 PM to 1:50 PM ET
How do engineers convey engineering consequence to a cyber team? How can an engineering team inform a tailored, consequence-based approach to cybersecurity?
Speakers: Tony Turner, OpsWright; Andrew Ginter, Waterfall Security


CIE ALIGNMENT WITH 62443

2:00 PM to 2:50 PM ET
The ISA 62443 standard provides a holistic framework for security in automation and industrial control systems. It also has alignment with several CIE principles. This presentation will address those points of alignment and how to incorporate CIE into 62443 practices.
Speaker: Dr. Sin Ming Loo, Boise State University

TRACK TWO (12:00 PM TO 2:50 PM ET)

MAKING THE CASE FOR CIE: GETTING EXECS ON BOARD

12:00 PM to 12:50 PM ET
How can teams interested in CIE make the benefits clear to executives? What messaging is needed to make the business case for CIE up the chain?
Speakers: James Goosby, Southern Company; David White, Axio; Anuj Sanghvi, NREL


CIE AND CULTURE

1:00 PM to 1:50 PM ET
Much of the practice of CIE aligns with a robust human performance culture. This talk will explain how to build and leverage human performance culture to aid in cybersecurity.
Speakers: Sam Chanoski, INL; Dr. Michael Legatt, Resilient Grid


ADDRESSING VULNERABILITIES EARLY: CIE FOR RESEARCH-STAGE TECHNOLOGY

2:00 PM to 2:50 PM ET
How can we identify high-impact consequences which could threaten a technology or system even at the research phase? How can we ensure that technology licensees and adopters benefit from security thinking throughout the research life cycle?
Speakers: Dr. Matt Luallen, UIUC; Dr. Greg Shannon, INL

Joint Session (3:00 PM to 5:00 PM ET)

THE DEVIL IN THE DETAILS – ADDRESSING THE RISK AND LIABILITY CHALLENGES IN IMPLEMENTING CYBER “SECURE-BY-DESIGN” PRINCIPLES WITHIN ENGINEERING PRACTICES (3:00 PM to 3:50 PM ET)

The need to incorporate “secure-by-design” principles in engineering practices has gained significant attention, driven by recent national-level policy initiatives such as the 2023 U.S. National Cybersecurity Strategy and the 2022 U.S. Department of Energy National CIE Strategy. While these strategies encourage robust cybersecurity integration throughout the device or system lifecycle, engineering firms face significant risk and liability challenges in implementing secure-by-design concepts into architecture design of critical infrastructure systems. This presentation explores the specific issues that engineering firms must address to successfully incorporate these principles into overall risk and liability assessments. Specifically, we will discuss steps CIE stakeholders can take to align secure-by-design concepts with a broader set of risk factors that asset owners and engineers should consider throughout the design, procurement, and construction processes.

Speakers: Victor Atkins and Sarah Cisper, 1898 & Co.

CIE IMPLEMENTATION GUIDE WALKTHROUGH AND Q&A SESSION (4:00 PM to 5:00 PM ET)

Authors of the newly developed CIE Implementation Guide will perform a detailed walkthrough of its contents and take questions and feedback from the audience. 4:00 PM 5:00 PM

Speakers: Ginger Wright and Jakob Meng, INL

Idaho National Laboratory logo INL

Jul 28, 2023

RECEIVE McCRARY CYBERSECURITY NEWS & INSIGHTS BY EMAIL

Interested in the latest cyber & critical infrastructure news? Subscribe today.

McCrary-Kink-bg-efefef
McCrary-Kink-bg-efefef2

Cyberspace Events

View our upcoming / previous cyber and critical infrastructure events here.

McCrary-Kink-bg-ccc

Trending Topics