Welcome:
Dr. Stephanie Johnson, U.S. Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (DOE CESER)

Remarks:
Cheri Caddy, Deputy Assistant National Cyber Director, Office of the National Cyber Director

Senior Leader Panel:
Zachary Tudor, Associate Laboratory Director for National and Homeland Security, Idaho National Laboratory (INL) and
Juan Torres, Associate Laboratory Director of Energy Systems Integration, National Renewable Energy Laboratory (NREL)

Remarks:
Lauren Zabierek, U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (DHS CISA)

Overview of CIE Implementation Guide

FANTASY CIE: DRAFTING A CIE DREAM TEAM

12:00 PM to 12:50 PM ET
What types of practitioners should be included in CIE processes? Who should be considered as stakeholders? How can a variety of voices be integrated to provide security insights through CIE process?
Speakers: Andrew Ohrt and Daniel Groves, West Yost

ENGAGING CYBERSECURITY IN ENGINEERING // ADDING A CONSEQUENCE-BASED PERSPECTIVE TO CYBERSECURITY

1:00 PM to 1:50 PM ET
How do engineers convey engineering consequence to a cyber team? How can an engineering team inform a tailored, consequence-based approach to cybersecurity?
Speakers: Tony Turner, OpsWright; Andrew Ginter, Waterfall Security

CIE ALIGNMENT WITH 62443

2:00 PM to 2:50 PM ET
The ISA 62443 standard provides a holistic framework for security in automation and industrial control systems. It also has alignment with several CIE principles. This presentation will address those points of alignment and how to incorporate CIE into 62443 practices.
Speaker: Dr. Sin Ming Loo, Boise State University

MAKING THE CASE FOR CIE: GETTING EXECS ON BOARD

12:00 PM to 12:50 PM ET
How can teams interested in CIE make the benefits clear to executives? What messaging is needed to make the business case for CIE up the chain?
Speakers: James Goosby, Southern Company; David White, Axio; Anuj Sanghvi, NREL

CIE AND CULTURE

1:00 PM to 1:50 PM ET
Much of the practice of CIE aligns with a robust human performance culture. This talk will explain how to build and leverage human performance culture to aid in cybersecurity.
Speakers: Sam Chanoski, INL; Dr. Michael Legatt, Resilient Grid

ADDRESSING VULNERABILITIES EARLY: CIE FOR RESEARCH-STAGE TECHNOLOGY

2:00 PM to 2:50 PM ET
How can we identify high-impact consequences which could threaten a technology or system even at the research phase? How can we ensure that technology licensees and adopters benefit from security thinking throughout the research life cycle?
Speakers: Dr. Matt Luallen, UIUC; Dr. Greg Shannon, INL

The need to incorporate “secure-by-design” principles in engineering practices has gained significant attention, driven by recent national-level policy initiatives such as the 2023 U.S. National Cybersecurity Strategy and the 2022 U.S. Department of Energy National CIE Strategy. While these strategies encourage robust cybersecurity integration throughout the device or system lifecycle, engineering firms face significant risk and liability challenges in implementing secure-by-design concepts into architecture design of critical infrastructure systems. This presentation explores the specific issues that engineering firms must address to successfully incorporate these principles into overall risk and liability assessments. Specifically, we will discuss steps CIE stakeholders can take to align secure-by-design concepts with a broader set of risk factors that asset owners and engineers should consider throughout the design, procurement, and construction processes.

Speakers: Victor Atkins and Sarah Cisper, 1898 & Co.

Authors of the newly developed CIE Implementation Guide will perform a detailed walkthrough of its contents and take questions and feedback from the audience. 4:00 PM 5:00 PM

Speakers: Ginger Wright and Jakob Meng, INL