Want to learn more about CIE?
Cyber-Informed Engineering (CIE) is an emerging method to integrate cybersecurity considerations into the conception, design, development, and operation of any physical system, energy or otherwise, to mitigate or even eliminate avenues for cyber-enabled attacks. CIE concepts use design decisions and engineering controls to prioritize defense against the worst possible consequences of cyberattacks facing critical infrastructure systems and asset owners.
By extending traditional engineering education to include defense against cybersecurity vulnerabilities, CIE expands and strengthens the workforce that can protect critical infrastructure from cyberattacks to include engineers. It offers these professionals the opportunity to “engineer out” cyber risks from the earliest possible phase of design, the optimal time to introduce both low-cost and effective cybersecurity approaches.
The U.S. Department of Energy (DOE) released the Congressionally-directed National Cyber-Informed Engineering Strategy in 2022. It outlines the core CIE concepts that place cybersecurity considerations at the foundation of engineering and energy systems design. The strategy is built on five integrated pillars – Awareness, Education, Development, Current Infrastructure, and Future Infrastructure – and offers recommendations to incorporate CIE as a common practice for control system engineers. In March 2023, the Biden-Harris Administration’s National Cybersecurity Strategy called for a large-scale shift to secure-by-design approaches for the digital ecosystem that underpins all U.S. critical infrastructure systems.
This collaboration led to the release of two resources that support energy partners at the forefront of implementing CIE across the sector:
- CIE Resource Library: The CIE Resource Library consists of tools, case studies, and lessons which will continue to support designers, manufacturers, and asset owners and operators in applying CIE principles. CESER also cataloged DOE-led CIE research spanning a decade, including work from a variety of sources and applications of CIE. As future research on CIE is produced, this library will highlight advanced implementation insights and lessons learned.
- CIE Implementation Guide: The CIE Implementation Guide outlines questions engineering teams should consider during each phase of a system’s lifecycle to employ CIE principles. The guide is geared toward supporting engineers who design, build, operate, and maintain the physical infrastructure; they are best positioned to leverage CIE to diminish the severity of cyber attacks or digital technology failures during the system’s engineering design.
CIE Learning Opportunities
CIE has many possible applications in the energy sector and beyond. CESER and our partners are committed to providing regular opportunities for audiences to learn more about the concepts, tools, case studies, and more to help you implement CIE in your field.
Find upcoming and recorded CIE learning opportunities here.
Helpful Resources from our Partners
Idaho National Laboratory
National Renewable Energy Laboratory
Securing Energy Infrastructure Executive Task Force
