Keynote: Critical Consequences – Rethinking the Cyber Protection of Critical Infrastructure

(Slides)

The National Institute of Science and Technology has a number of definitions for cybersecurity, drawn from their many standards to guide the practice of cybersecurity. However, all of these definitions focus on the protection of the information in computer systems from attack leveraging the CIA triad of confidentiality, integrity, and availability. In some cases, they also add authentication and non- repudiation. These definitions are appropriate for data processing systems including those used in critical infrastructure sectors like government 2 , financial services, communications, or information technology, where data and changes made to it are the central asset for the sector’s processes.
 

However, in most critical infrastructure sectors, the operational technology used in industrial processes controls the physical environment, whether that is an energy generation plant, a manufacturing floor, or a nuclear reactor. Here, the processes need to be protected from the impacts of cyber-attack and the information within the process is only one mechanism for doing so. Designing-in cybersecurity for these critical systems requires incorporation of protections which are both physical and digital to ensure that both the data and the physical process are protected from attack.
 

This talk will discuss an approach for engineering-in protections to critical infrastructure from cyber- attack called Cyber-Informed Engineering and the research which inspired this approach. It will offer alternative perspectives on what effective cyber defense means for cyber-physical systems, and inform approaches to resilience planning and effectiveness testing for cyber defense.
 

Speaker bio: Virginia “Ginger” Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL’s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.