The National Institute of Science and Technology has a number of definitions for cybersecurity, drawn
from their many standards to guide the practice of cybersecurity. However, all of these definitions focus
on the protection of the information in computer systems from attack leveraging the CIA triad of
confidentiality, integrity, and availability. In some cases, they also add authentication and non-
repudiation. These definitions are appropriate for data processing systems including those used in
critical infrastructure sectors like government 2 , financial services, communications, or information
technology, where data and changes made to it are the central asset for the sector’s processes.
However, in most critical infrastructure sectors, the operational technology used in industrial processes
controls the physical environment, whether that is an energy generation plant, a manufacturing floor, or
a nuclear reactor. Here, the processes need to be protected from the impacts of cyber-attack and the
information within the process is only one mechanism for doing so. Designing-in cybersecurity for these
critical systems requires incorporation of protections which are both physical and digital to ensure that
both the data and the physical process are protected from attack.
This talk will discuss an approach for engineering-in protections to critical infrastructure from cyber-
attack called Cyber-Informed Engineering and the research which inspired this approach. It will offer
alternative perspectives on what effective cyber defense means for cyber-physical systems, and inform
approaches to resilience planning and effectiveness testing for cyber defense.
Speaker bio: Virginia “Ginger” Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL’s implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity. Ms. Wright has a Bachelor of Science in Information Systems/Operations Management from the University of North Carolina at Greensboro.
|Sponsored by||In cooperation with|