Cybersecurity Center

Cyber Informed Engineering

Speaker: Virginia Wright
Host: Dr. Milos Manic
Date: September 29, 2023 | Noon–1 p.m.
Location: Engineering East Hall, Room E1232

Abstract: Cyber-Informed Engineering (CIE) expands cybersecurity decision-making into the engineering space, not by asking engineers to become cyber experts, but by calling on engineers to apply engineering tools and make engineering decisions that improve cybersecurity outcomes. CIE examines the engineering consequences that a sophisticated cyber attacker could achieve and drives engineering changes that may provide deterministic mitigations to limit or eliminate those consequences. CIE extends “secure-by-design” concepts beyond information technology (IT) and software engineering to include the engineering of cyber-physical systems. Secure-by-design approaches typically describe a shift in focus for software developers from finding and patching vulnerabilities to eliminating the design flaws in the software architecture that enable those vulnerabilities. CIE extends this concept beyond software design, introducing cybersecurity considerations that engineers can address at the earliest stages of system engineering, long before the incorporation of software and security controls. CIE is an initiative within the National Cybersecurity Implementation Plan and an important part of the Department of Energy Cybersecurity, The Energy Security and Emergency Response Office's (CESER) mission is to ensure secure and resilient energy for the nation.

Bio: Virginia “Ginger” Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL's implementation of the National Strategy for Cyber-Informed Engineering developed by the Department of Energy. Ms. Wright has led multiple cyber research programs at INL including DOE-CESER's Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) program, Software Bills of Material for the Energy Sector, critical infrastructure modeling and simulation, and nuclear cybersecurity.