Since 18 of December 2019 uses Nucleus credentials. Visit our help pages for information on how to Register and Sign-in using Nucleus.
10-14 February 2020
Europe/Vienna timezone

Consequence-driven Cyber-Informed Engineering

Not scheduled
Interactive Content Presentation CC: Information and computer security considerations for nuclear security


Robert Anderson (Idaho National Laboratory)


Cyber Informed Engineering (CIE) was defined in IAEA CN-244-520 as the inclusion of the cyber-attack and defense perspective (cyber security aspects) into the engineering process. It is the process by which engineering personnel are made aware of how their current actions impact the processes by which they architect and design systems. Decisions do not always take into consideration the attack tactics, techniques and procedures currently in use by capable cyber-adversaries. Consequence analysis and associated engineering mitigations are some of the most important elements within the CIE framework. Ensuring the most critical functions are available to perform as designed, when called upon, is vital. Idaho National Laboratory (INL) has created an operational process for performing cyber-informed consequence analysis and engineering mitigations. Consequence-driven Cyber-informed Engineering (CCE) is a cyber defense concept that focuses on the highest consequence events from an engineering perspective so that resource-constrained organizations receive the greatest return on their security investments. The CCE process helps nuclear asset owners to: identify high-impact / high-consequence events that could result in interruption of critical functions, analyze the infrastructure which could be subverted to enable those events, and develop specific mitigations to avoid, or engineer out, these consequences. An operational approach to CCE is provided.

Gender Male
State United States

Primary authors

Robert Anderson (Idaho National Laboratory) Robert Smith (Idaho National Laboratory)

Presentation Materials