-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
712b93e
commit cccf9c9
Showing
1 changed file
with
3 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
# CIE | ||
# CSET-CIE | ||
|
||
This CIE Analysis tool within CSET translates the questions in the CIE Implementation Guide into an interactive tool that allows users to conduct an analysis of their CIE implementation for an individual system, process, project, or organization. Unlike an evaluation or assessment, this analysis does not result in a score. Rather, it offers a tool for users to consider the questions with their teams, record and track responses, and ultimately conduct the level of analysis needed to effectively implement CIE. This Implementation Guide describes the principles of Cyber-Informed Engineering (CIE) and outlines questions that engineering teams should consider during each phase of a system’s lifecycle to effectively employ these principles. It describes what it means to engineer systems in a cyber-informed way, rather than offering a comprehensive, step-by-step process or procedure for CIE implementation. The CIE Analysis tool complements—but does not replace—the application of cybersecurity standards or practices currently in place within an organization. Engineers and technicians that design critical energy infrastructure installations can use this tool to integrate the 12 principles of CIE into each phase of the engineering lifecycle, from concept to retirement. The tool is aimed at system or design engineers, rather than software engineers or operational cybersecurity practitioners. The engineers who design, build, operate, and maintain the physical infrastructure are best positioned to leverage a system’s engineering design to diminish the severity of cyber-attacks or digital technology failures. CIE expands cybersecurity decisions into the engineering space, not by asking engineers to become cyber experts, but by calling on engineers to apply engineering tools and make engineering decisions that improve cybersecurity outcomes. CIE examines the engineering consequences that a sophisticated cyber attacker could achieve and drives engineering changes that may provide deterministic mitigations to limit or eliminate those consequences. |