Article

Cyber-Informed Engineering: Priorities for Building Resilient Infrastructure

Critical infrastructure in the United States is increasingly digital, interconnected and exposed to cyberthreats. Energy systems, water utilities and transportation networks all now rely to some degree on industrial control systems and other digital assets that adversaries have proven they can target and disrupt at a time of their choosing. Traditional cybersecurity practices, often added late in the design or operations and maintenance process, are not sufficient to protect against these risks.


For outages and disruptions in critical infrastructure sectors that could endanger public health and safety, the environment or national security, Cyber-Informed Engineering (CIE) offers a practical approach. CIE integrates cyber risk considerations directly into engineering decisions. It guides and empowers engineers and operators to reduce consequences, simplify designs and build resilience from the start. The CIE methodology reflects the U.S. Department of Energy’s (DOE) National CIE Strategy, which calls for building cyber resilience into the engineering of critical infrastructure as a new standard of care.

While the DOE identifies 12 principles of CIE, not every organization can take them all on at once. For organizations beginning a CIE journey, 1898 & Co. prioritizes six areas of focus that provide starting points with the greatest potential impact. 

Six Priority Principles

1. Consequence-Focused Design

Ask: What functions or processes must never fail, and what consequences exceed our organizational risk tolerance?
CIE begins by identifying the critical functions that, if lost or manipulated, could cause unacceptable outcomes. These might include safety hazards, equipment damage, environmental harm or broad service outages. Once high-consequence scenarios are identified and prioritized, risk reduction and mitigation efforts can be directed where they are most impactful.

2. Engineered Controls

Ask: What design choices can reduce or remove cyber risk?
Digital controls create risk when serving as the only means of protection. With cyber risks in mind, engineers can introduce layered protections, such as combining digital with physical or hardwired controls, to eliminate single points of failure and close off exploitable pathways. These controls must be tailored to specific environments, but some examples include backup mechanical interlocks, pressure relief valves and local manual overrides.

3. Design Simplification

Ask: What unnecessary digital or cyber-enabled complexity can be removed?
Complex systems often contain features that provide little operational value but expand opportunities for misuse. Reducing nonessential digital functions, disabling default settings, and eliminating redundant or poorly configured network interfaces simplifies operations and reduces attack surfaces. A leaner design is not only easier to defend and operate but may also reduce costs.

4. Digital Asset Awareness

Ask: Do we know every device, what it does and its vulnerabilities?
Without a complete inventory of digital assets, an organization’s staff cannot fully understand the assets’ risk profile. Asset awareness requires knowing the hardware, firmware and software in use, vulnerabilities, and the roles in operations. With effective asset tracking in place, organizations can address weaknesses, detect anomalous or unexpected behaviors and mitigate risks before escalation into unsafe conditions.

5. Planned Resilience

Ask: How will the system keep running safely even if compromised?
No digital asset is invulnerable. Planned resilience requires designing for safe failure modes, operating in a degraded state and recovering quickly after an incident. This includes workarounds that do not depend on compromised digital assets, as well as having spare components in reserve, well-documented recovery procedures and regular training exercises. The measure of sound resilience is the ability to avoid catastrophic outcomes and return to safe operations quickly.

6. Organizational Culture

Ask: How do we encourage leaders and staff to make resilience part of daily decisions?
CIE is not only about technology. The most challenging step is often securing buy-in across the enterprise. Executives must require cyber risk to be managed alongside safety, reliability and cost. Procurement officials need to consider cyber and supply chain risk when evaluating vendors. Engineers and operators must be trained and supported to recognize risks and act effectively. Without cultural alignment, technical CIE measures will not be sustained. 

Getting Started With CIE

For organizations beginning a CIE journey, focusing on these six principles provides a clear and practical path forward. Together they create a foundation for safer, more resilient operations:

  • Identify and prioritize high-consequence events.
  • Engineer out unnecessary risks in digital controls.
  • Simplify designs to reduce complexity.
  • Maintain visibility into digital assets.
  • Plan for resilience and recovery.
  • Build a culture where leadership and staff integrate cyber risk into daily decisions.

As contributors to the National CIE Strategy, the CIE Implementation Guide, and as leaders in industry efforts to adopt CIE into cybersecurity and risk programs 1898 & Co. partners with asset owners to apply these principles in practice. By starting with the highest-priority measures, organizations can reduce cyber risk, strengthen resilience and advance national goals for critical infrastructure security.

CIE is not more cybersecurity. It is an engineering approach that anticipates consequences and maintains resilience. 


Author

Victor Atkins

Director, Industrial Cybersecurity