Integrate input from multiple disciplines and operational departments (e.g., safety, quality, maintenance, chemical) to understand how digital misuse could affect their area of operations. This ensures engineers can adequately plan for risks introduced by system interdependencies that may be outside of the engineer’s traditional purview.
Maintain a complete and accurate digital asset inventory, enabling engineers to track hardware, firmware, and software over time, and actively analyze the vulnerabilities that may reside within them.
Cyber Secure Supply Chain Controls
Use procurement language and contract requirements to ensure that vendors, integrators, and third-party contractors deliver products that meet design specifications and adhere to organizational processes and controls that support cybersecurity
Planned Resilience with no Assumed Security
Expect that any digital component or system may be compromised at some point during its lifecycle, and plan for continued operation during and after a cyber attack that degrades digital controls. Implement a zero-trust architecture to the greatest degree possible.
Engineering Information Control
Protect sensitive engineering records—including requirements, specifications, designs, configurations, testing, etc.—that if released may provide attackers critical information that places those systems at greater risk.
Cybersecurity Culture
Build cybersecurity into the organizational culture by leveraging a crossfunctional and cross-disciplinary team to consider cyber-related concerns in the system design and implementation. Adopt continuous cybersecurity training across the organization to collectively empower all staff to participate in cybersecurity.