Save the Date: Nexus Conference 2024: Sept. 10-12
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts

Nexus Podcast: Vergle Gipson on Cyber-Informed Engineering

Michael Mimoso
/
Sep 29, 2022

Cyber-informed engineering (CIE) is a concept wherein engineers are tasked with taking advantage of opportunities early within design lifecycles to address cybersecurity risks. The parallels to secure software development are obvious, and some of the challenges within both disciplines are eerily similar. 

Vergle Gipson, senior advisor at Idaho National Lab’s Cybercore Integration Center, discusses the concepts around cyber-informed engineering in this episode of the Aperture Podcast and why it’s important in improving the safety, availability, and resilience of operational technology systems. 

“Cyber-informed engineering is the beginning of what needs to be done to help engineers embrace that idea of cybersecurity as a fundamental part of engineering,” Gipson said. “That approach needs to be extended beyond engineers to the technicians and the operators of physical systems with digital automation.”

CIE was the centerpiece of a June report from the Department of Energy to reduce risk within energy-related critical infrastructure sectors, for example, by adopting a security-by-design approach within the sector. Secure these systems from their earliest stages rather than trying to retrofit security as a reactionary measure to an attack or enhanced risk, the report said. 

Gipson relayed this message last week to a House Homeland Security subcommittee on the need to secure industrial control systems from cyberattacks. 

“It seems that momentum is building for OT cybersecurity,” Gipson said. “There’s more buzz around the fact that OT cybersecurity is an issue for the nation. All those who can make a difference, including those in Congress, ought to be learning more and figuring out how they can contribute.”

Gipson also discussed a number of other important issues, including the cybersecurity maturity gap within OT compared to IT, the types of discussions decision makers and engineers are having inside OT-heavy environments about cybersecurity threats and risk management, and the role of organizations such as INL today and going forward.

"This move toward cyber-informed engineering and adoption of the principles of cyber-informed engineering, in my opinion, will likely do more to secure critical infrastructure and physical systems than anything we've done to date," Gipson said.

Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know

Get the Nexus Connect Newsletter

Share

LinkedIn Twitter Facebook Email

Featured Articles

Considerations for Medical Device Vulnerability Remediation Aim for a Sustainable Security Strategy that Brings Resilience

Featured Videos

Browse by Topics

Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust

You might also like…

Read more
Healthcare
Cyber Resilience
Vulnerability Management

Nexus Podcast: Greg Garcia on the Change Healthcare Cyberattack

Michael Mimoso
Researcher Ryan Pickren explains a new web-based attack against programmable logic controllers (PLCs) that uses malicious JavaScript to attack the front end of an embedded web server prevalent in modern PLCs.
Operational Technology
Vulnerability Management
Internet of Things

Nexus Podcast: Ryan Pickren on New Web-Based PLC Malware Research

Michael Mimoso
In this episode of the Claroty Nexus podcast, Hormel Foods CISO and Director of Security and Compliance Mike Rogers explains that CISOs should understand their level of exposure in the event of a cybersecurity incident and proactively seek personal liability protection.
Risk Management
Food & Beverage
Operational Resilience

Nexus Podcast: Mike Rogers on CISO Exposure During Incidents

Michael Mimoso
Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.
Internet of Things
Operational Technology
Vulnerability Management

Nexus Podcast: Team82 Answers More of your Cybersecurity Research Questions

Michael Mimoso
Juan Piacquadio, chief information officer of Phlow Corp., describes the innovative and competitive edge the implementation of Pharma 4.0 brings to the industry, and how to best secure it.
Healthcare
Risk Management
Internet of Things

Nexus Podcast: Juan Piacquadio on Securing Pharma 4.0

Michael Mimoso
Carrix security executive David Elfering joins the Nexus podcast to discuss cyber liability insurance, including whether carrier cybersecurity requirements align with risk reduction, some of the red flags that can imperil coverage or claims, and how cyber insurance providers are looking at geopolitical conflict.
Risk Management
Cybersecurity Insurance

Nexus Podcast: David Elfering on CISOs and Cyber Liability Insurance

Michael Mimoso
Claroty Team82 Director of Vulnerability Research Sharon Brizinov and Vulnerability Researcher Noam Moshe discuss their research process, the technical resources at their disposal, and the threat landscape.
Operational Technology
Vulnerability Management

Nexus Podcast: Team82 Answers Your Questions

Michael Mimoso
Mandiant and Google Cloud Head of Emerging Threats and Analytics Nathan Brubaker joins to discuss his team's findings and provide more context on the growing capabilities of Sandworm and its targeting of OT.
Operational Technology
Cyber Resilience

Nexus Podcast: Mandiant on Sandworm APT OT Attacks in Ukraine

Michael Mimoso
Cutaway Security's Don C. Weber joins the Claroty Nexus podcast to discuss ICS cybersecurity training from his experience as a SANS certified instructor and understanding of where automation organizations are struggling and succeeding with cybersecurity.
Cyber Resilience
Operational Technology

Nexus Podcast: Don Weber on Security Culture in Control Environments; STAR Methodology

Michael Mimoso
A new extension to the open source Caldera adversary emulation platform tailored for threats to operational technology (OT) called Caldera for OT features plugins for dnp, Modbus, and BACnet, three popular OT protocols that are prevalent in many commercial products regardless of industry.
Operational Technology
Federal

Nexus Podcast: MITRE on Caldera for OT

Michael Mimoso
Retired Pfizer chief information security officer Jim LaBonty describes the need for a specialized OT security stack that feeds into a converged IT SOC.
Healthcare
Operational Resilience
Cyber Resilience

Nexus Podcast: Jim LaBonty on Building an OT Security Stack

Michael Mimoso
Stephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, discusses the personal, criminal liability that can attach to individuals and executives during investigations, and offers some practical advice for CISOs.
Risk Management

Nexus Podcast: Protecting the CISO During Incident Investigations

Michael Mimoso

Latest on Nexus Podcast

See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
Healthcare
Cyber Resilience
Vulnerability Management

Nexus Podcast: Greg Garcia on the Change Healthcare Cyberattack
Researcher Ryan Pickren explains a new web-based attack against programmable logic controllers (PLCs) that uses malicious JavaScript to attack the front end of an embedded web server prevalent in modern PLCs.
Operational Technology
Vulnerability Management
Internet of Things

Nexus Podcast: Ryan Pickren on New Web-Based PLC Malware Research
In this episode of the Claroty Nexus podcast, Hormel Foods CISO and Director of Security and Compliance Mike Rogers explains that CISOs should understand their level of exposure in the event of a cybersecurity incident and proactively seek personal liability protection.
Risk Management
Food & Beverage
Operational Resilience

Nexus Podcast: Mike Rogers on CISO Exposure During Incidents