Auburn University: Cyber resilience integral for development of infrastructure, students
Early implementation within the design of infrastructure and education of tomorrow’s engineers is vital moving forward, a team of government and energy sector administrators said Tuesday during a special online roundtable, “Securing Energy: Cyber-Informed Engineering,” hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.
Moderated by McCrary Institute Director Frank Cilluffo, the roundtable discussed the merits and implementation of the National Cyber-Informed Engineering, or CIE, Strategy, released by the Department of Energy in June. The goal: integrate cyber resilience into the design, implementation, operation and maintenance of critical energy infrastructure.
The National CIE Strategy brings together a broad base of energy system developers, manufacturers, standards, organizations, academia, national laboratories and owners and operators of the infrastructure and calls for using design decisions and engineering controls to mitigate avenues for cyberattacks or reduce the consequences when an attack occurs.
“This is one of our priorities—to build in cybersecurity by design,” said Puesh Kumar, director of the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response, or CESER. “In everything we do, we must ensure that cybersecurity is just as core of a component in the energy sector as is reliability, safety and efficiency. But we need to drive this action moving forward. Now is the time to do it.”
Kumar was joined on the program by Steve Taylor, interim dean, Auburn University Samuel Ginn College of Engineering; Joyce Corell, senior technology advisor for the National Cyber Director; Zach Tudor, Idaho National Laboratory; Stan Connally, Southern Company; Cheri Caddy, Office of the National Cyber Director; Moe Khaleel, Oak Ridge National Laboratory; Don O’Sullivan, Los Alamos National Laboratory; Vayl Oxford, Savannah River National Laboratory; Jeff Baumgartner, Berkshire Hathaway Energy; Mark Bristow, MITRE; James Goosby, Southern Company; Marc Sachs, McCrary Institute; Nic Seeley, Schweitzer Engineering Laboratories; and Auburn University President Christopher B. Roberts, who presented opening remarks.
Panelists examined cybersecurity gaps in today’s approaches to engineering operations, explored the challenges critical infrastructure sectors face in securing complex operational technology from sophisticated cyber threats and discussed how adopting the CIE can help manage cyber risk as the grid evolves.
“These issues are front and center right now,” Cilluffo said. “Things that we thought about but didn’t have to worry about. The reality is, we see how fragile some of these single point failures can be within critical infrastructure. It’s really important to start thinking about that before it’s too late.”
Charles McCrary, former president and CEO of the Alabama Power Company and namesake of the McCrary Institute, reiterated the cyber workforce deficit was estimated at 700,000.
“Cyber is, and will continue to be, involved in everything we do,” he said, evoking a call to action.
“We’ve got to make sure that they’re aware of the cyber issues and at least know the questions to ask,” McCrary said, while making the event’s closing remarks. “From an institutional standpoint, the goal is to prepare the faculty and the students as they enter new research opportunities or new career fields, to prepare them to succeed. I think it’s up to Auburn, the government, other institutions and business to own that challenge. Bringing people together, educators and innovators with others and the frontline operators—that’s the path forward.”
Marc Sachs, director for research at the McCrary Institute, believes engineers with cyber disciplines will be necessary.
“As the years unfold, principles and practices will begin to embrace cyber as one of the disciplines inside engineering,” he said. “We will be looking to see, are [future engineers] competent in cyber? Are they able to take that on as part of the discipline of engineering? We’re not ready for that right now, but we’re going to get to a point in the next 10 years or so where we will be. That’s an important role for us in colleges and universities begin to prepare these engineers for that, and work in partnership with manufacturers and owner/operators, and others, who will take these graduates to make sure that we are indeed preparing them. Not just to get the license, but to practically apply these skills.”
Taylor said it isn’t unreasonable to expect curriculum modifications with a cyber-related twist.
“The idea to start students early and begin that understanding of cyber as a freshman, repeat those topics throughout the curriculum and potentially even offer accelerated bachelor’s, master’s types of programs are some ideas we’ve talked about so far,” he said. “But to change an organization and multiple academic programs will be challenging. We’re able to reach freshman engineering students when they come in the door. We put them into design experiences very early on. There’s an opportunity as freshmen to begin to socialize the concept that, ‘Hey, it’s not just the traditional engineering constraints that we’ve always responded to, there are others,’ and cyber is an additional one of those.
“If you’re a mechanical engineer, electrical engineer, aerospace engineer, yes, there is not a lot of room to add new computer science courses, but there should be places where you can incorporate additional cybersecurity topics in some of the programming courses or control system courses they take.”
Cilluffo noted the best defense against cyber threat is a forward-thinking, proactive offense. This involves many facets of society, from government to the private sector, to power grids, to the classrooms.
“The reality is, if you want to predict the future, you shape it,” he said. “This is a cultural thing. It’s a technology thing. It’s an educational thing. But, in the end, it’s really a people thing.”