To better protect critical infrastructure in the United States from cyberattacks, the Biden administration is calling on organizations to build defenses into the design of systems and not rely solely on IT protections. This article explains the concepts of “cyber-informed engineering” and illustrate them with examples from the water sector.
In its National Cybersecurity Strategy published on March 2, the Biden administration calls for major changes in how the United States prioritizes the security of software systems used in critical infrastructure. It acknowledges that the de facto approach — until now essentially “let the buyer beware” — leaves entities who are least able to assess or defend vulnerable software responsible for the impacts of designed-in weaknesses while the makers of the technology bear no liability. The strategy recommends a security-by-design approach that includes making software vendors liable for upholding a “duty of…
This article was written by Virginia Wright and originally published on hbr.org