Engineering Cybersecurity into U.S. Critical Infrastructure

The Biden administration is calling on organizations to build defenses into system designs, rather than relying on IT protections alone.

by

and

Andy Bochman

by

and

Andy Bochman

April 17, 2023

Artur Debat/Getty Images

Summary.

To better protect critical infrastructure in the United States from cyberattacks, the Biden administration is calling on organizations to build defenses into the design of systems and not rely solely on IT protections. This article explains the concepts of “cyber-informed engineering” and illustrate them with examples from the water sector.

In its National Cybersecurity Strategy published on March 2, the Biden administration calls for major changes in how the United States prioritizes the security of software systems used in critical infrastructure. It acknowledges that the de facto approach — until now essentially “let the buyer beware” — leaves entities who are least able to assess or defend vulnerable software responsible for the impacts of designed-in weaknesses while the makers of the technology bear no liability. The strategy recommends a security-by-design approach that includes making software vendors liable for upholding a “duty of care” to consumers and for systems to be designed to “fail safely and recover quickly.”

New!

HBR Learning

Digital Intelligence Course

Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.

Excel in a world that's being continually transformed by technology.

Start Course

Learn More & See All Courses

Virginia Wright is the program manager for Cyber-Informed Engineering (CIE) at the Idaho National Laboratory (INL). She leads INL’s implementation of the National Strategy for Cyber-Informed Engineering developed by the U.D. Department of Energy.
Andrew Ohrt is the resilience practice area lead for West Yost Associates. He leads West Yost’s partnership with Idaho National Laboratory and the American Water Works Association to bring cyber-informed engineering to the water/wastewater sector.
Andy Bochman is senior grid strategist at the Idaho National Laboratory, where he provides strategic guidance to government and industry leaders on issues at the intersection of energy security and climate resilience.

New!

HBR Learning

Digital Intelligence Course

Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.

Excel in a world that's being continually transformed by technology.

Start Course

Learn More & See All Courses

Engineering Cybersecurity into U.S. Critical Infrastructure

Partner Center

Explore HBR

HBR Store

About HBR

Manage My Account

Follow HBR