On this week’s episode of Reimagining Cyber, Stan Wisseman and Rob Aragao chatted with Ginger Wright. Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s (INL) Cybercore division within its National and Homeland Security directorate. Some of Wright’s recent research areas include supply chains for operational technology components, incident response, critical infrastructure modeling and simulation, and nuclear cybersecurity. Cyber-Informed Engineering, CyTRICS, and OT Defender Fellowships were a few of the topics discussed in this episode.
Wright’s current focus is on the idea of Cyber-Informed Engineering. Our infrastructure for energy applications is currently being designed by engineers with a degree in electrical engineering, mechanical engineering, or other engineering expertise. Once the designing and building of the systems are finished, a cybersecurity expert applies defensive technologies designed to keep adversaries away from those technologies and designed to protect the systems from weaknesses in individual components. Wright points out, though, that it would be even better if the engineers designing these applications understood the possible ways that the systems could fail and created the engineering to protect those systems as part of the initial system design. Wright even states, “engineers understand materials that they build with, they understand wood, they understand concrete…but they don’t often get taught to think about digital systems in the same way they think about materials, that these systems have stress points and failure points.” Wright and the INL are working with universities to create engineering curricula that include information about cybersecurity technology. This new curriculum will allow engineering students to become more equipped with the threats occurring to all infrastructure forms. Implementing cybersecurity protection from the initial stages of design will only improve our systems and infrastructure in the end.
When Wright isn’t focused on Cyber-Informed Engineering, she focuses on CyTRICS, cyber testing for resilient industrial control systems. Wright and the INL are in a partnership with six national laboratories and three vendors to add more focus on testing the archived security for critical energy sector systems. These vendors are allowing the national labs to go in and perform very couture vulnerability testing to see if there are any places where mistakes or intersections of technology that have occurred. The national labs find these vulnerabilities, report them back to the vendors, and allow them to go in and mitigate them. CyTRICS then keeps an inventory of those sub-component lists so they can do later analysis to help prevent other vulnerabilities.
Wright also discussed the OT Defender Fellowship during the episode. National laboratories can have close relationships with federal government partners and asset owners. Wright has been able to leverage these relationships to bring both sides closer, and the Department of Energy developed a program called Operational Technology Defender Program. This program gathers operational technology experts focused on cybersecurity and critical infrastructures for a year to engage on various vital energy sector topics. During the fellowship, they will receive briefings from government representatives on core new programs, sessions in Washington, D.C., visits to the FBI and the Department of Homeland Security, and be able to partner and collaborate with the Department of Energy truly. Wright comments, “These fellows become a group of core advisors for [the] Department of Energy cybersecurity research in the future.” To learn more, check out The Operational Technology (OT) Defender Fellowship website.
To learn more about Ginger Wright and the topics discussed in this episode, take a look at Reimagining Cyber’s episode: “Energizing Cybersecurity: National Lab Perspective.”