10th International Congress on Information and Communication Technology

Authors - Benjamin Lampe, Patience Yockey, Virginia Wright
Abstract - As devices and systems continue to modernize and adopt integrated circuits, the use of cyber technology to deploy an application is the expectation. This deployment through cyber assets brings new cyber-risk and cybersecurity is the practice of managing this risk. Cyber-risk is constantly changing due to the speed of technology advancement and the changing quality of the adversary. Cyber-Informed Engineering (CIE) mitigates cyber-risk through engineering controls whereas the traditional practice of cybersecurity mitigates cyber-risk through cybersecurity controls. By clearly defining the cyber-physical boundary, engineering controls and cybersecurity controls can clearly demonstrate their complementary nature to provide layered defenses and successfully mitigate cyber-risk through independent controls. In this paper, a layered model of device decomposition of the cyber-physical boundary is presented to provide clarity where engineering controls are used to reduce cyber-risk within the physics, functional materials, electronic, or integrated circuit layers and where cybersecurity controls are used to reduce cyber-risk within the machine code and application layers. By implementing both traditional cybersecurity controls and engineering controls, a more holistic approach to cybersecurity is achieved in protecting modern devices and systems, as well as a clear awareness in identifying, documenting, and authorizing the system’s cybersecurity protection scheme is achieved.