Engineering Without Cyber Awareness Creates Safety Risks We Can’t Afford

Excerpt

Engineers have a formal code of ethics, as outlined by NSPE, to “hold paramount the safety, health, and welfare of the public.” In today’s digitally connected world, engineers must consider an expanded risk landscape that goes beyond traditional physical vulnerabilities. However, colleges and universities are failing to provide the next generation of engineers with the training they need to address threats targeting connected systems. They need “Cyber-Informed Engineering” (CIE).

Malicious actors have repeatedly demonstrated that they can use cyber means to cause dangerous effects in the real world. In 2017, the Triton malware targeted the safety instrumented systems of a petrochemical plant in Saudi Arabia, disabling the very mechanisms designed to prevent catastrophic accidents. Had operators not intervened in time to manually restore the systems, an explosion or toxic chemical release could have put thousands of lives and surrounding communities at risk.

Georgianna Shea is the Chief Technologist of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where Elaine Ly is an intern.