**4.2 CIE overview**

CIE is a multidisciplinary approach that advocates the use of CIE principles in each of the systems engineering lifecycle stages to ensure that cyber considerations are included in every aspect of design, testing, implementation, operation, maintenance, and disposal or decommissioning [36]. CIE is fundamentally a cyber risk management tool that complements existing OT cybersecurity risk standards and guidelines by incorporating engineering solutions along with ICT and OT cyber solutions to minimize risks from malicious and unintentional cyber incidents. Considering cyber risk and cyber risk treatments early and often throughout the lifecycle provides simpler, more secure solutions at lower cost, precluding the need to use ineffective, bolt-on solutions during later lifecycle stages.

As shown in **Figure 7**, the primary CIE principle that encompasses the entire CIE methodology is cyber risk analysis. The remaining CIE principles are divided into two categories: design principles and organizational principles. The CIE design principles are fundamental engineering design practices and techniques that build cybersecurity and cyber-resilience into DI&C early in the systems engineering lifecycle and then continue to ensure cyber-awareness is maintained throughout the remaining stages. This secure-by-design approach is more effective and less expensive than bolting on security controls after installation as the design can be influenced by factors that improve the ease, simplicity, and effectiveness of cyber considerations without impacting the performance of the intended system function.

Cyber risk is also reduced by instilling cyber-awareness at organizational- or facility-level functions. CIE organizational principles are fundamental cyber practices that enable holistic integration of cyber considerations into other programs within the facility, such as asset inventory, supply chain, response planning, and training.

**Figure 6.** *Systems engineering V-model [35].*

*Cyber-Informed Engineering for Nuclear Reactor Digital Instrumentation and Control DOI: http://dx.doi.org/10.5772/intechopen.101807*
