**5. Discussion**

Applying the CIE approach throughout the entire systems engineering lifecycle, from design and testing to maintenance and decommissioning, provides enhanced capabilities for cyber protection, detection, and response. **Figure 11** is a notional diagram summarizing potential usage of CIE principles throughout the lifecycle. The primary objective of CIE is to ensure engineers and stakeholders consider CIE principles during each activity within every stage of the lifecycle. Continual cyber risk analysis ensures that new or updated consequences, threats, and vulnerabilities are quickly identified. CIE design principles ensure that approaches to address and reduce the identified cyber risk are considered to the greatest extent possible. And, finally, CIE organizational principles provide long-term cyber risk reduction benefits by holistically integrating cyber considerations throughout the facility and organization.

Since nuclear engineering projects differ in scope, it is impractical to define a standard level of effort for all CIE principles across each stage. For instance, the design and construction of an advanced reactor will likely have a very long timeline

**Figure 11.** *Notional usage of CIE principles throughout the systems engineering lifecycle.*

*Cyber-Informed Engineering for Nuclear Reactor Digital Instrumentation and Control DOI: http://dx.doi.org/10.5772/intechopen.101807*

and involve multiple organizations, while a simple modification at a research reactor may occur relatively quickly and include only a small group of people. As an applied integrated energy system example, the CIE approach was used during the high-level design of a hydrogen generation project in which heat and electricity were provided by an interconnected NPP [35]. The use of a multi-disciplinary team to address system of system interdependencies through a structured risk analysis process resulted in new insights into the potential for both adversarial and unintentional cyber risks. As a result, the system was immediately redesigned to eliminate specific identified risk as well as to incorporate more simplified and resilient design features [35].
