Identify cybersecurity considerations throughout the stages in the engineering design process.

Identification should include a review of the engineering design process, particularly the following stages:

• Identify the requirement and constraints of the design problem, including cybersecurity considerations.
• Evaluate the requirements and constraints of each solution to the design problem, including cybersecurity considerations.
• Justify an optimal solution to the design problem, including cybersecurity considerations.
• Determine the objectives for an engineering test of the solution to the design problem, including cybersecurity considerations.
• Test the solution to the design problem, using mathematical, conceptual, and/or physical modeling, simulating, and optimizing (including cybersecurity considerations).
• Evaluate the test results, including cybersecurity considerations.

Identification includes cybersecurity considerations such as the following:

• Security requirements
• Threat modeling
• Source code review
• Security testing
• Incident response

Teacher Resource: Layered Blueprints: A Method for Engineering OT Security (video), Sarah Fluchs, Security Consultant, Admeritia (https://youtu.be/bBjMZnoSYUs Links to an external site.) 

Process/Skill Questions:

• What’s the earliest stage during which one can perform threat modeling?
• Why is threat modeling important?
• Why is security testing important?