Helping Strengthen America’s Critical Infrastructure

More Than Data
Cole’s partnership with INL highlights a crucial aspect of cybersecurity that is often overlooked. When people think of cybersecurity, they tend to focus on digitized data protection. However, critical infrastructure cybersecurity, also known as operational technology cybersecurity, encompasses much more. It involves safeguarding the industrial control systems that manage critical assets like utilities, communications technology and transportation. Protecting these systems, especially their critical functions, is vital for maintaining many of the services consumers use daily and take for granted, making infrastructure cybersecurity an indispensable aspect of our modern world.

“The main approach we have now is what I would call traditional information technology cybersecurity, and the fact of the matter is there’s lots of operational technology,” Cole said. “The computers and devices that run our machines are a whole different class of thing. It’s more than just securing data: it’s securing physical devices and machines.”

A Novel Approach
Cole’s partnership with INL allowed him to collaborate with the team behind Cyber-Informed Engineering (CIE), a methodology developed at INL that integrates cybersecurity considerations into the design and operation of critical infrastructure systems.

By embedding cybersecurity principles into systems from the outset, CIE aims to “engineer out” potential cyber risks, enhancing the resilience and security of essential services. This proactive approach addresses vulnerabilities inherent in digital technologies, ensuring systems remain robust against cyber threats throughout their life cycle.

“I think (CIE) can have a huge impact in terms of how we can improve OT security and industrial control systems,” Cole said.

CIE is particularly critical for power systems, where disruptions can lead to significant economic impact and even loss of life. With industrial control systems increasingly relying on digital technologies, cybersecurity must be integrated into the entire life cycle of critical infrastructure.

One way Cole supported CIE was by expanding on INL’s formal methods research. Formal methods are techniques that use mathematical models to test complex systems. This approach enhances a system’s reliability beyond traditional testing. Formal methods are gaining traction in safety-critical systems because their rigor and precision help identify exploitable weaknesses and vulnerabilities before they can cause harm.

During his sabbatical, Cole worked with INL experts to enhance his understanding of CIE and formal methods, and how to leverage both to protect critical infrastructure. He also continued mentoring students, some already involved with INL and others from different universities as well. This included Robert Lois, a Pitt graduate student who had been working with INL on a Laboratory Directed Research and Development (LDRD) project.

LDRD is a vital program that enables INL to support potentially high-value research and development projects. These projects foster creativity and stimulate the exploration of new scientific and technological frontiers, often leading to novel solutions to complex problems. In Cole’s case, collaborating with Lois and others on an LDRD project had additional benefits. By expanding formal methods research, Cole gained deeper insights. He now has students working on formal methods projects that he can expertly guide.

Future Impact
Partnering with INL allowed Cole to integrate CIE cybersecurity practices into his work, enhancing his expertise and helping him teach the resilience of industrial control systems to a new generation of experts. The resulting impact will be a generation of engineers who are better equipped to defend against threats to our nation’s critical infrastructure. This impact is not lost on Cole, who expressed deep appreciation for the freedom INL provided him to explore new avenues of research. It allowed Cole to carry knowledge and ideas back to the University of Pittsburgh and it also enriched INL by introducing fresh perspectives.

The experience will lead to impactful research and potentially new collaborative projects, Cole said, highlighting the broader influence of his time at INL. He said his sabbatical provided value that extends beyond immediate program objectives and contributes to further advancements in science and technology.

“My collaboration with INL was invaluable for two reasons,” Cole said. “It enriched INL’s research by introducing outside viewpoints to what they’re already doing, and it also allowed me to bring cutting-edge knowledge back to my institution and my students, shaping the next generation of experts in a critical field.”

Corinne Dionisio is National and Homeland Security Communications Liaison at Idaho National Laboratory. The article was originally posted to the website of the Idaho National Laboratory.