Critical Engineering Blog

The latest industry news, technologies and resources.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Get the latest security news and resources!

Tony Turner

Security Hardening

EPSS Config Roadmap

What Is Secure by Design?

EPSS for Configuration Flaws

All articles in our blog

EPSS Config Roadmap

Security Hardening

Tony Turner

Establishing a plan of action to start prioritizing configuration flaws

Read

What Is Secure by Design?

Secure by Design

Tony Turner

What is security by design, and how do we do it?

Read

EPSS for Configuration Flaws

Security Hardening

Tony Turner

Prioritizing security configuration controls

Read

5 Times I Gained Admin due to Misconfiguration – Part 1

Security Hardening

Tony Turner

Hospital Compromise due to security misconfigurations and ZERO vulnerabilities

Read

The Secure by Design Pareto Principle

Secure by Design

Tony Turner

Discussing the need for both short term tactical and long-term strategic planning to achieve Secure by Design.

Read

Securing Critical Infrastructure with SEMM - Security Engineering Maturity Matrix

Secure by Design

Tony Turner

A framework to mature security engineering inside your organization and understand your capability to design for security

Read

Securely Architecting the ICS

Secure by Design

Tony Turner

The role of security architecture assessments in securing the ICS

Read

Threat Modeling for Critical Infrastructure

Threat Modeling

Tony Turner

A discussion of the importance of critical function understanding to establish a consequences-centric security engineering approach

Read

Building Resilient Layered Defenses with a Cyber FMEA

Cyber Informed Engineering

Tony Turner

Using Failure Mode effects Analysis (FMEA) as a means for validating security defenses and understanding and preparing for failure of tools.

Read

The 5 D's of Cyber Sabotage

Cyber Informed Engineering

Tony Turner

Understanding adversary objectives in cyber sabotage and their impacts on your critical functions

Read

Unraveling Security Engineering - Product vs Systems in Critical Infrastructure

Secure by Design

Tony Turner

A discussion of the differences in product security vs systems integration as part of the security engineering process

Read

Security Hardening

Most organizations have underutilized security capabilities at their fingertips, as vendors frequently add new features that are not enabled by default. Rather than overspending on new security tools, optimize what you have, reducing attack surface and complexity.

Articles

Threat Modeling

The practice of threat modeling is an important component of a Secure by Design approach. It’s where we identify the product or system we are working on and analyze threats and weaknesses we want to mitigate to avoid undesirable consequences. We should be left with a set of achievable outcomes we can implement, monitor, and measure and work into future threat modeling cycles in a continuous fashion to reduce risk in our environment.

Articles

Cyber Informed Engineering

Cyber Informed Engineering a methodology proposed by US Department of Energy to establish Secure by Design thinking in the engineering process to achieve Critical Function Assurance. It leverages 12 core principles focused on reducing the consequences of failure for an organization's most critical functions.

Articles

Secure by Design

The topic of Secure by Design encompasses the practice of designing for security as a functional requirement. It embodies a culture of understanding and empowerment in pursuit of designing and implementing more resilient systems.

Articles