I'm a firm believer that if something is often programmed, it also can be hacked. And when it involves protecting what matters most to our economy and our country, the U.S. cannot still believe current approaches to defending critical infrastructures against persistent, well-funded adversaries.

It is time for a cyber strategy that protects our most crucial assets while advancing cyber best practices. Idaho National Laboratory (INL), one among 17 Department of Energy (DOE) national laboratories, is functioning with utilities and a number of other U.S. government (USG) agencies on an engineering approach to make sure that even when a hacker infiltrates a network or a system, they're unable to cause damage or execute failures that induce destruction of critical, long-lead-time-to-replace equipment.

"Providing assistance after a compromise is imperative to developing and sharing actionable information, but preventing a high-consequence attack is a good greater opportunity"

INL recently introduced Consequence-driven, Cyber-informed Engineering (CCE), a replacement methodology that infuses established cyber-risk assessment and management practices with engineering first principles. It helps organizations discover the very best potential risks to their operations. CCE also helps the USG better understand cyber-risks to the critical infrastructure of a selected organization and/or geographical area with national security implications.CCE isn’t a technology; rather, it's a disciplined approach to gauge complex systems, to form determinations about what must be fully safeguarded, and apply proven engineering strategies to isolate and protect the industry’s most crucial assets.

The DOE and Department of Homeland Security (DHS), with technical and scientific support from INL and other DOE lab partners, were sincerely committed within the research that proved a digital attack could disturb a physical component. For nearly 20 years, INL has provided leadership, expert analysis, and technical capabilities to guard critical national infrastructures. We offer resources as events unfold and help inform effective industry and national responses to targeted cybersecurity threats against the facility grid and other critical infrastructure.

Overseeing the safety and resilience of the U.S. power system may be a priority for DOE, and therefore the department is taking a leadership role because of the U.S. government’s Sector-Specific Agency (SSA) liable for protecting the nation’s energy infrastructure. In its cyber-incident response capability, DOE, in coordination with DHS, provides on-site teams to support an impacted utility’s incident response actions and cyber forensics capabilities. 

Providing assistance after a compromise is imperative to developing and sharing actionable information, but preventing a high-consequence attack is a good greater opportunity. Cyber hygiene and best practices performed across informational technology and operation technology today remain absolutely necessary for keeping prolific non-targeted attacks (e.g., WannaCry, NotPetya, Ransomware, among others) cornered. But hygiene alone isn't enough to counter threats posed by a complicated and protracted adversary executing targeted, infrastructure-specific attacks. This is often the daunting reality facing our interconnected and digital environments in industry, across military platforms and installations, and during a big variety of infrastructure systems today.

Complex infrastructure executives, engineers, and operators have long displayed their expertise in managing operational and business risk. However, the cyber threat to the foremost critics of those operations is growing rapidly, which demands a replacement, simpler cyber-risk evaluation, and prioritization process. CCE provides a way to focus and find out the knowledge needed to know the cyber-risk to critical operations, and to then manage and mitigate those risks with engineered solutions that rattle targeted attacks, be they purely cyber or ones that associate cyber and physical elements.

The concepts behind the name denote how the methodology establishes a priority related to cybersecurity risk and systems importance:

Consequence-driven is defined through senior leadership and operational hands-on individuals focusing their cyber-risk management on the absolutely essential and most crucial functions – which, if lost, would immediately imperil their primary mission. INL routinely guides executives and operational experts through a series of exercises to work out the potential devastation of cyber events.

Cyber-informed provides a lens to characterize the real-world assets and services most in danger from a targeted cyberattack. The overwhelming majority of critical operational processes don't include cybersecurity as a fundamental design parameter. Increasingly, attacks are often conducted remotely over a network, executed by an insider or saboteur, or achieved by manipulating the availability chain for a critical system. Using the CCE methodology, INL guides system operators to spot key points within a critical system susceptible to a cyberattack.

Engineering fully leverages an organization’s deep engineering and operations expertise, including detailed systems and process knowledge, to engineer out the cyber-risks. Although few organizations can claim cybersecurity as core expertise, critical infrastructure entities share a standard foundation of excellence in engineering and operations.

Security of critical infrastructure may be a battle to be won a day, not just by cybersecurity professionals, but across the interconnected systems and other people who touch cyber operational technology from cradle to grave.

The impacts of targeted attacks could equate to loss of life, infrastructure failures or disruption at unprecedented levels. Working and collaborating across the critical infrastructure sectors to spot the very best consequence operational systems provides a practical strategy for state and industry to take a position and prioritize cybersecurity risk.

INL recently completed a successful CCE pilot with Florida Power & Light, one among the most important U.S. electric utilities, and has begun another with a Department of Defense (DoD) partner.

Critical infrastructure threats come from many sources, and therefore the job of defending energy infrastructure, including the grid, gas pipelines and far more is way too big for any single organization to handle. This is often why INL, DOE, DHS, and DoD are working together and with strategic partners in industry and academia to supply guidance on the evolution and adoption of this advanced methodology. Expert training programs are now in development which will help us better secure the foremost critical U.S. and international infrastructures.

CCE’s Steps

CCE contains a four-step process for safeguarding difficult infrastructure operations:

1. Consequence prioritization sets a transparent specialize in the danger management framework to a couple of operations that simply must not fail and associated attack scenarios that would bring them down.

2. System of systems breakdown identifies the systematic interdependencies between critical process, defense systems and enabling or dependent components.

3. Consequence-based targeting determines the adversary’s path to realize the very best impact effects, where they have to be to conduct the attack, and what information is required to realize those goals.

4. Mitigations and protections are established to get rid of or disrupt the digital attack paths as fully as possible.