Idaho National Laboratory and 1898 & Co. are working together to develop CCE across the worldwide ICS cybersecurity community.

FREMONT, CA: A new partnership between 1898 & Co., a leading Industrial Control System (ICS) cybersecurity solutions provider, and Idaho National Laboratory (INL), a US Department of Energy national laboratory, will allow 1898 & Co. to use the laboratory’s patent-pending consequence-driven, cyber-informed engineering (CCE) discipline, which was developed and pioneered by the lab and is supported by the Office of Cybersecurity. It was done to provide a level of resiliency rare in today’s contexts for utilities (power and water), oil, gas, and chemicals, defense industrial base (federal/military/defense), pipelines, transportation (aviation and rail), ports and maritime, and manufacturing enterprises.

“While there are no guarantees when it comes to critical infrastructure cybersecurity, 1898 & Co. clients who implement CCE for their most critical assets will have additional safeguards in the form of engineering changes and process improvements that limit the damage an attacker can do once inside,” says Matt Morris, managing director for 1898 & Co. “At the end of the day, CCEs ability to temper the size and scale of cyber sabotage provides a level of certainty CISOs and boards sorely need.”

Digitalization is becoming a more permanent part of today’s business, and cybersecurity is the key to a smooth transition. If digitization activities are carried out with cyber vigilance, the benefits and return on investment exhibited by them are real and bring value to shareholders, customers, and the environment. However, the digital transformation outpaces the cyber resilience required to manage business risks most of the time successfully. As a result, critical infrastructure cybersecurity experts are stretched in several ways and do not want to be seen as stifling company growth.

“Consequence-driven, cyber-informed engineering enhances risk assessment for cybersecurity by combining first-principles thinking with engineering ingenuity,” said Zach Tudor, Director, INL Associate Laboratory. “It is a concept we have developed and improved over the last decade in engagements with major utilities and defense establishments, and we are excited to partner with Burns & McDonnell and 1898 & Co. to offer it to more organizations.”

The SolarWinds attack and Oldsmar water facility breach, as well as the Colonial Pipeline and JBS Foods ransomware attacks, have all had an impact on both individual enterprises and the broader US economy in the recent 12 months.

“1898 & Co. plans to scale the CCE discipline to critical infrastructure asset owners globally,” says Morris. “A common theme with the majority of the CISOs I am connecting with is that they are desperately searching for a level of certainty when conversing with their respective boards regarding risk to the business. Prior to the development of CCE, the best answer we had was to implement a series of controls and to maintain those on a frequent basis.”

INL and 1898 & Co. are working together to develop CCE across the worldwide ICS cybersecurity community. INL focuses mainly on the public sector, and 1898 & Co. providing support to the public sector as needed. 1898 & Co. can draw on the resources of a 7,600-person engineering firm as part of Burns & McDonnell to truly expand the discipline into the private sector when asset owners, CISOs, and boards need it most.