I’m a firm believer that if something can be programmed, it can also be hacked. And when it comes to protecting what matters most to our economy and our country, the U.S. cannot continue to relyon current approaches to defending critical infrastructures against persistent, well-funded adversaries.
It is time for a cyber strategy that protects our most critical assets, while advancing cyber best practices. Idaho National Laboratory (INL), one of 17 Department of Energy (DOE) national laboratories, is working with utilities and several U.S. government (USG) agencies on an engineering approach to ensure that even when a hacker infiltrates a network or a system, they are unable to cause damage or execute failures that induce destruction of critical, long-lead-time-to-replace equipment.
Providing assistance after a compromise is imperative to developing and sharing actionable information, but preventing a high-consequence attack is an even greater opportunity.
INL recently introduced Consequence-driven, Cyber-informed Engineering (CCE), a new methodology that infuses established cyber-risk assessment and management practices with engineering first principles. It helps organizations discover the highest potential risks to their operations. CCE also helps the USG better understand cyber-risks to critical infrastructure of a specific organization and/or geographic region with national security implications.CCE isn’t a technology; rather, it is a disciplined approach to evaluate complex systems, to make determinations about what must be fully safeguarded, and apply proven engineering strategies to isolate and protect industry’s most critical assets.
The DOE and Department of Homeland Security (DHS), with technical and scientific support from INL and other DOE lab partners, were actively engaged in the research that proved a digital attack could damage a physical component. For nearly two decades, INL has provided leadership, expert analysis, and technical capabilities to protect critical national infrastructures. We provide resources as events unfold and help inform effective industry and national responses to targeted cybersecurity threats against the power grid and other critical infrastructure.
Overseeing the security and resilience of the U.S. power grid is a priority for DOE, and the department is taking a leadership role as the U.S. government’s Sector Specific Agency (SSA) responsible for protecting the nation’s energy infrastructure. In its cyber-incident response capability, DOE, in coordination with DHS, provides on-site teams to support an impacted utility’s incident response actions and cyber forensics capabilities.
Providing assistance after a compromise is imperative to developing and sharing actionable information, but preventing a high-consequence attack is an even greater opportunity. Cyber hygiene and best practices performed across informational technology and operation technology today remain absolutely necessary for keeping prolific nontargeted attacks (e.g., WannaCry, NotPetya, Ransomware, among others) at bay. But hygiene alone is not enough to counter threats posed by an advanced and persistent adversary executing targeted, infrastructure-specific attacks. This is the daunting reality facing our interconnected and digital environments in industry, across military platforms and installations, and in a wide variety of infrastructure systems today.
Critical infrastructure executives, engineers and operators have long demonstrated their expertise in managing operational and business risk. However, the cyber threat to the most critical of these operations is growing rapidly, which demands a new, more effective cyber-risk evaluation and prioritization process. CCE provides a method to focus and discover the information needed to understand the cyber-risk to critical operations, and to then manage and mitigate those risks with engineered solutions that disrupt targeted attacks, be they purely cyber or ones that combine cyber and physical elements.
The concepts behind the name denotes how the methodology establishes a priority associated to cybersecurity risk and systems importance:
Consequence-driven is defined through senior leadership and operational hands-on individuals focusing their cyber-risk management on the absolutely essential and most critical functions – which, if lost, would immediately imperil their primary mission. INL routinely guides executives and operational experts through a series of exercises to determine the potential devastation of cyber events.
Cyber-informed provides a lens to characterize the real-world assets and services most at risk from a targeted cyberattack. The vast majority of critical operational processes do not include cybersecurity as a fundamental design parameter. Increasingly, attacks can be conducted remotely over a network, executed by an insider or saboteur, or achieved by manipulating the supply chain for a critical system. Using the CCE methodology, INL guides system operators to identify key points within a critical system vulnerable to a cyberattack.
Engineering fully leverages an organization’s deep engineering and operations expertise, including detailed systems and process knowledge, to engineer out the cyber-risks. Although few organizations can claim cybersecurity as a core expertise, critical infrastructure entities share a common foundation of excellence in engineering and operations.
Security of critical infrastructure is a battle to be won every day, not just by cybersecurity professionals, but across the interconnected systems and people who touch cyber operational technology from cradle to grave.
The impacts of targeted attacks could equate to loss of life, infrastructure failures or disruption at unprecedented levels. Working and collaborating across the critical infrastructure sectors to identify the highest consequence operational systems provides a practical strategy for government and industry to invest and prioritize cybersecurity risk.
INL recently completed a successful CCE pilot with Florida Power & Light, one of the largest U.S. electric utilities, and has begun another with a Department of Defense (DoD) partner.
Critical infrastructure threats come from many sources, and the job of defending energy infrastructure, including the grid, natural gas pipelines and much more is far too big for any single organization to handle. This is why INL, DOE, DHS and DoD are working together and with strategic partners in industry and academia to provide guidance on the evolution and adoption of this advanced methodology. Expert training programs are now in development that will help us better secure the most critical U.S. and international infrastructures.
CCE provides a four-step process for safeguarding critical infrastructure operations:
1. Consequence prioritization sets a clear focus on the risk management framework to a handful of operations that simply must not fail and associated attack scenarios that could bring them down.
2. System of systems breakdown identifies the systematic interdependencies between critical process, defense systems and enabling or dependent components.
3. Consequence-based targeting determines the adversary’s path to achieve the highest impact effects, where they need to be to conduct the attack, and what information is required to achieve those goals.
4. Mitigations and protections are established to remove or disrupt the digital attack paths as fully as possible.
– CIO Review