Researchers at Idaho National Laboratory (INL) have published a new book to help train employees at public utilities to recognize cybersecurity vulnerabilities and develop measures to defend their networks from increasingly sophisticated cyberattack. The book is titled as ‘Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering,’ written by Andy Bochman and Sarah Freeman, details INL’s innovative approach to securing critical infrastructure systems like the electric power grid, oil and natural gas refineries, and water treatment facilities.
INL has also developed and pioneered a think-like-the-adversary cybersecurity approach called Consequence-driven Cyber-informed Engineering (CCE). The method acknowledges the fragility of internet-connected technology and services. Instead of relying on traditional protection strategies like intrusion detection software or additional firewalls, INL’s cybersecurity approach uses engineering design principles.
INL developed the CCE method over the last decade in consultation with leading government, industry and academic researchers. Beginning in 2018, Congress and the Department of Energy Office of Cybersecurity, Energy Security and Emergency Response provided INL with $20 million in funding to further develop the method. Additional support has come from the Department of Homeland Security and the Department of Defense.