Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes. Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. From a national security perspective, it is not just the damage to the military, the economy, or essential critical infrastructure companies that is a concern. It is the cumulative, downstream effects from potential regional blackouts, military mission kills, transportation stoppages, water delivery or treatment issues, and so on. CCE is a validation that engineering first principles can be applied to the most important cybersecurity challenges and in so doing, protect organizations in ways current approaches do not. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable. Chapter 1 recaps the current and near-future states of digital technologies in critical infrastructure and the implications of our near-total dependence on them. Chapters 2 and 3 describe the origins of the methodology and set the stage for the more in-depth examination that follows. Chapter 4 describes how to prepare for an engagement, and chapters 5-8 address each of the four phases. The CCE phase chapters take the reader on a more granular walkthrough of the methodology with examples from the field, phase objectives, and the steps to take in each phase. Concluding chapter 9 covers training options and looks towards a future where these concepts are scaled more broadly.
Author(s): Andrew A. Bochman; Sarah Freeman
Publisher: CRC Press
Year: 2021
Language: English
Pages: 276
City: Boca Raton
Cover
Half Title
Title Page
Copyright Page
Table of contents
Preface
Introduction
Origins
A Few Words on Sabotage
Sabotage, Surveillance, and Supply Chain Risk
Notes
1 Running to Stand Still and Still Falling Behind
“I Can Deal with Disruption; I Can’t Handle Destruction”
Implications for Critical Infrastructure and National Security
Goodbye to Full Manual: Automating Critical Infrastructure
What It Means to be a Full Digitally Dependent in an Insecure-by-Design World
Race to the Bottom
Insecure-by-Design
A Strategy Based on Hope and Hygiene
The Hollow Promise of Cyber-insurance
Experts Speak Out on Hygiene
The Most Optimistic Take
Declining (or Unknowable) Returns on Increasing Security Investments
A Deep Ocean of Security Solutions
Don’t Stop Now
Congress Asks a Good Question
Thoughts and Questions
Notes
2 Restoring Trust: Cyber-Informed Engineering
Software Has Changed Engineering
INL and Engineering
Engineers Still Trust the Trust Model
Unverified Trust
Trusting What Works: CIE in Detail
Security as a Co-equal Value to Safety
Failure Mode, Near Misses, and Sabotage
Failure Mode and Effects Analysis
Inter-chapter Transition Thoughts and Questions
Notes
3 Beyond Hope and Hygiene: Introducing Consequence-Driven, Cyber-Informed Engineering
Safety First in Idaho
Failure Mode Analysis, Misuse, and Mis-operation
Origins in Idaho and Elsewhere
CCE from a Threat Perspective
The USG Is Using CCE to Better Secure National Critical Functions (NCFs)
CCE to Secure the Rest of Critical Infrastructure
Methodology Hacking and Calculating Risk
True Intent: Company-Wide Conversion
Transitioning to a Closer Look at CCE
Notes
4 Pre-engagement Preparation
Objectives of Pre-engagement Preparation
Pre-engagement Preparation Walkthrough
Establish the Need
Scoping and Agreements
Data Protection
Open-Source Research
Refine Initial Taxonomy and Determine Knowledge Base Requirements
Taxonomy and Knowledge Base
Form and Train Execution Teams
Transitioning to Phase 1
5 Phase 1: Consequence Prioritization
Objective of Phase 1
Killing Your Company—Investigating Potential HCEs
Phase 1 Walkthrough
Getting Started with Assumptions and Boundaries
High-Consequence Event Scoring Criteria
Event Development
Criteria Weighting and Event Scoring
HCE Validation
The (Reasonable) Resistance
The CIO
The CISO
Operators and Engineers
Sequencing and Key Participants
Entity-Side
The CCE Team
Preparing for Phase 2
Notes
6 Phase 2: System-of-Systems Analysis
Objectives
Mapping the Playing Field
Phase 2 Walkthrough
Translating HCEs into Block Diagrams
Begin Building the Functional Data Repository
High-level Functional Sketch Example—An Industrial Compressor
Data Collection Efforts
Data Categories
Subject Matter Experts Interviews
Open-source Info Resources
Other Non-internal Sources
Pursuing the “Perfect Knowledge” View
Populating the Functional Taxonomy
Constructing Detailed Functional Diagrams: The Case for a Model-based Approach
Preparing for Phase 3
Notes
7 Phase 3: Consequence-Based Targeting
Phase 3 Objectives
Becoming Your Worst (and Best) Enemy
Cyber Kill Chains
Kill Chain Origins
The CCE Cyber Kill Chain9
Phase 3 Team Roles
Targeter
Subject Matter Experts
Analysts
The Intelligence Community (IC)
Phase 3 Walkthrough
Develop Scenario Concept of Operations (CONOPS) for Each HCE
Determining Attack Scenarios
Defining a Technical Approach (i.e., the ICS Payload Requirements)
Define Target Details
Access Pathway
Critical Information Needs
Development of the Payload
Deployment of the Payload
Deliver CONOPS and Iterate with SMEs
Eliminating HCEs
Validating Details
Attack Scenario Complexity and Confidence
Present CONOPS to C-Suite
Threat Intelligence from Different Sources
Preparing for Phase 4
Notes
8 Phase 4: Mitigations and Protections
Phase 4 Objectives
Taking Targets Off the Table
Phase 4 Walkthrough
Identifying Gaps in Expertise
Develop and Prioritize Mitigation Options
Prioritize Mitigations
Validate Mitigations
Present and Validate Mitigations with Entity SMEs
Brainstorming Additional Mitigation Options
Present Recommendations to C-Suite
Develop Adversary Tripwires (NCF Engagements Only)
A Longer Look at Non-digital Mitigations
Humans Back in the Loop
Revisiting Phase 1’s Next-Worst HCEs
Codifying CCE’s Learnings in Policy
Notes
9 CCE Futures: Training, Tools, and What Comes Next
CCE Training Options
ACCELERATE Workshops
CCE Team Training
CCE Tool Suites and Checklists
Tools
Checklists
A More Inherently Secure Critical Infrastructure
Certification and Scaling via Partners
Ensuring Cybersecurity for Safety
Policy Prognostications
Emerging Technology Only Elevate CCE’s Importance
Injecting Cyber into Engineering Curricula
Last Word
Notes
Acknowledgments
Glossary
Appendix A: CCE Case Study
Appendix B: CCE Phase Checklists
Index
