Countering Cyber Sabotage - Andrew A. Bochman, Sarah Freeman

Countering Cyber Sabotage

Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)
Buch | Softcover
276 Seiten
2021
CRC Press (Verlag)
978-0-367-67371-0 (ISBN)
39,85 inkl. MwSt
The book introduces a new methodology to help critical infrastructure owners, operators, and security practitioners make demonstrable improvements to secure the most important functions and processes. It provides practical techniques to put targets beyond the reach of the most persisent cyber adversaries.
Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes.

Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. From a national security perspective, it is not just the damage to the military, the economy, or essential critical infrastructure companies that is a concern. It is the cumulative, downstream effects from potential regional blackouts, military mission kills, transportation stoppages, water delivery or treatment issues, and so on. CCE is a validation that engineering first principles can be applied to the most important cybersecurity challenges and in so doing, protect organizations in ways current approaches do not. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable.

Chapter 1 recaps the current and near-future states of digital technologies in critical infrastructure and the implications of our near-total dependence on them. Chapters 2 and 3 describe the origins of the methodology and set the stage for the more in-depth examination that follows. Chapter 4 describes how to prepare for an engagement, and chapters 5-8 address each of the four phases. The CCE phase chapters take the reader on a more granular walkthrough of the methodology with examples from the field, phase objectives, and the steps to take in each phase. Concluding chapter 9 covers training options and looks towards a future where these concepts are scaled more broadly.

Andy Bochman is the Senior Grid Strategist for Idaho National Laboratory’s National and Homeland Security directorate. In this role, Mr. Bochman provides strategic guidance on topics at the intersection of grid security and resilience to INL leadership as well as senior US and international government and industry leaders. A frequent speaker, writer, and trainer, Mr. Bochman has provided analysis on electric grid and energy sector infrastructure security actions, standards, and gaps to the Department of Energy, Department of Defense, Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), National Institute of Standards and Technology (NIST), National Association of Regulatory Utility Commissioners (NARUC), the Electricity Subsector Coordinating Council (ESCC), and most of the US state utility commissions. Teaming with DOE, NARUC, USAID, and international partners, he has cyber-trained grid operators, and is a cybersecurity subject matter expert listed with the US State Department Speakers Bureau. Mr. Bochman has testifi ed before the US Senate Energy and Natural Resources Committee on energy infrastructure cybersecurity issues and before FERC on the security readiness of smart grid cybersecurity standards. He has also held recurring conversations on grid security matters with the Senate Select Committee on Intelligence (SSCI) and the National Security Council (NSC). Prior to joining INL, he was the Global Energy & Utilities Security Lead at IBM and a Senior Advisor at the Chertoff Group in Washington, DC. Mr. Bochman earned a Bachelor of Science degree from the US Air Force Academy and a Master of Arts degree from the Harvard University Extension School. Sarah Freeman is an Industrial Control Systems (ICS) cyber security analyst at Idaho National Laboratory (INL), where she provides US government partners and private sector entities with actionable cyber threat intelligence, developing innovative security solutions for the critical infrastructure within the US. At Idaho National Laboratory, Ms. Freeman pursues innovative threat analysis and cyber defense approaches, most recently Consequence driven Cyber-informed Engineering (CCE). As Principle Investigator on a laboratory discretionary research, her current research is focused on new signatures and structured methods for cyber adversary characterization. Following the December 2015 electric grid attacks, Ms. Freeman participated in the DOE-sponsored training for Ukrainian asset owners in May 2016. She has also researched the Ukrainian 2015 and 2016 cyber-attacks and the Trisis/Hatman incident. Ms. Freeman earned a Bachelor of Arts from Grinnell College and a Master’s in Security and Intelligence Studies from the University of Pittsburgh.

CONTENTS

Foreword by Michael J. Assante xi

Preface xxi

Author Bio xxix

Introduction xxxi

1 Running to Stand Still and Still Falling Behind 1

2 Restoring Trust: Cyber- Informed Engineering 29

3 Beyond Hope and Hygiene: Introducing Consequence-

Driven Cyber- Informed Engineering 57

4 Pre- engagement Preparation 77

5 Phase 1: Consequence Prioritization 87

6 Phase 2: System- of- Systems Analysis 105

7 Phase 3: Consequence- Based Targeting 123

8 Phase 4: Mitigations and Protections 141

9 CCE Futures: Training, Tools, and What Comes Next 165

Acknowledgments 181

Glossary 185

Appendix A CCE Case Study: Baltavia Substation Power Outage 199

Appendix B CCE Phase Checklists 259

Index 270

Erscheinungsdatum
Zusatzinfo 13 Line drawings, color; 10 Halftones, color
Verlagsort London
Sprache englisch
Maße 156 x 234 mm
Gewicht 220 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Mathematik / Informatik Informatik Theorie / Studium
Recht / Steuern Privatrecht / Bürgerliches Recht IT-Recht
Sozialwissenschaften Politik / Verwaltung Europäische / Internationale Politik
Technik Umwelttechnik / Biotechnologie
ISBN-10 0-367-67371-1 / 0367673711
ISBN-13 978-0-367-67371-0 / 9780367673710
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99
Management der Informationssicherheit und Vorbereitung auf die …

von Michael Brenner; Nils gentschen Felde; Wolfgang Hommel

Buch (2024)
Carl Hanser (Verlag)
69,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00