Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)

Cover
Half Title
Title Page
Copyright Page
Table of contents
Preface
Introduction
	Origins
	A Few Words on Sabotage
	Sabotage, Surveillance, and Supply Chain Risk
	Notes
1 Running to Stand Still and Still Falling Behind
	“I Can Deal with Disruption; I Can’t Handle Destruction”
	Implications for Critical Infrastructure and National Security
		Goodbye to Full Manual: Automating Critical Infrastructure
	What It Means to be a Full Digitally Dependent in an Insecure-by-Design World
		Race to the Bottom
		Insecure-by-Design
	A Strategy Based on Hope and Hygiene
		The Hollow Promise of Cyber-insurance
		Experts Speak Out on Hygiene
		The Most Optimistic Take
			Declining (or Unknowable) Returns on Increasing Security Investments
		A Deep Ocean of Security Solutions
		Don’t Stop Now
	Congress Asks a Good Question
	Thoughts and Questions
	Notes
2 Restoring Trust: Cyber-Informed Engineering
	Software Has Changed Engineering
		INL and Engineering
	Engineers Still Trust the Trust Model
		Unverified Trust
	Trusting What Works: CIE in Detail
	Security as a Co-equal Value to Safety
		Failure Mode, Near Misses, and Sabotage
		Failure Mode and Effects Analysis
		Inter-chapter Transition Thoughts and Questions
	Notes
3 Beyond Hope and Hygiene: Introducing Consequence-Driven, Cyber-Informed Engineering
	Safety First in Idaho
		Failure Mode Analysis, Misuse, and Mis-operation
		Origins in Idaho and Elsewhere
	CCE from a Threat Perspective
		The USG Is Using CCE to Better Secure National Critical Functions (NCFs)
		CCE to Secure the Rest of Critical Infrastructure
	Methodology Hacking and Calculating Risk
	True Intent: Company-Wide Conversion
	Transitioning to a Closer Look at CCE
	Notes
4 Pre-engagement Preparation
	Objectives of Pre-engagement Preparation
	Pre-engagement Preparation Walkthrough
		Establish the Need
		Scoping and Agreements
			Data Protection
		Open-Source Research
		Refine Initial Taxonomy and Determine Knowledge Base Requirements
			Taxonomy and Knowledge Base
		Form and Train Execution Teams
	Transitioning to Phase 1
5 Phase 1: Consequence Prioritization
	Objective of Phase 1
	Killing Your Company—Investigating Potential HCEs
	Phase 1 Walkthrough
		Getting Started with Assumptions and Boundaries
		High-Consequence Event Scoring Criteria
		Event Development
			Criteria Weighting and Event Scoring
		HCE Validation
	The (Reasonable) Resistance
		The CIO
		The CISO
		Operators and Engineers
	Sequencing and Key Participants
		Entity-Side
		The CCE Team
	Preparing for Phase 2
	Notes
6 Phase 2: System-of-Systems Analysis
	Objectives
	Mapping the Playing Field
	Phase 2 Walkthrough
		Translating HCEs into Block Diagrams
			Begin Building the Functional Data Repository
			High-level Functional Sketch Example—An Industrial Compressor
		Data Collection Efforts
		Data Categories
			Subject Matter Experts Interviews
			Open-source Info Resources
			Other Non-internal Sources
		Pursuing the “Perfect Knowledge” View
		Populating the Functional Taxonomy
			Constructing Detailed Functional Diagrams: The Case for a Model-based Approach
	Preparing for Phase 3
	Notes
7 Phase 3: Consequence-Based Targeting
	Phase 3 Objectives
	Becoming Your Worst (and Best) Enemy
		Cyber Kill Chains
			Kill Chain Origins
			The CCE Cyber Kill Chain9
		Phase 3 Team Roles
			Targeter
			Subject Matter Experts
			Analysts
			The Intelligence Community (IC)
	Phase 3 Walkthrough
		Develop Scenario Concept of Operations (CONOPS) for Each HCE
			Determining Attack Scenarios
			Defining a Technical Approach (i.e., the ICS Payload Requirements)
			Define Target Details
			Access Pathway
		Critical Information Needs
			Development of the Payload
			Deployment of the Payload
		Deliver CONOPS and Iterate with SMEs
			Eliminating HCEs
			Validating Details
		Attack Scenario Complexity and Confidence
		Present CONOPS to C-Suite
	Threat Intelligence from Different Sources
	Preparing for Phase 4
	Notes
8 Phase 4: Mitigations and Protections
	Phase 4 Objectives
	Taking Targets Off the Table
	Phase 4 Walkthrough
		Identifying Gaps in Expertise
		Develop and Prioritize Mitigation Options
			Prioritize Mitigations
		Validate Mitigations
		Present and Validate Mitigations with Entity SMEs
			Brainstorming Additional Mitigation Options
			Present Recommendations to C-Suite
		Develop Adversary Tripwires (NCF Engagements Only)
	A Longer Look at Non-digital Mitigations
		Humans Back in the Loop
	Revisiting Phase 1’s Next-Worst HCEs
	Codifying CCE’s Learnings in Policy
	Notes
9 CCE Futures: Training, Tools, and What Comes Next
	CCE Training Options
		ACCELERATE Workshops
		CCE Team Training
	CCE Tool Suites and Checklists
		Tools
		Checklists
	A More Inherently Secure Critical Infrastructure
		Certification and Scaling via Partners
		Ensuring Cybersecurity for Safety
		Policy Prognostications
		Emerging Technology Only Elevate CCE’s Importance
		Injecting Cyber into Engineering Curricula
		Last Word
	Notes
Acknowledgments
Glossary
Appendix A: CCE Case Study
Appendix B: CCE Phase Checklists
Index