Countering Cyber Sabotage
eBook - ePub

Countering Cyber Sabotage

Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)

  1. 276 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Countering Cyber Sabotage

Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)

About this book

Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes.

Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. From a national security perspective, it is not just the damage to the military, the economy, or essential critical infrastructure companies that is a concern. It is the cumulative, downstream effects from potential regional blackouts, military mission kills, transportation stoppages, water delivery or treatment issues, and so on. CCE is a validation that engineering first principles can be applied to the most important cybersecurity challenges and in so doing, protect organizations in ways current approaches do not. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable.

Chapter 1 recaps the current and near-future states of digital technologies in critical infrastructure and the implications of our near-total dependence on them. Chapters 2 and 3 describe the origins of the methodology and set the stage for the more in-depth examination that follows. Chapter 4 describes how to prepare for an engagement, and chapters 5-8 address each of the four phases. The CCE phase chapters take the reader on a more granular walkthrough of the methodology with examples from the field, phase objectives, and the steps to take in each phase. Concluding chapter 9 covers training options and looks towards a future where these concepts are scaled more broadly.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Countering Cyber Sabotage by Andrew A. Bochman,Sarah Freeman in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & Industrial Management. We have over one million books available in our catalogue for you to explore.

1

Running to Stand Still and Still Falling Behind

We have a lot of bright people working on this problem, but the faster we go, the more behind we get. We donā€™t seem to be getting ahead of it.1
ā€”General Michael Hayden
The wellspring of risk is dependence.2
ā€”Dan Geer
If the nation went to war today, in a cyberwar, we would lose. Weā€™re the most vulnerable. Weā€™re the most connected. We have the most to lose.3
ā€”Mike McConnell

ā€œI Can Deal with Disruption; I Canā€™t Handle Destructionā€

The complete statement was ā€œI can deal with disruption; what I canā€™t handle is destruction of long lead-time-to-replace capital equipment.ā€ These words were spoken by the CEO of Florida Power & Light, one of the largest US electric utilities, in his 2018 Consequence-Driven Cyber-Informed Engineering (CCE) brief to Congressional staffers.4 Situated in the path of some of the largest hurricanes every year, his company, Florida Power & Light (FP&L), is more than ready for large-scale, multiday weather-induced disruptions. Stockpiles of essential parts and equipment, employees trained in restoration, plus well-established mutual assistance programs with other regional utilities are standing by to get the power back on fast even after enduring Mother Natureā€™s worst.
Itā€™s another matter entirely when the adversary is planning cyberattacks that target energy companiesā€™ most important, long-lead-time-to-replace capital equipment, for example, the concurrent destruction of multiple combined cycle generators; natural gas distribution lines; or ultrahigh voltage transformers; or widespread destruction of thousands of geographically dispersed, digital protective relays, which could shut a utility down for months while waiting on the supply chain before rolling trucks to the site of each relay. In other sectors like water and wastewater treatment, massive pumps that would take months or years to replace are must what not fail, and therefore, make for the most prized targets.
While the struggle to protect the entire enterprise will continue to challenge Chief Information Security Officers (CISOs) for the foreseeable future, whatā€™s needed now is a way to take a highly specific subset of all systems, the things upon which infrastructure companies most depend, the adversariesā€™ most desirable targets, off table.

Implications for Critical Infrastructure and National Security

Itā€™s one thing for a restaurant, a lawn service, or a nail salon to be dependent on digital systems; itā€™s quite another for some of the most important companies and government organizations in the nation to put themselves in that position. No matter how you define critical infrastructure, be it by sector5 or by critical national function,6 there is far more at stake than the well-being of the organization. In the private sector, downstream dependencies on electricity, water, and communications services often greatly eclipse mainly the economic, military, or societal value of the individual company, its employees, or its investors.
Consider what happens in a local or regional blackout. Almost everything, except whatā€™s powered by fuel still in the tank, stops in its tracks. Hospitals, military bases, and companies with the wherewithal to have backup power strategies can maintain essential operations for a few days or hours. Cell phones keep working until their batteries are depleted, and cell towers either stop transmitting or run a while longer on backup diesel generators. The macro effects are that offices and houses go dark and production lines stop midstream. More tangible effects are felt when passengers are trapped in elevators, traffic lights blink out, food spoils in warming home and grocery store refrigerators.
Hereā€™s what ex-Mossad director X Pardo said about victim hopes that governments will come to the rescue if and when cyberattacks create large-scale infrastructure effects:
Faith that governmentsā€”including the U.S.ā€”can respond to attacks in a timely and effective way may also be misplaced. I just sayā€”God forbidā€”that on a hot summer day, [after a] cyberattack, pressure [in] the water pipelines in California will drop to zero. Thinking that the federal government will assist, solve the problemā€”itā€™s not even a dream.7
Of the 16 critical infrastructure sectors monitored by the Department of Homeland Security (DHS), most rely to a great degree on the reliable functioning of Industrial Control Systems (ICS). And some of those that at first glance donā€™t appear as reliant, like Financial Services, depend heavily on other sectors that do. Many ICS suppliers serve multiple sectors. For example, General Electric turbines propel jetliners and power cities. Caterpillar diesel generators provide emergency backup power to commercial and government facilities as well as to ships and submarines. Whether called ICS, operational technology (OT), or cyber-physical systems, it is thoroughly documented that the technologies that support industrial processes are highly susceptible to exploration and exploitation by parties interested in targeting them.

Goodbye to Full Manual: Automating Critical Infrastructure

It used to be machines did the one or several things they were designed to do, and the principal concerns for owners and operators were about how to operate them safely and keep them running as long as possible with scheduled maintenance. For example, think farm tractors, steam engines, diesel-powered backhoes, and coal-fired power plants. Bad things could happen when some part of them broke down from wear or a material defect, but from todayā€™s perspective, the upside was that with rare exceptions, they couldnā€™t be made to perform tasks diametrically opposed to what their designers intended. And they especially couldnā€™t be made to perform other tasks by distant humans.
As the saying goes, that was then, this is now. Weā€™ve become quite accustomed to digital machines running the show, in factories and farms, in cockpits, and increasingly, in cars. The ā€œSecond Machine Age,ā€ ā€œIndustry 4.0,ā€ and the ā€œIndustrial Internet of Things (IIoT)ā€ signal a full-on, buzzword-filled embrace of digital automation.8 Unpredictable and error-prone human operators are replaced with programmable and reprogrammable machines that perform tasks much more quickly, efficiently, and without error and require neither paychecks nor benefits. Automationā€™s business benefits are so clear, and the business case for it is so compelling that economists are warning that despite the likelihood that some jobs are being created to support the advance of automation, an unprecedented wave of job losses in a number of low- and middle- skilled job categories is likely to ensue.9
As human decision-makers are replaced with algorithms, efficiency advantages are offset occasionally by automation-induced catastrophes10 that give some momentary pause. And even though sometimes it initially appears otherwise, the vast majority of these accidents are not the result of malicious bad actors but rather engineering design decisions that took humans so far out of the loop that there was no way for them to take back control when needed. The trend seems unstoppable and largely unnoticed.
Water sector engineering subject matter expert (SME) Daniel Groves sometimes teases his clients into examining their massive dependence on automation by daring them to consider going one full day without it. Hereā€™s how he describes the typical reactions:
I call it ā€œA Day without SCADA.ā€ Many operators indicate that they are not sure if they could run their systems without SCADA. Over the last few decades, as automation improved in reliability and was designed into all their systems, utilities began cutting back on their operator workforce. For example, a 50 million gallons per day (MGD) water treatment facility without SCADA may have had up to 3 full time operators 24 hours per day. After automation was implemented, these facilities may be operated by the SCADA system with oversight from a remote location, with only one operator and maintenance staff on hand during the day shift only. In this ā€œleanā€ configuration of staffing, if the SCADA system suddenly became unavailable, they could keep things running by relying on on-call staff and required overtime, or even perhaps mutual aid from a nearby utility. However, the load on their staff would become unbearable if the outage dragged on for days and weeks.
Other utilities have indicated that they have a regularly scheduled ā€œDay without SCADAā€ as an operations activity at least annually. Management views these exercises as excellent training opportunities to verify that operators know how to run the plants in a manual fashion. However, these utilities indicate that running these exercises are a significant burden that no one looks forward to and can create operational issues.
Another key element in the equation are vendor systems. Many vendor systems (Reverse Osmosis, for example) are very complex and are not designed to be run without the automation. Several water utility operators have indicated that ...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Contents
  6. Foreword
  7. Preface
  8. Author Bio
  9. Introduction
  10. 1 Running to Stand Still and Still Falling Behind
  11. 2 Restoring Trust: Cyber-Informed Engineering
  12. 3 Beyond Hope and Hygiene: Introducing Consequence-Driven Cyber-Informed Engineering
  13. 4 Pre-engagement Preparation
  14. 5 Phase 1: Consequence Prioritization
  15. 6 Phase 2: System-of-Systems Analysis
  16. 7 Phase 3: Consequence-Based Targeting
  17. 8 Phase 4: Mitigations and Protections
  18. 9 CCE Futures: Training, Tools, and What Comes Next
  19. Acknowledgments
  20. Glossary
  21. Appendix A CCE Case Study: Baltavia Substation Power Outage
  22. Appendix B CCE Phase Checklists
  23. Index