eBook - ePub
Countering Cyber Sabotage
Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)
Andrew A. Bochman, Sarah Freeman
This is a test
Share book
- 276 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Countering Cyber Sabotage
Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)
Andrew A. Bochman, Sarah Freeman
Book details
Book preview
Table of contents
Citations
About This Book
Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes.
Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. From a national security perspective, it is not just the damage to the military, the economy, or essential critical infrastructure companies that is a concern. It is the cumulative, downstream effects from potential regional blackouts, military mission kills, transportation stoppages, water delivery or treatment issues, and so on. CCE is a validation that engineering first principles can be applied to the most important cybersecurity challenges and in so doing, protect organizations in ways current approaches do not. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable.
Chapter 1 recaps the current and near-future states of digital technologies in critical infrastructure and the implications of our near-total dependence on them. Chapters 2 and 3 describe the origins of the methodology and set the stage for the more in-depth examination that follows. Chapter 4 describes how to prepare for an engagement, and chapters 5-8 address each of the four phases. The CCE phase chapters take the reader on a more granular walkthrough of the methodology with examples from the field, phase objectives, and the steps to take in each phase. Concluding chapter 9 covers training options and looks towards a future where these concepts are scaled more broadly.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Countering Cyber Sabotage an online PDF/ePUB?
Yes, you can access Countering Cyber Sabotage by Andrew A. Bochman, Sarah Freeman in PDF and/or ePUB format, as well as other popular books in Politica e relazioni internazionali & Sicurezza nazionale. We have over one million books available in our catalogue for you to explore.
Information
1
Running to Stand Still and Still Falling Behind
We have a lot of bright people working on this problem, but the faster we go, the more behind we get. We donât seem to be getting ahead of it.1
âGeneral Michael Hayden
The wellspring of risk is dependence.2
âDan Geer
If the nation went to war today, in a cyberwar, we would lose. Weâre the most vulnerable. Weâre the most connected. We have the most to lose.3
âMike McConnell
âI Can Deal with Disruption; I Canât Handle Destructionâ
The complete statement was âI can deal with disruption; what I canât handle is destruction of long lead-time-to-replace capital equipment.â These words were spoken by the CEO of Florida Power & Light, one of the largest US electric utilities, in his 2018 Consequence-Driven Cyber-Informed Engineering (CCE) brief to Congressional staffers.4 Situated in the path of some of the largest hurricanes every year, his company, Florida Power & Light (FP&L), is more than ready for large-scale, multiday weather-induced disruptions. Stockpiles of essential parts and equipment, employees trained in restoration, plus well-established mutual assistance programs with other regional utilities are standing by to get the power back on fast even after enduring Mother Natureâs worst.
Itâs another matter entirely when the adversary is planning cyberattacks that target energy companiesâ most important, long-lead-time-to-replace capital equipment, for example, the concurrent destruction of multiple combined cycle generators; natural gas distribution lines; or ultrahigh voltage transformers; or widespread destruction of thousands of geographically dispersed, digital protective relays, which could shut a utility down for months while waiting on the supply chain before rolling trucks to the site of each relay. In other sectors like water and wastewater treatment, massive pumps that would take months or years to replace are must what not fail, and therefore, make for the most prized targets.
While the struggle to protect the entire enterprise will continue to challenge Chief Information Security Officers (CISOs) for the foreseeable future, whatâs needed now is a way to take a highly specific subset of all systems, the things upon which infrastructure companies most depend, the adversariesâ most desirable targets, off table.
Implications for Critical Infrastructure and National Security
Itâs one thing for a restaurant, a lawn service, or a nail salon to be dependent on digital systems; itâs quite another for some of the most important companies and government organizations in the nation to put themselves in that position. No matter how you define critical infrastructure, be it by sector5 or by critical national function,6 there is far more at stake than the well-being of the organization. In the private sector, downstream dependencies on electricity, water, and communications services often greatly eclipse mainly the economic, military, or societal value of the individual company, its employees, or its investors.
Consider what happens in a local or regional blackout. Almost everything, except whatâs powered by fuel still in the tank, stops in its tracks. Hospitals, military bases, and companies with the wherewithal to have backup power strategies can maintain essential operations for a few days or hours. Cell phones keep working until their batteries are depleted, and cell towers either stop transmitting or run a while longer on backup diesel generators. The macro effects are that offices and houses go dark and production lines stop midstream. More tangible effects are felt when passengers are trapped in elevators, traffic lights blink out, food spoils in warming home and grocery store refrigerators.
Hereâs what ex-Mossad director X Pardo said about victim hopes that governments will come to the rescue if and when cyberattacks create large-scale infrastructure effects:
Faith that governmentsâincluding the U.S.âcan respond to attacks in a timely and effective way may also be misplaced. I just sayâGod forbidâthat on a hot summer day, [after a] cyberattack, pressure [in] the water pipelines in California will drop to zero. Thinking that the federal government will assist, solve the problemâitâs not even a dream.7
Of the 16 critical infrastructure sectors monitored by the Department of Homeland Security (DHS), most rely to a great degree on the reliable functioning of Industrial Control Systems (ICS). And some of those that at first glance donât appear as reliant, like Financial Services, depend heavily on other sectors that do. Many ICS suppliers serve multiple sectors. For example, General Electric turbines propel jetliners and power cities. Caterpillar diesel generators provide emergency backup power to commercial and government facilities as well as to ships and submarines. Whether called ICS, operational technology (OT), or cyber-physical systems, it is thoroughly documented that the technologies that support industrial processes are highly susceptible to exploration and exploitation by parties interested in targeting them.
Goodbye to Full Manual: Automating Critical Infrastructure
It used to be machines did the one or several things they were designed to do, and the principal concerns for owners and operators were about how to operate them safely and keep them running as long as possible with scheduled maintenance. For example, think farm tractors, steam engines, diesel-powered backhoes, and coal-fired power plants. Bad things could happen when some part of them broke down from wear or a material defect, but from todayâs perspective, the upside was that with rare exceptions, they couldnât be made to perform tasks diametrically opposed to what their designers intended. And they especially couldnât be made to perform other tasks by distant humans.
As the saying goes, that was then, this is now. Weâve become quite accustomed to digital machines running the show, in factories and farms, in cockpits, and increasingly, in cars. The âSecond Machine Age,â âIndustry 4.0,â and the âIndustrial Internet of Things (IIoT)â signal a full-on, buzzword-filled embrace of digital automation.8 Unpredictable and error-prone human operators are replaced with programmable and reprogrammable machines that perform tasks much more quickly, efficiently, and without error and require neither paychecks nor benefits. Automationâs business benefits are so clear, and the business case for it is so compelling that economists are warning that despite the likelihood that some jobs are being created to support the advance of automation, an unprecedented wave of job losses in a number of low- and middle- skilled job categories is likely to ensue.9
As human decision-makers are replaced with algorithms, efficiency advantages are offset occasionally by automation-induced catastrophes10 that give some momentary pause. And even though sometimes it initially appears otherwise, the vast majority of these accidents are not the result of malicious bad actors but rather engineering design decisions that took humans so far out of the loop that there was no way for them to take back control when needed. The trend seems unstoppable and largely unnoticed.
Water sector engineering subject matter expert (SME) Daniel Groves sometimes teases his clients into examining their massive dependence on automation by daring them to consider going one full day without it. Hereâs how he describes the typical reactions:
I call it âA Day without SCADA.â Many operators indicate that they are not sure if they could run their systems without SCADA. Over the last few decades, as automation improved in reliability and was designed into all their systems, utilities began cutting back on their operator workforce. For example, a 50 million gallons per day (MGD) water treatment facility without SCADA may have had up to 3 full time operators 24 hours per day. After automation was implemented, these facilities may be operated by the SCADA system with oversight from a remote location, with only one operator and maintenance staff on hand during the day shift only. In this âleanâ configuration of staffing, if the SCADA system suddenly became unavailable, they could keep things running by relying on on-call staff and required overtime, or even perhaps mutual aid from a nearby utility. However, the load on their staff would become unbearable if the outage dragged on for days and weeks.Other utilities have indicated that they have a regularly scheduled âDay without SCADAâ as an operations activity at least annually. Management views these exercises as excellent training opportunities to verify that operators know how to run the plants in a manual fashion. However, these utilities indicate that running these exercises are a significant burden that no one looks forward to and can create operational issues.Another key element in the equation are vendor systems. Many vendor systems (Reverse Osmosis, for example) are very complex and are not designed to be run without the automation. Several water utility operators have indicated that ...