homepage
Open menu
Contact Sales

CCE INLs New Approach to Securing Critical Industrial Infrastructure

  • Tuesday, 02 Oct 2018 3:30PM EDT (02 Oct 2018 19:30 UTC)
  • Speakers: Phil Neray, Andy Bochman

"If you're a critical infrastructure provider, you will be targeted. And if you are targeted, you will be compromised."

Join Andy Bochman, Senior Grid Strategist for National & Homeland Security at the Idaho National Laboratory (INL), as he describes a radical new methodology for securing critical systems.

Called consequence-driven cyber-informed engineering (CCE), INL's new approach consists of four key steps:

1.- Identify Your 'Crown Jewel ' Processes - Critical functions or processes whose failure would be so damaging that it would threaten your company's very survival. 'An example would be a targeted attack on the safety systems in a chemical plant or oil refinery that would result in a catastrophic safety and environmental incident.

2.- Map the Digital Terrain - Map all the digital pathways that would be exploited by adversaries to compromise your "must not fail" processes. This includes all the assets, communication paths, vulnerabilities, and supporting people and processes (including 3rd-party suppliers) involved in causing a high-consequence event.

3.- Illuminate the Likely Attack Paths - Identify the most likely paths attackers would take to reach the targets identified in step 1, ranked by degree of difficulty.

4.- Generate Options for Mitigation and Protection - Identify and prioritize options for engineering-out highest-consequence cyber risks. For example, by minimizing the number of pathways to your most critical assets, you can make it easier for your team of network defenders to quickly detect and respond to abnormal traffic. But it can also include adopting low-tech backstops such as inserting trusted people into critical processes.

Phil Neray, CyberX's VP of Industrial Cybersecurity, will also discuss how a modern OT cybersecurity platform can provide new visibility into your digital terrain, prediction of the most likely attack vectors, and a spectrum of mitigation and protection options for reducing key risks to your company's most critical functions.

Login to Register

Related Content

Blog
Quest_to_Summit_340x340.png
Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting
The Quest to Summit | SANS ICS Security Summit 2024
Register for the ICS Security Summit to be able to participate in The Quest to Summit and win big prizes.
370x370_Tim-Conway.jpg
Tim Conway
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
ICS_-_Blog_-_Enhancing_Operational_Resilience_in_OT_-_340_x_340.jpg
Industrial Control Systems Security
Enhancing Operational Resilience in OT
OT/ICS owners and operators must remain agile when deciding where and how to deploy cybersecurity.
370x370_jason-dely.jpg
Jason Dely
read more