SANS Stay Sharp - Live Online: Quickly sharpen your skills with 1-3 day blue team courses. Save 25% thru Oct 14.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

CCE ó INLís New Approach to Securing Critical Industrial Infrastructure

  • Tuesday, October 02, 2018 at 3:30 PM EDT (2018-10-02 19:30:00 UTC)
  • Andy Bochman, Phil Neray


  • CyberX

You can now attend the webcast using your mobile device!



"If you're a critical infrastructure provider, you will be targeted. And if you are targeted, you will be compromised."

Join Andy Bochman, Senior Grid Strategist for National & Homeland Security at the Idaho National Laboratory (INL), as he describes a radical new methodology for securing critical systems.

Called consequence-driven cyber-informed engineering (CCE), INLs new approach consists of four key steps:

1.††††††Identify Your Crown Jewel Processes - Critical functions or processes whose failure would be so damaging that it would threaten your companys very survival.†An example would be a targeted attack on the safety systems in a chemical plant or oil refinery that would result in a catastrophic safety and environmental incident.

2.††††††Map the Digital Terrain - Map all the digital pathways that would be exploited by adversaries to compromise your "must not fail" processes. This includes all the assets, communication paths, vulnerabilities, and supporting people and processes (including 3rd-party suppliers) involved in causing a high-consequence event.

3.††††††Illuminate the Likely Attack Paths - Identify the most likely paths attackers would take to reach the targets identified in step 1, ranked by degree of difficulty.

4.††††††Generate Options for Mitigation and Protection - Identify and prioritize options for engineering-out highest-consequence cyber risks. For example, by minimizing the number of pathways to your most critical assets, you can make it easier for your team of network defenders to quickly detect and respond to abnormal traffic. But it can also include adopting low-tech backstops such as inserting trusted people into critical processes.

Phil Neray, CyberX's VP of Industrial Cybersecurity, will also discuss how a modern OT cybersecurity platform can provide new visibility into your digital terrain, prediction of the most likely attack vectors, and a spectrum of mitigation and protection options for reducing key risks to your companys most critical functions.

Speaker Bios

Andy Bochman

Andy Bochman is the Senior Grid Strategist at the Idaho National Lab. He provides strategic guidance on topics at the intersection of critical infrastructure security and resilience to senior U.S. and international government and industry leaders. His career began with the US Air Force, and before joining INL, was in several cybersecurity start-ups, was Global Energy & Utilities Security Lead at IBM, and a Senior Advisor at the Chertoff Group in Washington, DC. A member of the global advisory board for the Control Systems Cyber Security Association International (CS2AI), Mr. Bochman is on the advisory committee to the SANS security training institute and a cybersecurity subject matter expert listed with the U.S. State Department Speakers Bureau. In 2018 his publications include "The Missing Chief Security Officer" (CXO) and "Internet Insecurity: the Brutal Truth" (HBR), and "Supply Chain in the Software Era" (Atlantic Council).

Phil Neray

Phil Neray is VP of IoT & Industrial Cybersecurity for CyberX, a Microsoft company†founded by blue-team experts with a track record of defending critical national infrastructure. Prior to CyberX, Phil held executive roles at IBM Security/Q1 Labs, Symantec, Veracode, and Guardium. Phil began his career as an engineer with Hydro-Quebec and as a Schlumberger engineer on oil rigs in South America. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a First-Degree Black Belt in American Jiu Jitsu.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.