Critical infrastructure
Industries
News
Utilities: Energy & Power, Water, Waste

1898 & Co. partners with INL to focus on consequence-driven, cyber-informed engineering technique

August 26, 2021
cyber informed engineering

Industrial cybersecurity company 1898 & Co. has teamed with the Idaho National Laboratory (INL) to apply a consequence-driven, cyber-informed engineering discipline developed and pioneered by the laboratory. These initiatives are supported by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) in the U.S. Department of Energy.

The alliance between 1898 & Co. and INL is focused on expanding the consequence-driven, cyber-informed engineering across the ICS (industrial control systems) cybersecurity community, with the national laboratory focusing primarily on the public sector, and 1898 & Co. on the private sector while delivering support in the public sector as needed. 

Developed at INL, the consequence-driven cyber-informed engineering technique is focused on securing the nation’s critical infrastructure systems. It begins with the assumption that if critical infrastructure is targeted by a skilled and determined adversary, the targeted operation can, and will be sabotaged.

The methodology provides critical infrastructure owners, operators, vendors, and manufacturers with a more focused bottom-line approach to determining critical functions, identifying methods an adversary could use to compromise the critical functions, evaluating complex systems, and applying proven engineering, protection, and mitigation strategies to isolate and protect an industry’s critical assets. 

The consequence-driven, cyber-informed engineering procedure is about imagining the worst consequence a cyber attacker can affect and creating a non-cyber/physical mitigation to reduce the likelihood of a resultant catastrophe occurring. 

“Consequence-driven, cyber-informed engineering enhances risk assessment for cybersecurity by combining first-principles thinking with engineering ingenuity,” said Zach Tudor, INL associate laboratory director, said in a media statement. “It’s a concept we have developed and improved over the last decade in engagements with major utilities and defense establishments, and we are excited to partner with Burns & McDonnell and 1898 & Co. to offer it to more organizations.” 

“While there are no guarantees when it comes to critical infrastructure cybersecurity, 1898 & Co. clients who implement CCE for their most critical assets will have additional safeguards in the form of engineering changes and process improvements that limit the damage an attacker can do once inside,” Matt Morris, managing director for 1898 & Co. “At the end of the day, CCE’s ability to temper the size and scale of cyber-sabotage provides a level of certainty CISOs and boards sorely need.”

The INL is a U.S. Department of Energy national laboratory that works to meet the DOE’s goals of energy, national security, and science and environment, while CESER works towards improving the security of U.S. critical energy infrastructure to all hazards, mitigate the impacts of disruptive events and risk to the sector overall through preparedness and innovation, and respond to and facilitate recovery from energy disruptions in collaboration with other federal agencies, private sector, and state, local, tribal, and territory (SLTT) governments.

“1898 & Co. plans to scale the CCE discipline to critical infrastructure asset owners globally,” according to Morris. “A common theme with the majority of the CISOs I am connecting with is that they are desperately searching for a level of certainty when conversing with their respective boards regarding risk to the business. Prior to the development of CCE, the best answer we had was to implement a series of controls and to maintain those on a frequent basis,” he added.

Last week, Dragos and 1898 & Co. announced the expansion of the 1898 & Co. Managed Threat Detection and Response managed security service into the smart manufacturing space. The combination of 1898 & Co. consulting services and improved visibility, monitoring, detection and situational awareness enabled by the Dragos Platform delivers the capability for critical infrastructure companies concerned with the evolving threat landscape and the resulting risks to their organizations. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market