INL researchers publish cybersecurity playbook
IDAHO FALLS, Idaho (KIFI) - While cybersecurity is serious business, it's methods are similar to winning a football game. Idaho National Laboratory cybersecurity researchers, Andy Bochman and Sarah Freeman, have published a new book to help train employees at public utilities to recognize cybersecurity vulnerabilities and develop measures to defend their networks from increasingly sophisticated cyberattacks.
"If you're the coach of the Tampa Bay Buccaneers or the Kansas City Chiefs… and you're studying tape… you're spending so much time learning about the offense of the other team. What are their strengths and weaknesses and which methods have they used successfully in the past." Bochman said. "You don't just hope that you have good defense. You get down and dirty and make sure you know the offense inside and out."
The United States is definitely overdue for beefing up its infrastructure's defense. Critical infrastructure systems such as electric power grids, oil and natural gas refineries and water treatment facilities, were developed in the pre-internet era. This makes them vulnerable to cyberattacks ranging from ransomware threats to significant service disruptions.
"If you don't have stable power… things like transportation of goods across the country, tracking materials, ordering things on Amazon and having working bank accounts, all of these things are dependent on having a stable and consistent delivery of power," said Freeman.
INL developed and pioneered a think-like-the-adversary cybersecurity approach called Consequence-driven, Cyber-informed Engineering (CCE).
"If you talk to cyber security professionals, they'll describe blue team and red team dynamics. If you want to be proactive in training your cybersecurity posture, it's really important that you not limit yourself to that traditional blue approach," said Freeman. "So we're trying to introduce some of the concepts that better describe how the adversary is looking at the problem so that the organizations we're working with can apply that same logic."
Instead of relying on traditional protection strategies like intrusion detection software or additional firewalls, INL's cybersecurity approach uses engineering design principles to prevent top tier cyberattackers from damaging or disrupting utilities' most essential operations.
INL developed the CCE method over the last decade in consultation with leading government, industry and academic researchers. Beginning in 2018, Congress and the Department of Energy Office of Cybersecurity, Energy Security and Emergency Response provided INL with $20 million in funding to further develop the method. Additional support has come from the Department of Homeland Security and the Department of Defense.
Published by Taylor and Francis Group, a portion of the book can be previewed online.