fbpx

Consequence-driven Cyber-informed Engineering (CCE) is a methodology focused on securing the nation’s critical infrastructure (CI) systems. Developed at Idaho National Laboratory, CCE begins with the assumption that if CI is targeted by a skilled and determined adversary, the targeted operation can–and will–be sabotaged.

This methodology provides CI owners, operators, vendors and manufacturers with a more focused bottom line approach to:

  • Determine most critical functions
  • Evaluate complex systems
  • Identify methods an adversary could use to compromise the critical functions
  • Apply proven engineering, protection, and mitigation strategies to isolate and protect an industry’s most critical assets

CCE Methodology

Phase 1. Consequence Prioritization

Phase 2. System-of-Systems Analysis

Phase 3. Consequence-Based Targeting

Phase 4. Mitigations and Protections

Additional Resources

Case Study: Stinky Cheese Company

Tier 1 Engagement

Tier 1 vs. Tier 2 Engagement

CCE Fact Sheet

Phases 1-4 Compiled Reference Document

Safeguarding Critical Infrastructure Systems

CCE provides a four-step process for safeguarding critical infrastructure operations:

CCE Process   scaled

Additional resource documents for each of these phases follow in the pages below.

Phase 1. Consequence Prioritization

Identify functions that must not fail and associated events that would trigger failure of those critical functions. Proceed with events that possess the greatest potential impact.

Methodology Process  A

Phase 2. System-of-Systems Analysis

Identify, collect, and organize all information regarding critical systems involved in the Phase 1 events.

 

Methodology Process

Phase 3. Consequence-Based Targeting

Develop scenarios to determine paths, targets, access, and information an adversary would need to achieve the events.

 

Methodology Process

Phase 4. Mitigations and Protections

Develop mitigations and protections to prevent, limit, respond to and recover from an adversary carrying out the scenarios developed.

 

Methodology Process

Case Study: Stinky Cheese Company

This is sample case study of the CCE methodology applied to a fictional industrial infrastructure.

Stinky Cheese Case Study INL EXT   Rev  published pdf image

Tier 1 Engagement

CCE is a structured method that outlines an attacker’s approach to cyber-enabled sabotage and delivers specific engineering solutions—not just cyber controls—to design-out cyber risk from critical operations.

CCE FactSheets Tier Engagement    pdf image

Tier 1 vs. Tier 2 Engagement

CCE FactSheets TiervsTier    pdf image

CCE Fact Sheet

An overview Fact Sheet on the CCE Program:

Consequence-driven Cyber-informed Engineering_Fact-Sheet

Phases 1-4 Compiled Reference Document

This is compiled document of all four phases of the CCE Methodology Process listed above.

CCE Phase  Reference Document INL EXT   published pdf image

nhs Methodology

Publications

Countering Cyber Sabotage: CCE Book

Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

CCE Mission Support Center Concept Paper

The Need for Cyber-informed Engineering Expertise for Nuclear Research Reactors

Presentations

MRO Power Meeting - Intro to CCE

RSA Conf - Engineering Out the Cyber-Risk...

S4 - Consequence-based ICS Risk...

Training

CCE ACCELERATE Training

Workforce Development Training

Partner Training

Sharing Actionable Resources

In this section we have listed supporting papers and presentations to the CCE Methodology. In addition, there is supplemental information on the various engagements and training that the CCE program team supports.

iStock  scaled

 

 

Countering Cyber Sabotage: CCE Book

INL Authors: Andrew Bochman and Sarah Freeman

Countering Cyber Sabotage, a CCE BookCountering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes.

Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable.

Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

Mission Support Center Analysis Report, INL

cyber threatThis paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks, the likelihood of cyber attacks, and the impacts cyber events and threat actors can achieve on the power grid. In addition, this paper highlights utility perspectives, perceived challenges, and requests for assistance in addressing cyber threats to the electric sector.

 

CCE Mission Support Center Concept Paper

Mission Support Center Concept Report, INL

CCECCE participants are encouraged to work collaboratively with each other and with key U.S. Government (USG) contributors to establish a coalition, maximizing the positive effect of lessons-learned and further contributing to the protection of critical infrastructure and other national assets.

 

The Need for Cyber-informed Engineering Expertise for Nuclear Research Reactors

International Conference on Research Reactors: Safe Management and Effective Utilization, 2015

need for cyber informed engineeringThis paper examines the need for cyber-informed engineering practices that encompass the entire engineering life cycle. Cyber-informed engineering, as referenced in this paper, is the inclusion of cybersecurity into the engineering process. This paper addresses several attributes of this process and the long-term goal of developing additional cyber-safety basis analysis and trust principles. With a culture of free information-sharing exchanges, and potentially a lack of security expertise, new risk analysis and design methodologies need to be developed to address this rapidly evolving (cyber) threatscape.

 

MRO Power Meeting - Intro to CCE

Midwest Reliability Organization Power Meeting, October 7, 2020
Andrew Bochman, Senior Grid Strategist, National and Homeland Security INL discusses INL’s engineering-based method for blocking or disrupting highest consequence attacks from top tier cyber adversaries.

Midwest Reliability Organization meetings: CCE presentation

RSA Conf - Engineering Out the Cyber-Risk...

RSA Conference 2019
Presenters: Virginia Wright and Andrew Bochman

It is dawning on critical infrastructure operators that even the best cyber-hygiene—the sum total of all we now do in cybersecurity—cannot be counted on to keep well-resourced attackers from touching their most critical processes and the systems that support them. This talk will introduce a new approach that draws from engineering first principals to take the highest value targets off the table.

RSAconf

S4 - Consequence-based ICS Risk...

S4 January 2019
Dale talks with Andy Bochman about the Consequence-Driven, Cyber-Informed Engineering (CCE) and John Cusimano about CyberPHA’s and  lowering the maximum impact of a successful attack.

CCE NewsMedia image

CCE ACCELERATE Training

CCE FactSheets ACCELERATE    pdf imageAccelerate Training provides participants with a fundamental knowledge of the CCE methodology focused on securing the nation’s critical infrastructure systems. Participants should be critical infrastructure owners, operators, vendors, and manufacturers.

To schedule training, please contact:
cce@inl.gov

 

Workforce Development Training

CCE FactSheets WFD    pdf imageINL’s Workforce Development Training is designed to provide in-depth, team based training for select individuals who will help guide Tier 1 partners in the execution of a CCE engagement. Training participants are chosen based on skill set, trained to become CCE methodology and process experts, and then further hone their CCE skills through on-the-job engagement training.

 

Partner Training

CCE FactSheets PartnerTraining    pdf imagePartner Training is designed to provide an in-depth, team-based training for select individuals who will participate in the execution of a Tier 1 engagement. It includes 16 hours of training on the CCE methodology, plus a detailed student guide and templates participants can reference throughout the engagement.

 

nhs Methodology

Contacts

CCE Program Manager

Rob Smith

Phone: 208-526-3881

Send a Message

CCE Technical Advisor

Curtis St. Michel

Phone: 208-526-7064

Send a Message

Senior Grid Specialistt

Andy Bochman

Phone: 781-962-6845

Send a Message

CCE Team

CCE Team

Phone: 208-526-5545

Send a Message