OT/ICS Security – Consequence-driven Cyber-informed Engineering (CCE)

In another reference to WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, you may recall this topic being discussed at #6 Install Independent Cyber-Physical Safety Systems. Consequence-driven Cyber-informed Engineering (CCE) is an advanced topic for critical infrastructure organizations, but one that shouldn’t be overlooked. In a nutshell, CCE is about imagining the worst consequence a cyber threat actor can affect and creating a non-cyber/physical mitigation to reduce the likelihood of a resultant catastrophe occurring. In this post, industry veteran Dale Peterson talks to leading INL developers of the CCE methodology about CCE and their new book, Countering Cyber Sabotage. I (Jennifer Lyn Walker) have already bought the book. For anyone who has been doing industrial cybersecurity for awhile, you will surely appreciate the foreword by Michael J. Assante, along with the moving explanation of how the foreword came about two and a half weeks prior to Michael’s passing. Read more at Dale-Peterson.