Andy Bochman is the Senior Grid Strategist for Idaho National Laboratory's National and Homeland Security directorate. In this role, Mr. Bochman provides strategic guidance on topics at the intersection of grid security and resilience to INL leadership as well as senior US and international government and industry leaders. A frequent speaker, writer, and trainer, Mr. Bochman has provided analysis on electric grid and energy sector infrastructure security actions, standards, and gaps to the Department of Energy, Department of Defense, Federal Energy Regulatory Commission (FERC), North American Electric Reliability Corporation (NERC), National Institute of Standards and Technology (NIST), National Association of Regulatory Utility Commissioners (NARUC), the Electricity Subsector Coordinating Council (ESCC), and most of the US state utility commissions. Teaming with DOE, NARUC, USAID, and international partners, he has cyber-trained grid operators, and is a cybersecurity subject matter expert listed with the US State Department Speakers Bureau. Mr. Bochman has testifi ed before the US Senate Energy and Natural Resources Committee on energy infrastructure cybersecurity issues and before FERC on the security readiness of smart grid cybersecurity standards. He has also held recurring conversations on grid security matters with the Senate Select Committee on Intelligence (SSCI) and the National Security Council (NSC). Prior to joining INL, he was the Global Energy & Utilities Security Lead at IBM and a Senior Advisor at the Chertoff Group in Washington, DC. Mr. Bochman earned a Bachelor of Science degree from the US Air Force Academy and a Master of Arts degree from the Harvard University Extension School.

Sarah Freeman is an Industrial Control Systems (ICS) cyber security analyst at Idaho National Laboratory (INL), where she provides US government partners and private sector entities with actionable cyber threat intelligence, developing innovative security solutions for the critical infrastructure within the US. At Idaho National Laboratory, Ms. Freeman pursues innovative threat analysis and cyber defense approaches, most recently Consequence driven Cyber-informed Engineering (CCE). As Principle Investigator on a laboratory discretionary research, her current research is focused on new signatures and structured methods for cyber adversary characterization. Following the December 2015 electric grid attacks, Ms. Freeman participated in the DOE-sponsored training for Ukrainian asset owners in May 2016. She has also researched the Ukrainian 2015 and 2016 cyber-attacks and the Trisis/Hatman incident. Ms. Freeman earned a Bachelor of Arts from Grinnell College and a Master's in Security and Intelligence Studies from the University of Pittsburgh.

CONTENTS

Foreword by Michael J. Assante xi

Preface xxi

Author Bio xxix

Introduction xxxi

1 Running to Stand Still and Still Falling Behind 1

2 Restoring Trust: Cyber- Informed Engineering 29

3 Beyond Hope and Hygiene: Introducing Consequence-

Driven Cyber- Informed Engineering 57

4 Pre- engagement Preparation 77

5 Phase 1: Consequence Prioritization 87

6 Phase 2: System- of- Systems Analysis 105

7 Phase 3: Consequence- Based Targeting 123

8 Phase 4: Mitigations and Protections 141

9 CCE Futures: Training, Tools, and What Comes Next 165

Acknowledgments 181

Glossary 185

Appendix A CCE Case Study: Baltavia Substation Power Outage 199

Appendix B CCE Phase Checklists 259

Index 270