Kooperativer Bibliotheksverbund

UID:

Umfang: 1 online resource (xxxvii, 276 pages) : , illustrations (chiefly color), color map

ISBN: 9781000292916 , 1000292916 , 1000292975 , 9781000292947 , 1000292940 , 9781003130826 , 1003130828 , 9781000292978

Inhalt: Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) introduces a new methodology to help critical infrastructure owners, operators and their security practitioners make demonstrable improvements in securing their most important functions and processes. Current best practice approaches to cyber defense struggle to stop targeted attackers from creating potentially catastrophic results. From a national security perspective, it is not just the damage to the military, the economy, or essential critical infrastructure companies that is a concern. It is the cumulative, downstream effects from potential regional blackouts, military mission kills, transportation stoppages, water delivery or treatment issues, and so on. CCE is a validation that engineering first principles can be applied to the most important cybersecurity challenges and in so doing, protect organizations in ways current approaches do not. The most pressing threat is cyber-enabled sabotage, and CCE begins with the assumption that well-resourced, adaptive adversaries are already in and have been for some time, undetected and perhaps undetectable. Chapter 1 recaps the current and near-future states of digital technologies in critical infrastructure and the implications of our near-total dependence on them. Chapters 2 and 3 describe the origins of the methodology and set the stage for the more in-depth examination that follows. Chapter 4 describes how to prepare for an engagement, and chapters 5-8 address each of the four phases. The CCE phase chapters take the reader on a more granular walkthrough of the methodology with examples from the field, phase objectives, and the steps to take in each phase. Concluding chapter 9 covers training options and looks towards a future where these concepts are scaled more broadly.

Weitere Ausg.: Print version: ISBN 9780367491154

Sprache: Englisch

Schlagwort(e): Electronic books.

URL: https://www.taylorfrancis.com/books/9781003130826

URL: lizenzpflichtig

UID:

Umfang: 1 online resource (315 pages)

ISBN: 9781000292916

Anmerkung: Description based on publisher supplied metadata and other sources , Cover -- Half Title -- Title Page -- Copyright Page -- Table of contents -- Preface -- Introduction -- Origins -- A Few Words on Sabotage -- Sabotage, Surveillance, and Supply Chain Risk -- Notes -- 1 Running to Stand Still and Still Falling Behind -- "I Can Deal with Disruption -- I Can't Handle Destruction" -- Implications for Critical Infrastructure and National Security -- Goodbye to Full Manual: Automating Critical Infrastructure -- What It Means to be a Full Digitally Dependent in an Insecure-by-Design World -- Race to the Bottom -- Insecure-by-Design -- A Strategy Based on Hope and Hygiene -- The Hollow Promise of Cyber-insurance -- Experts Speak Out on Hygiene -- The Most Optimistic Take -- Declining (or Unknowable) Returns on Increasing Security Investments -- A Deep Ocean of Security Solutions -- Don't Stop Now -- Congress Asks a Good Question -- Thoughts and Questions -- Notes -- 2 Restoring Trust: Cyber-Informed Engineering -- Software Has Changed Engineering -- INL and Engineering -- Engineers Still Trust the Trust Model -- Unverified Trust -- Trusting What Works: CIE in Detail -- Security as a Co-equal Value to Safety -- Failure Mode, Near Misses, and Sabotage -- Failure Mode and Effects Analysis -- Inter-chapter Transition Thoughts and Questions -- Notes -- 3 Beyond Hope and Hygiene: Introducing Consequence-Driven, Cyber-Informed Engineering -- Safety First in Idaho -- Failure Mode Analysis, Misuse, and Mis-operation -- Origins in Idaho and Elsewhere -- CCE from a Threat Perspective -- The USG Is Using CCE to Better Secure National Critical Functions (NCFs) -- CCE to Secure the Rest of Critical Infrastructure -- Methodology Hacking and Calculating Risk -- True Intent: Company-Wide Conversion -- Transitioning to a Closer Look at CCE -- Notes -- 4 Pre-engagement Preparation -- Objectives of Pre-engagement Preparation , Pre-engagement Preparation Walkthrough -- Establish the Need -- Scoping and Agreements -- Data Protection -- Open-Source Research -- Refine Initial Taxonomy and Determine Knowledge Base Requirements -- Taxonomy and Knowledge Base -- Form and Train Execution Teams -- Transitioning to Phase 1 -- 5 Phase 1: Consequence Prioritization -- Objective of Phase 1 -- Killing Your Company-Investigating Potential HCEs -- Phase 1 Walkthrough -- Getting Started with Assumptions and Boundaries -- High-Consequence Event Scoring Criteria -- Event Development -- Criteria Weighting and Event Scoring -- HCE Validation -- The (Reasonable) Resistance -- The CIO -- The CISO -- Operators and Engineers -- Sequencing and Key Participants -- Entity-Side -- The CCE Team -- Preparing for Phase 2 -- Notes -- 6 Phase 2: System-of-Systems Analysis -- Objectives -- Mapping the Playing Field -- Phase 2 Walkthrough -- Translating HCEs into Block Diagrams -- Begin Building the Functional Data Repository -- High-level Functional Sketch Example-An Industrial Compressor -- Data Collection Efforts -- Data Categories -- Subject Matter Experts Interviews -- Open-source Info Resources -- Other Non-internal Sources -- Pursuing the "Perfect Knowledge" View -- Populating the Functional Taxonomy -- Constructing Detailed Functional Diagrams: The Case for a Model-based Approach -- Preparing for Phase 3 -- Notes -- 7 Phase 3: Consequence-Based Targeting -- Phase 3 Objectives -- Becoming Your Worst (and Best) Enemy -- Cyber Kill Chains -- Kill Chain Origins -- The CCE Cyber Kill Chain9 -- Phase 3 Team Roles -- Targeter -- Subject Matter Experts -- Analysts -- The Intelligence Community (IC) -- Phase 3 Walkthrough -- Develop Scenario Concept of Operations (CONOPS) for Each HCE -- Determining Attack Scenarios -- Defining a Technical Approach (i.e., the ICS Payload Requirements) -- Define Target Details , Access Pathway -- Critical Information Needs -- Development of the Payload -- Deployment of the Payload -- Deliver CONOPS and Iterate with SMEs -- Eliminating HCEs -- Validating Details -- Attack Scenario Complexity and Confidence -- Present CONOPS to C-Suite -- Threat Intelligence from Different Sources -- Preparing for Phase 4 -- Notes -- 8 Phase 4: Mitigations and Protections -- Phase 4 Objectives -- Taking Targets Off the Table -- Phase 4 Walkthrough -- Identifying Gaps in Expertise -- Develop and Prioritize Mitigation Options -- Prioritize Mitigations -- Validate Mitigations -- Present and Validate Mitigations with Entity SMEs -- Brainstorming Additional Mitigation Options -- Present Recommendations to C-Suite -- Develop Adversary Tripwires (NCF Engagements Only) -- A Longer Look at Non-digital Mitigations -- Humans Back in the Loop -- Revisiting Phase 1's Next-Worst HCEs -- Codifying CCE's Learnings in Policy -- Notes -- 9 CCE Futures: Training, Tools, and What Comes Next -- CCE Training Options -- ACCELERATE Workshops -- CCE Team Training -- CCE Tool Suites and Checklists -- Tools -- Checklists -- A More Inherently Secure Critical Infrastructure -- Certification and Scaling via Partners -- Ensuring Cybersecurity for Safety -- Policy Prognostications -- Emerging Technology Only Elevate CCE's Importance -- Injecting Cyber into Engineering Curricula -- Last Word -- Notes -- Acknowledgments -- Glossary -- Appendix A: CCE Case Study -- Appendix B: CCE Phase Checklists -- Index

Weitere Ausg.: Erscheint auch als Druck-Ausgabe Bochman, Andrew A. Countering Cyber Sabotage Milton : Taylor & Francis Group,c2021 ISBN 9780367491154

Sprache: Englisch

UID:

ISSN: 0742-051X

In: Teaching and teacher education, Amsterdam [u.a.] : Elsevier, 1985, 67(2017) vom: Okt., Seite 410-417, 0742-051X

In: volume:67

In: year:2017

In: month:10

In: pages:410-417

Sprache: Englisch

Mehr zum Autor: Berger, Priscila