"The coronavirus pandemic has demonstrated just how important digital networks are to Americans professional and personal livesand hammered home the importance of preparing for worst-case scenario. The team at Idaho National Lab understands the stakes and have laid out steps we can take to protect our critical infrastructure from attacks. These clear-eyed, valuable insights should inform policymakers as we expand our efforts to increase Americas cyber capabilities."
Angus S. King, Senator, I-Maine, and Co-Chairman of the Cyberspace Solarium Commission
"Defending the United States critical control systems is one of the most pressing national security challenges of our time. The Idaho National Lab is the unquestioned leader in critical infrastructure protection and Mr. Bochman and Ms. Freeman, key players in INLs efforts, have captured the essence and detail of the labs philosophy in this timely book. INLs consequence-driven cyber-informed engineering (CCE) approach of simplifying and isolating our most critical systems to limit paths to attack is the foundation of our national efforts to secure our control systems. Anyone looking to understand the future of cybersecurity and critical infrastructure protection should start right here."
Senator Jim Risch, Chairman of the Senate Foreign Relations Committee and member of the Intelligence and Energy & Natural Resource Committees
"CCE-founder Mike Assante sparked my interest in cybersecurity more than a decade ago, and he helped me understand how we can better secure the operational technology underlying our daily lives. He was taken from us at far too young an age, but I am excited that his wisdom and philosophy of building security into engineering processes are captured in this book and will continue to aid our nation for years to come."
Congressman Jim Langevin, U.S. Representative for Rhode Island's 2nd Congressional District
"This book is an invaluable resource for the electric power industry, its complex supply-chains, and those charged with better protecting all of it. At its core, CCE is really about keeping operations going no matter what adversary nations or hostile groups have up their sleeves. By protecting what matters most, this methodology is very good news for critical infrastructure organizations, for the continuity of the economy, and for the safety and security of our nation."
Tom Fanning, CEO, Southern Co.
"Engineering software without cyber security is like launching space vehicles without shielding from radiation. Nonetheless, cyber insecurity abounds everywhere we look. This book, climaxing in a compelling hypothetical case study, shows how we can, and must, do bettermuch better."
Richard Danzig, former Secretary of the Navy
"INLs Countering Cyber Sabotage is the seminal and game-changing textbook of our time aimed at assuring the resiliency of our fragile Industrial Control Systems and Operational Technologies. This book marks the beginning of the end of operators being overwhelmed by the vast potential cyber threats to our ICS and OT. Government, Military, Academia, and Private Sector can move out TODAY on implementing CCE based the proven processes described in this book. Colleges must incorporate this knowledge into every engineering program to prepare our future engineers. The work is also a wonderful tribute to Mike Assante and the entire INL team. Well Done!"
Vice Admiral Janet Tighe, US Navy (Retired), Former Commander of Fleet Cyber Command
"INL is already well underway conducting and coordinating the most challenging ICS security work for the nation with DOE, DOD, DHS, and industry. And Andy and Sarahs CCE book, as well as CCE engagementcompleted, underway, and coming upare the clearest evidence yet that the labs experts are a if not the leading force for improving cyber protection of the nations critical infrastructure."
Paul Stockton, former Assistant Secretary of Defense for Mission Assurance
"As someone charged with improving critical infrastructure cybersecurity in the states of Colorado and California, the Department of Homeland Security, and the entire bulk power system at the North American Reliability Corporation, its impossible for me to adequately describe my friendship with Mike Assante, and perhaps more importantly, his role in my career. Mike was an indispensable voice post-9/11, evolving our national thinking on what needed protecting most, and then on how to move the country from glaring cyber vulnerabilities circa 2002. Following Stuxnet in 2010, and then to our much improved (if far from perfect) security posture in 2020, he was personally responsible for much of the progress our nation has made over the past 20 years. While Mike authored numerous influential articles and papers, Countering Cyber Sabotage captures his role in the development of the CCE methodology and the entirety of his vision that will enlighten everyone who reads it."
Mark Weatherford, Chief Strategy Officer at the National Cybersecurity Center. Former Deputy Under Secretary for Cybersecurity at DHS and Chief Security Officer at NERC
"In a clear, concise, readable manner, Bochman and Freeman's new book explores how to build cyber resilience into the critical infrastructure upon which our country's prosperity and security depend. They deconstruct the dangers of a mindset where hope and unverified trust remain central elements to cybersecurity and how to replace that faulty premise with a more logical and quantifiable process. Consequence-Driven Cyber-Informed Engineering (CCE), as explained in this book and operationalized in practice at Idaho National Lab, must become a key feature of cybersecurity if we are serious about countering cyber sabotage."
Samantha F. Ravich, Ph.D., Commissioner, Cyber Solarium Commission and Chair of the Center for Cyber and Technology Innovation.
"A state of security is the absence of unmitigable surprise; hence the pinnacle goal of security design is no silent failure, but complexity obscures interdependence and, thereby, abets silent failure. Only first principles engineering grounded in simplicity can erase the structural advantage offense otherwise enjoys; AI algorithms only makes it worsereducing workload when the workload is low and increasing it when the workload is high. Mike Assante knew all that, and more."
Dan Geer, Senior Fellow at In-Q-Tel (& a security researcher with a quantitative bent)
"Bochman and Freeman have written an incredibly important book on a serious topic in a manner that is engaging and disarming to readers. It is required reading for consultants and engineers designing critical infrastructure. I also appreciate that time and effort the authors spent to bring the principles and ideas Mike Assante to light. He played an important role in my decision to join NERC through his transparent and diligent focus on uncovering facts that helped bring about regulatory certainty and clarity which were traits I attempted to emulate."
Tobias Whitney, former Senior Manager of Critical Infrastructure Protection at the North American Electric Reliability Corporation (NERC).
"The massive pressure to increase automation of critical assets in water and other sectors suggests, driven by promises of optimization and cost savings, many are willing to also accept additional operational uncertainty. While the benefits are real, the downsides of this rapid transition are the potential loss of self-sufficiency and an increased dependency on ever more complex systems. CCE offers a means to more fully examine the cyber risk domain and enable owner/operators to ensure mission continuity. That is, after all, the expectation of the public served by the water sector, a national critical function and essential lifeline sector."
Kevin Morley, PhD, The American Water and Wastewater Association (AWWA)
"This book goes to the heart of the international cybersecurity threat to design a defense for critical parts of the nations energy infrastructure that cannot be lost."
Peter Behr, E&E News
"With Countering Cyber Sabotage, Bochman and Freeman masterfully present a brilliant new methodology for defending critical infrastructure against the next generation of cyber threats. As someone who is focused on thinking the unthinkable and bringing it to life through fiction, it is reassuring to know this book will become an essential resource for those protecting the nation's defense systems and critical infrastructure against future worst-case scenarios."
August Cole, author of Ghost Fleet and Burn-In "The coronavirus pandemic has demonstrated just how important digital networks are to Americans professional and personal livesand hammered home the importance of preparing for worst-case scenario. The team at Idaho National Lab understands the stakes and have laid out steps we can take to protect our critical infrastructure from attacks. These clear-eyed, valuable insights should inform policymakers as we expand our efforts to increase Americas cyber capabilities."
Angus S. King, Senator, I-Maine, and Co-Chairman of the Cyberspace Solarium Commission
"Defending the United States critical control systems is one of the most pressing national security challenges of our time. The Idaho National Lab is the unquestioned leader in critical infrastructure protection and Mr. Bochman and Ms. Freeman, key players in INLs efforts, have captured the essence and detail of the labs philosophy in this timely book. INLs consequence-driven cyber-informed engineering (CCE) approach of simplifying and isolating our most critical systems to limit paths to attack is the foundation of our national efforts to secure our control systems. Anyone looking to understand the future of cybersecurity and critical infrastructure protection should start right here."
Senator Jim Risch, Chairman of the Senate Foreign Relations Committee and member of the Intelligence and Energy & Natural Resource Committees
"CCE-founder Mike Assante sparked my interest in cybersecurity more than a decade ago, and he helped me understand how we can better secure the operational technology underlying our daily lives. He was taken from us at far too young an age, but I am excited that his wisdom and philosophy of building security into engineering processes are captured in this book and will continue to aid our nation for years to come."
Congressman Jim Langevin, U.S. Representative for Rhode Island's 2nd Congressional District
"This book is an invaluable resource for the electric power industry, its complex supply-chains, and those charged with better protecting all of it. At its core, CCE is really about keeping operations going no matter what adversary nations or hostile groups have up their sleeves. By protecting what matters most, this methodology is very good news for critical infrastructure organizations, for the continuity of the economy, and for the safety and security of our nation."
Tom Fanning, CEO, Southern Co.
"Engineering software without cyber security is like launching space vehicles without shielding from radiation. Nonetheless, cyber insecurity abounds everywhere we look. This book, climaxing in a compelling hypothetical case study, shows how we can, and must, do bettermuch better."
Richard Danzig, former Secretary of the Navy
"INLs Countering Cyber Sabotage is the seminal and game-changing textbook of our time aimed at assuring the resiliency of our fragile Industrial Control Systems and Operational Technologies. This book marks the beginning of the end of operators being overwhelmed by the vast potential cyber threats to our ICS and OT. Government, Military, Academia, and Private Sector can move out TODAY on implementing CCE based the proven processes described in this book. Colleges must incorporate this knowledge into every engineering program to prepare our future engineers. The work is also a wonderful tribute to Mike Assante and the entire INL team. Well Done!"
Vice Admiral Janet Tighe, US Navy (Retired), Former Commander of Fleet Cyber Command
"INL is already well underway conducting and coordinating the most challenging ICS security work for the nation with DOE, DOD, DHS, and industry. And Andy and Sarahs CCE book, as well as CCE engagementcompleted, underway, and coming upare the clearest evidence yet that the labs experts are a if not the leading force for improving cyber protection of the nations critical infrastructure."
Paul Stockton, former Assistant Secretary of Defense for Mission Assurance
"As someone charged with improving critical infrastructure cybersecurity in the states of Colorado and California, the Department of Homeland Security, and the entire bulk power system at the North American Reliability Corporation, its impossible for me to adequately describe my friendship with Mike Assante, and perhaps more importantly, his role in my career. Mike was an indispensable voice post-9/11, evolving our national thinking on what needed protecting most, and then on how to move the country from glaring cyber vulnerabilities circa 2002. Following Stuxnet in 2010, and then to our much improved (if far from perfect) security posture in 2020, he was personally responsible for much of the progress our nation has made over the past 20 years. While Mike authored numerous influential articles and papers, Countering Cyber Sabotage captures his role in the development of the CCE methodology and the entirety of his vision that will enlighten everyone who reads it."
Mark Weatherford, Chief Strategy Officer at the National Cybersecurity Center. Former Deputy Under Secretary for Cybersecurity at DHS and Chief Security Officer at NERC
"In a clear, concise, readable manner, Bochman and Freeman's new book explores how to build cyber resilience into the critical infrastructure upon which our country's prosperity and security depend. They deconstruct the dangers of a mindset where hope and unverified trust remain central elements to cybersecurity and how to replace that faulty premise with a more logical and quantifiable process. Consequence-Driven Cyber-Informed Engineering (CCE), as explained in this book and operationalized in practice at Idaho National Lab, must become a key feature of cybersecurity if we are serious about countering cyber sabotage."
Samantha F. Ravich, Ph.D., Commissioner, Cyber Solarium Commission and Chair of the Center for Cyber and Technology Innovation.
"A state of security is the absence of unmitigable surprise; hence the pinnacle goal of security design is no silent failure, but complexity obscures interdependence and, thereby, abets silent failure. Only first principles engineering grounded in simplicity can erase the structural advantage offense otherwise enjoys; AI algorithms only makes it worsereducing workload when the workload is low and increasing it when the workload is high. Mike Assante knew all that, and more."
Dan Geer, Senior Fellow at In-Q-Tel (& a security researcher with a quantitative bent)
"Bochman and Freeman have written an incredibly important book on a serious topic in a manner that is engaging and disarming to readers. It is required reading for consultants and engineers designing critical infrastructure. I also appreciate that time and effort the authors spent to bring the principles and ideas Mike Assante to light. He played an important role in my decision to join NERC through his transparent and diligent focus on uncovering facts that helped bring about regulatory certainty and clarity which were traits I attempted to emulate."
Tobias Whitney, former Senior Manager of Critical Infrastructure Protection at the North American Electric Reliability Corporation (NERC).
"The massive pressure to increase automation of critical assets in water and other sectors suggests, driven by promises of optimization and cost savings, many are willing to also accept additional operational uncertainty. While the benefits are real, the downsides of this rapid transition are the potential loss of self-sufficiency and an increased dependency on ever more complex systems. CCE offers a means to more fully examine the cyber risk domain and enable owner/operators to ensure mission continuity. That is, after all, the expectation of the public served by the water sector, a national critical function and essential lifeline sector."
Kevin Morley, PhD, The American Water and Wastewater Association (AWWA)
"This book goes to the heart of the international cybersecurity threat to design a defense for critical parts of the nations energy infrastructure that cannot be lost."
Peter Behr, E&E News
"With Countering Cyber Sabotage, Bochman and Freeman masterfully present a brilliant new methodology for defending critical infrastructure against the next generation of cyber threats. As someone who is focused on thinking the unthinkable and bringing it to life through fiction, it is reassuring to know this book will become an essential resource for those protecting the nation's defense systems and critical infrastructure against future worst-case scenarios."
August Cole, author of Ghost Fleet and Burn-In
"Bochman and Freeman present the approach developed by the Idaho National Laboratory (where they both work) to protect critical national infrastructure from cyberattacks, explaining how and why consequence-driven, cyber-informed engineering (CCE) works to use a risk management approach, requiring security personnel to think like an attacker."
"Recommended" title by CHOICE. March 2022 issue; review by T. Farmer, Arkansas State University
