With digitization proliferating across the infrastructure sector, utilities are facing a higher risk of cybersecurity threats than ever before. To address clients’ changing needs, Black & Veatch (Overland Park, Kan.) has partnered with Idaho National Laboratory (INL; Idaho Falls) to license the use of Consequence-Driven Cyber-Informed Engineering (CCE), a patent-pending methodology that will improve security within the nation’s utility infrastructure.
The partnership with INL, one of the U.S. Department of Energy’s (DOE) network of laboratories, will expand Black & Veatch’s services to offer proven information security posture enhancement services for operational technology (OT) systems, which are the most vulnerable to cyberattack. By leveraging INL’s significant capabilities in utility security technology, the service offering moves cybersecurity beyond perimeter protections and related technologies into a deeper examination of people, processes and technology within operational technology environments. It aims to minimize the risk of cyber-enabled sabotage of critical business functions and the impacts of ransomware and other emerging threats.
“When CCE was first developed, the world had yet to experience a massive cyberattack affecting critical infrastructure operations. Today, these threats are all too common,” said INL Associate Laboratory Director Zach Tudor. “With partnerships like this, we can advance a solution that enables communities to protect their most important assets. We are proud to work with Black & Veatch to expand CCE’s impact around the world.”
Often, cybersecurity consultancies engaged in a project will cease participation once the immediate issue is solved or a final design is delivered. Unfortunately, given the advanced nature of today’s cyber attackers, this approach is insufficient when it comes to protecting the integral systems of critical infrastructure. Supported by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response, the CCE methodology addresses this inadequacy in four phases: consequence prioritization, system-of-systems analysis, consequence-based targeting and mitigations and protections.
“Every day, our utility clients face the very real threat of cyber intrusion, which can be devastating for critical infrastructure and the businesses and communities that rely on reliable service,” said Joe Zhou, associate vice president and , senior managing director of infrastructure modernization at Black & Veatch. “Securing our infrastructure from unauthorized access and sabotage has grown to a top-level concern. Having access and training to apply this leading CCE methodology will ensure that we continue to lead our industry in providing top-level experts and advisors to achieve security requirements.”