Idaho National Laboratory (INL) Cyber Seminar
Cyber-enabled Sabotage and Critical Function Assurance - 4 PDH; 4 AIA LU (additional registration)
Monday, May 9, 2022
1:00 - 5:00 p.m. MDT
$99 for SAME Members / $129 for Non-Members
Space is limited to 30
Already registered for JETC? Email firstname.lastname@example.org and request that the course be added to your current registration.
Consequence-driven Cyber-informed Engineering (CCE) is a methodology focused on securing the nation’s critical infrastructure systems. Developed at Idaho National Laboratory (INL), CCE starts with the assumption that if a critical infrastructure system such as the electric power grid, defense missions, natural gas pipelines, chemical plants, locks and dams or other critical systems are targeted by a skilled and determined adversary, the targeted system can and will be penetrated. CCE adopts an aggressor mindset to examine how an adversary might target the most critical operations, focusing on entire systems and processes, not individual technologies. This approach provides critical infrastructure owners, operators, vendors and manufacturers a disciplined methodology to evaluate complex systems, determine what functions must be fully safeguarded and apply proven engineering strategies to isolate and protect an industry’s most critical assets.
CCE leads executives and operational experts through a process of identifying the most critical functions essential to fulfilling their organization’s mission and determines the potential consequences of a cyberattack against these functions. Using the CCE methodology, system operators identify key points within a critical system vulnerable to a cyberattack. Lastly, CCE fully leverages an organization’s operational expertise, system understanding and process knowledge to “engineer out” cybersecurity risks.
This session introduces cyber-enabled sabotage and the role of engineering in cyber defense. Most of the cybersecurity training available to critical infrastructure security experts focuses on technology, networks, and perimeter security. This training, leveraging key CCE concepts, will introduce students to the importance of understanding the current cyber-sabotage threat environment, identifying your critical functions and how they might fail, and merging engineering with cybersecurity principles to establish safe/reliable operations even in the face of determined and skilled adversaries.
Who Should Attend?
- Individuals responsible for protecting critical functions or mission essential operations that an adversary might be interested in targeting.
- This introduction will be useful for individuals located throughout an organization, from executives to frontline staff.
Why Should You Attend?
- Cyber-enabled sabotage threats continue to grow as cyberspace has quickly become the fifth domain of warfare.
- Regardless of your role in an organization, you most likely support or manage critical functions that support safety, success, and possibly, our nation’s critical infrastructure. These are the critical functions out adversaries are targeting.
- This introductory training provides a view of the adversary landscape and considerations for protecting critical functions from cyber risks, threats, and events.
- Participants will leave the seminar with a better understanding of cyber-enabled sabotage and a basic understanding of the cyber-informed engineering methodology.
- Earn 4 PDHs and 4 AIA LU credits.
- Participants will understand the current cyber threat environment, critical functions and enabling functions.
- Participants will learn the definition of cyber-enabled sabotage and the difference between OT and IT impacts.
- Participants will understand the various vehicles for cyber-enabled sabotage, as well as supply chain, insider and vendor enabled risk, including the meaning of unverified trust.
- Participants will understand the difference between cyber-hygiene vs. protections, implementation of industry standards for protection and prioritizing engineered protection for critical physical operations.
Sam Chanoski - Sam Chanoski delivers technical leadership, expertise, and strategic insights to Cybercore’s portfolio of multi-million-dollar critical infrastructure security and resilience projects sponsored by the Department of Energy, Department of Homeland Security, and Department of Defense. He influences the development of large, long-term sustained programs for research, development, demonstration, and deployment associated with control system cybersecurity for nationally critical infrastructure, with particular focus on the energy sector.
Prior to joining INL, Sam spent sixteen years working in intentionally diverse positions across the electricity industry including real-time operations and maintenance with three large investor-owned utilities, situation awareness and event analysis with the North American Electric Reliability Corporation, intelligence with Electricity ISAC, and as the global security incident response team leader for a major manufacturer.
Sam’s professional interests include real-time transmission and distribution operations, organizational behavior, control systems cybersecurity, and emergency management and resilience.
Paul Keys - Paul Keys is an Industrial Controls System Cybersecurity Analyst at the Idaho National Laboratory (INL) Cybercore Integration Center. In this role, he is responsible for conducting technical analysis of cyber threats against the systems that form the very backbone of the nation’s critical infrastructure. Prior to INL, he supported the Intelligence Community, Department of Defense, and industry in a variety of technical management and engineering roles focused on mission support and securing critical systems located across the globe.