Cybersecurity partnership

Black & Veatch Partners With Idaho National Laboratory to Promote New Cybersecurity Methodology

Black & Veatch has partnered with Idaho National Laboratory on the use of Consequence-Driven Cyber-Informed Engineering, a patent-pending methodology that will improve security within the nation’s utility infrastructure. Under the deal, the Kansas-based engineering company will expand its services to include information security posture enhancements for operational technology systems, which are vulnerable to cyberattack, BV announced Thursday.

Zach Tudor, INL’s associate director, said that when CCE was first developed, the world had yet to experience a massive cyberattack affecting critical infrastructure operations. Now that such attacks have become commonplace, the partnership with BV helps advance a solution that enables communities to protect their most important assets, he added.

The INL described CCE as a methodology focused on securing the nation’s critical infrastructure systems. Developed in-house, CCE begins with the assumption that if critical infrastructure is targeted by a skilled and determined adversary, the targeted operation can and will be sabotaged.

CCE provides critical infrastructure owners, operators, vendors and manufacturers with a more focused bottom-line approach to protecting infrastructure. It helps them identify methods an adversary could use to compromise critical functions as well as apply proven mitigation strategies to protect assets.

BV said that most cybersecurity consultancies engaged in a project will cease participation once the immediate issue is solved or a final design is delivered, adding that this approach is proving insufficient when it comes to protecting the integral systems of critical infrastructure amid the advanced nature of today’s cyber attackers.

Supported by the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, the CCE methodology addresses this inadequacy in four phases: consequence prioritization, system-of-systems analysis, consequence-based targeting, and mitigations and protections, BV said.