CCE is a methodology developed by Idaho National Laboratory (INL). To-date it has been applied to protect facilities within the Nuclear and Energy sectors from cyber attacks. West Yost is working with INL to adapt this methodology to the water sector. This methodology assumes that if a SCADA system is targeted by a persistent and capable threat actor, it will be compromised. Based on this assumption our team designs SCADA systems in such a way that a utility will still be able to confidently carry out its mission of delivering drinking water to customers, even if the SCADA system is compromised.
This design approach includes use of modern automation but with such things as hard-wired controls (i.e. Hand/Off/Auto switch) to allow for control in the absence of automation or mechanical backstops that physically prevent a compromised control system to result in damage to physical assets. As an example, if well flushing valves are currently wired for control from the PLC, they may not be functional if the SCADA system were compromised.
This approach may be similar to design approaches already implemented in a City’s systems. CCE builds on these existing approaches and allows for a consistent approach to prevent over-reliance on automation during design and subsequent operation.
West Yost works with our clients to determine the best approach for applying CCE within their control system to protect their assets, staff, and customers.
Team Spotlight
Andrew Ohrt, PE, ERMCP
Risk and Resilience Lead (OTCR Principal Technical Specialist I)
Andrew Ohrt, PE, ERMCP
Risk and Resilience Lead (OTCR Principal Technical Specialist I)
“One day I was driving under the new 35W bridge on my regular morning commute into downtown Minneapolis. The new 35W bridge replaced the old bridge that collapsed one day during rush hour in 2007. After spending the first part of my career focused on environmental engineering, I was inspired to change my professional path. My new direction was critical infrastructure resilience to safeguard our communities and the systems that support them. As an environmental engineer, water sector resilience was a perfect fit. Luckily, a week later an unexpected opportunity to do just that emerged.
That was 8 years ago. Now I work with a talented team of cybersecurity and resilience professionals on driving innovation in the water sector. In December of 2020 West Yost formalized our partnership with Idaho National Laboratory (INL). I am energized daily by the opportunity to improve the cyber-resilience both individual of the sector through our partnership with Idaho National Laboratories (INL). Not everyone gets to say that, and it means a lot.”