West Yost and INL’s Licensing Agreement Helps Water Utilities Protect Critical Operations from Cyberthreats

West Yost is the first organization to license the Idaho National Laboratory’s innovative cybersecurity methodology


West Yost is the first organization to license the Idaho National Laboratory’s innovative cybersecurity methodology.

West Yost, the water engineering firm, and Idaho National Laboratory (INL) have entered into a licensing agreement that will allow engineers from both organizations to help water utilities around the country protect their most critical operations from cyberthreats.

In December, an agreement was finalized for the use of the groundbreaking Consequence-driven, Cyber-informed Engineering (CCE) methodology. Known as CCE, the methodology was developed by INL researchers in collaboration with the US Department of Energy (DOE) over the last decade. It uses a think-like-the-adversary approach to secure digital technologies in industrial systems found in the water industry and in many other critical infrastructure sectors.

CCE provides utilities with clear steps to evaluate an organization’s most critical functions that must not fail. It then identifies the approach an attacker might take to sabotage critical systems, and applies proven engineering protection strategies to reduce the risk. More formally, the methodology employs a consequence-based risk management approach to cybersecurity.

“With this licensing agreement signed, West Yost and the greater municipal water industry are demonstrating their commitment to cybersecurity,” said Zach Tudor, INL’s associate laboratory director for National and Homeland Security. “Ensuring that clean water can be delivered to the public, utilized, treated and returned to the environment in a safe and reliable manner is a critical mission for both of our organizations. We’re pleased West Yost has chosen INL as a partner to elevate the nation’s water security.”

Charles Duncan, PE, president and CEO of West Yost, said the company’s mission is to be a leader in the water sector. “Our partnership with INL allows us to fulfill that vision by accelerating the adoption of preventative engineering practices and methodologies that address the current and future landscape of cybersecurity,” Duncan said.

“We are confident that West Yost and INL’s combined effort to bring CCE to the water sector will have a long-lasting positive impact on the cyber-resilience of this industry.”

West Yost is the first organization to license the laboratory’s innovative cybersecurity methodology. Since 2018, CCE has seen increased growth and acceptance within various utility sectors including the electric power industry and advanced manufacturing. Later this month, a book describing CCE’s origins and detailing its approach will be published by Taylor and Francis Group.

INL is a US Department of Energy national laboratory that performs work in each of DOE’s strategic goal areas: energy, national security, science, and environment. INL is the nation’s center for nuclear energy research and development. Day-to-day management and operation of the laboratory is the responsibility of Battelle Energy Alliance.


Andrew Ohrt, PE, ERMCP, Risk and Resilience Lead, OTCR Principal Technical Specialist I, tel. 952-303-9905

Nikki McQuaid, tel. 530-756-5905