1898 & Co., a management and technology consulting firm, has partnered with Idaho National Laboratory (INL) on protecting critical infrastructure from cyber threats.
One of the national laboratories of the US Department of Energy, INL has historically focused on nuclear research. Located in the Idaho desert on a 890-square-mile campus, “the Site” – as it’s commonly known – has seen the construction of more than 50 reactors, including the prototype reactor for the world’s first nuclear submarine.
Nuclear facilities are an especially important asset deserving of the highest tier of physical and cybersecurity, alongside other critical infrastructure such as pipelines and defense facilities. To that end, the INL has for the last ten years been developing its “consequence-driven, cyber-informed engineering” (CCE) discipline aimed at protecting the most critical aspects of utilities; oil, gas, and chemicals; the defense industrial base; transportation; ports; and manufacturing.
INL will now partner with 1898 & Co. – a division of infrastructure engineering firm Burns & McDonnell – to scale the CCE discipline to critical asset owners globally. 1898 & Co. will primarily focus on private sector clients while INL will focus on the public sector.
“It’s a concept we have developed and improved over the last decade in engagements with major utilities and defense establishments, and we are excited to partner with Burns & McDonnell and 1898 & Co. to offer it to more organizations,” said Zach Tudor, associate laboratory director of INL.
Launched two years ago, 1898 & Co. provides management consulting, technology consulting, and cybersecurity services to clients across a range of industries, including energy, aviation, manufacturing, and government. Its critical infrastructure cybersecurity practice has offerings in asset inventory, business outcome solutions, diagnostic assessments, incident response, secure system design and implementation, and training. The Kansas City, MI-based business has more than 250 consultants nationwide.
“While there are no guarantees when it comes to critical infrastructure cybersecurity, 1898 & Co. clients who implement CCE for their most critical assets will have additional safeguards in the form of engineering changes and process improvements that limit the damage an attacker can do once inside,” said Matt Morris, managing director for 1898 & Co. “At the end of the day, CCE’s ability to temper the size and scale of cyber sabotage provides a level of certainty CISOs and boards sorely need.”
Incidents such as the Colonial Pipeline ransomware attack in May highlight the importance of effective cybersecurity in critical infrastructure. As many assets digitalize to achieve greater operational efficiency, many create a gap in cyber resilience. In the case of Colonial, hackers breached the pipeline’s billing system and stole nearly 100 GB of data. The inability to bill customers prompted Colonial to shut down operations for six days, leading to gas shortages in the US South and panic buying. President Biden was forced to declare a state of emergency and remove limits on the transport of fuels by road.
The energy firm ended up paying a $4.4 million ransom to the Russian-speaking hackers of DarkSide Group, although about half of the bitcoin ransom was afterward recovered by the DOJ.