Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation.

 

I think you’ll hear me struggling to make sense of some of the concepts in the CCE and questioning a number of the underlying precepts and value of stages of the methodology. One of the reasons is there is limited info out on what CCE is, and this podcast should clarify CCE to some degree.

Links:


This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation.

Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.