Today, Derek Harp, the host of (CS)²AI Podcast, shares an episode of the Author Spotlight that features practitioners and contributors who do great work and write books about new modalities, new systems of organization, and new thought processes. 

In this episode, Andy Bochman and Sarah Freeman, authors of Countering Cyber Sabotage- Introducing Consequence-Driven Cyber-Informed Engineering, join Derek to talk about their book. 

Sarah has been an Industrial Control Systems Cyber Security Analyst at The Idaho National Laboratory (The Lab) for the past eight years. She did not get there through the traditional computer or cyber security background, however. Sarah studied Intelligence and Security Studies, focusing on terrorism in Graduate School, and came into cyber security through Language Services by assisting with certain investigations and operations on the language side. That eventually transitioned into industrial control systems when she joined The Lab. 

Sarah has a unique understanding of different kinds of threat actors from some of the work she has done in the past. The Lab focuses on bringing in people with different backgrounds, like cyber security researchers, malware reverse engineers, and engineers. That is invaluable when talking about attacks specifically leveled against industrial control systems because some things translate well between traditional IT attacks while others are completely different. Bringing in different groups helps with much of their work. 

One of the first companies Andy ever worked for was an applications security company that eventually got bought by IBM. He was also involved in some startups and some consulting. At IBM, Andy matched his cyber security day job with his night job, moonlighting as a blogger on the DOD Energy Blog and the Smart Grid Security Blog. While at IBM, he asked if he could cover energy from a cyber point of view, and they agreed. From that point, it became clear that he would eventually end up at the Idaho National Laboratory, where he has been for the last seven years. 

Show highlights:

• Sarah is valuable to the community because of her knowledge of the spoken and written languages used in certain parts of the world. (4:28) 
• The genesis of their book and the philosophy behind it. (7:51)
• From about 2003-2004, Idaho National Laboratory has focused on electric grid security. (16:16)
• Whatever first hits the people on the street and then ripples up to the people on The Hill brings about a new level of awareness. (19:37)
• Critical infrastructure is sure to be targeted, and once something has been targeted it will be compromised. (20:40)
• Putting security into the design stage is a different approach that is now evolving out of The Lab. (24:23)
• Many opportunities exist for adversaries to get in and turn things to their advantage after a new software product has been deployed and begins to interact with other networks. (29:49)
• What initially prompted Andy to write the book before Sarah came on board. (30:35)
• How Andy came up with the title of the book. (36:43)
• When espionage turns into sabotage. (39:04)
• How you can use the book. (40:25)
• A partner program and another version of the book, known as “Bootcamp” or “Partner Training” are also available. (41:13)
• People are tired of the status quo and would be willing to explore a new way. (44:43)