Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)

This book cover has a picture of a city in the background with the light reflecting on the water in the shape of circuits. The title is on the top, with the word "Countering" in white and "Cyber Sabotage" in green.

Book written by Andrew Bochman and Sarah Freeman

Book review by Georgianna Shea

Bottom Line

I recommend this book for the Cybersecurity Canon Hall of Fame, it is a must-read book for all cybersecurity practitioners – be they from industry, government, or academia — where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.

Executive Summary

The book codifies a process that could dramatically improve the safety and security of various cyber-physical systems when implemented. The authors understand that general cybersecurity will not be enough if a well-resourced attacker is determined to break in and cause an effect. 

The authors use the phrase “Hope and Hygiene” to describe general cybersecurity practices. Regardless of how cyber-secure an organization is, it can always fall victim to an insider threat or unwitting click on a malware attachment in a well-crafted phishing email. So with hope and hygiene, organizations are just sitting ducks until they find themselves in the crosshair of a determined hacker. The book offsets the strategy of hope with engineering rigor designed to withstand attacks using the Consequence-Driven, Cyber-Informed Engineering (CCE) process which includes a four-phased approach to building systems with the mindset of a hacker. 

  • Phase one: Consequence Prioritization
  • Phase two: System-of-Systems Analysis 
  • Phase three: Consequence-Based Targeting
  • Phase four: Mitigation and Protections 

CCE aims to build resilient systems by understanding what a hacker can do then engineers a solution. It evaluates critical functions and how a hacker could cause an effect, evaluates the potential impacts, and then designs a solution.  The book does an excellent job describing how to accomplish each phase of CCE. For example, a reader can easily use the book as a reference guide or a fundamental textbook for cyber-physical systems engineering and security. In addition to the phase descriptions and walkthroughs, it also includes a CCE case study to bring all the principles and processes together in one comprehensive example in the appendix.


If you are looking for an exciting, dramatic book with which you can curl up next to the fire, this book is not for you. However, this book is just the ticket if you are concerned about cyber-attacks, their potentially catastrophic consequences, and seeking ways to minimize their impacts. Countering Cyber Sabotage is a must-read for engineers, industrial control system project managers, developers, or people working to ensure the cybersecurity of operational technologies.

Published in January 2021, Countering Cyber Sabotage defines a process that could measurably improve the safety and security of cyber-physical systems. The authors point out that general cybersecurity practices are not sufficient to defeat a well-resourced and determined attacker.

The authors use the term “Hope and Hygiene” to describe general cybersecurity practices, and it’s apt. Regardless of an organization’s security posture, there’s always the potential for insider threats or an unwitting click on a malware-laden attachment in a phishing email.  Organizations relying on hope and hygiene are sitting ducks, and it is only a matter of time before they find themselves in the crosshair of a resourceful attacker. In addition, the book offers an augmentation to a strategy of hope in the form of engineering rigor embodied in the Consequence-Driven, Cyber-Informed Engineering (CCE) process.  CCE uses a four-phase approach to building secure systems by leveraging an attacker’s perspective: 

  • Phase one: Consequence Prioritization;
  • Phase two: System-of-Systems Analysis; 
  • Phase three: Consequence-Based Targeting; and
  • Phase four: Mitigation and Protections 

CCE enables the realization of resilient systems by fostering an understanding of what a hacker can do within the design and development team, allowing them to build the requisite security into the system from inception.  CCE provides a methodology for evaluating critical functions and how a hacker could cause an adverse effect, identifying potential impacts, and designing an appropriate solution. For example, in February 2021, an attacker breached a water treatment center in Oldsmar, Florida. The hacker attempted to raise the sodium hydroxide levels in the water, which would have poisoned the consuming population. Luckily, the hacker was unsuccessful. If the water treatment center had used the CCE process, it could have proactively implemented a solution that mitigated the risk of sodium hydroxide poisoning. For example, the sodium hydroxide holding container could have been reduced in size to prevent a lethal amount of chemicals from being mixed with the water (if a cyber-attack successfully emptied the chemicals from the container). 

Countering Cyber Sabotage includes numerous other examples. However, the water treatment center compromise, which happened a month after the book was released, demonstrates a real-world example of how engineers assemble critical infrastructure without including mitigations to likely attacks on their critical services or products.   In essence, the CCE process defined in Countering Cyber Sabotage is about reaping the benefits of hindsight in advance.

Countering Cyber Sabotage does an excellent job of describing how to implement CCE. For example, a reader can use the book as a reference guide or a fundamental textbook for cyber-physical systems engineering and security. In addition to the phase descriptions and walkthroughs, the authors include a CCE case study in the appendix that brings all the principles and processes together in one comprehensive example. 

Countering Cyber Sabotage addresses a gap in engineering design, making a solid case for including cybersecurity beyond cyber controls. The world of operational technologies and industrial control systems make up the critical infrastructure that the country relies on for the day-to-day living. 

Unfortunately, protecting these systems with traditional cyber controls is not enough, and relying solely on them will have catastrophic results when hackers inevitably compromise them.  Thankfully, the authors lay out the CCE process that industries can adopt and implement to address this vulnerability.

We modeled the Cybersecurity Canon after the Baseball Hall of Fame and the Rock & Roll Hall of Fame, except it’s a canon for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!