Codifying Information Assurance Controls for Department of Defense (DoD) Supervisory Control and Data Acquisition (SCADA) Systems
AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition SCADA systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing 8 Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into the DoD IA control framework. Ranking results p .972414 indicate a high preference for encryption, and system and information integrity as key IA Controls to mitigate cyber risk. Equally interesting was the perfect agreement among raters on ranking certification and accreditation dead last as an effective IA control. The respondents strongly favored including four new IA controls of the eight considered.
- Information Science
- Computer Systems Management and Standards