Safe from Stuxnet: Leveraging Air Force Cyber Expertise to Secure Industrial Control Systems and Critical Infrastructure

Abstract

Over the years, technology has been integrated into a wide array of systems that the United States Air Force (USAF) relies on for sustainment, such as generation of electricity, distribution systems for drinking water, and in-home/consumer systems (e.g., air conditioning), temperature regulating equipment necessary to cool data centers, and server rooms to support technology capabilities. These systems depend on Industrial Control Systems (ICS) to provide real-time control and monitoring capabilities. ICS are vital in operating critical infrastructure to support assets, provide capabilities, and execute the mission. The Civil Engineer (CE) career field is responsible for establishing, operating, maintaining, and protecting installations and ICS. However, CE currently does not have the expertise to implement cybersecurity to protect ICS from attacks and vulnerabilities and relies on support from other units and organizations, which either do not have sufficient manning to support or can result in delays to restore capabilities. The vulnerabilities and mission impacts on critical facilities and functions raise the question: what are the best uses of Information Technology Management (2210) civilian job series to implement and maintain cybersecurity at Air Force installations to prepare for and conduct multi-domain command and control (MDC2)? The problem/solution framework was used to analyze the requirements of mitigating cybersecurity vulnerabilities in ICS and potential manning solutions to determine whether embedding 2210 personnel into CE units to provide local, organic capabilities is the best option to support MDC2. The research identified four possible alternatives to meet cybersecurity requirements. However, when evaluated against the set criteria, a hybrid solution between assigning positions and permanently establishing 2210 is recommended as the best-proposed alternative to mitigate both short and long-term risk.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2019
Accession Number
AD1108160

Entities

People

  • Jenni S. Dorsey-spitz

Organizations

  • Air Command and Staff College

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Business Administration
  • Command And Control
  • Computer Programming
  • Computers
  • Control Systems
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Cyberspace Operations
  • Department Of Defense
  • Employment
  • Information Systems
  • National Security
  • Network Protocols
  • Personnel Management
  • United States Government

Fields of Study

  • Computer science

Readers

  • Aerospace logistics and air mobility.
  • Cybersecurity.

Technology Areas

  • Cyber
  • Fully Networked C3
  • Fully Networked C3 - Command and Control