Codifying Information Assurance Controls for Department of Defense (DoD) Supervisory Control and Data Acquisition (SCADA) Systems
Abstract
Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition (SCADA) systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing 8 Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into the DoD IA control framework. Ranking results (p = .972414) indicate a high preference for encryption, and system and information integrity as key IA Controls to mitigate cyber risk. Equally interesting was the perfect agreement among raters on ranking certification and accreditation dead last as an effective IA control. The respondents strongly favored including four new IA controls of the eight considered.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2010
- Accession Number
- ADA517284
Entities
People
- Eddie A. Mendezllovet
Organizations
- Air Force Institute of Technology