Measuring disagreement in segments of the cybersecurity profession as a means of identifying vulnerabilities
Date
2022
Authors
Scalco, Aleksandra, author
Simske, Steven J., advisor
Cale, James, committee member
Herber, Daniel, committee member
Dik, Bryan J., committee member
Journal Title
Journal ISSN
Volume Title
Abstract
Disagreement exists among different groups of professionals about remediation of control system vulnerability due to discrepancies in engineering practice, paradigms, processes, and culture. Quantification of agreement among professionals is needed to increase understanding of areas where divergence arises. This need to quantify agreement is particularly among control system Operational Technology (OT) and business enterprise Information Technology (IT) professions. The control system OT workforce does not fully understand the relative vulnerability of each element of its system. Likewise, the business enterprise IT workforce does not widely understand control system assets that control critical infrastructure to achieve cybersecurity assurance. This disagreement among professionals leads to misalignment, which results in vulnerability. Similarly, known vulnerability can inform alignment and bring about agreement among professionals. The exposure induced by misalignment may be greater than innate system design vulnerability. This research introduces an analytical model and methodology for measuring multi-concern assurance among different groups of professions through the statistical uncertainty analysis of Likert and semantic differential scales used for interpreting the scores to identify specific areas of vulnerability.
Description
Rights Access
Subject
critical infrastructure
digital transformation
vulnerability
cybersecurity
control systems
multi-concern assurance