Control Systems Security Specialist

Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems, including security monitoring and maintenance along with stakeholder coordination to ensure the system and its interconnections are secure in support of mission operations.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T420 additional Apply security policies to meet security objectives of the system.
• T5821 additional Act as a liaison between facility operations/engineer teams and IT or network security teams to coordinate security activities.
• T5822 additional Apply tailored organizational security policies and procedures for control system environments to maintain security, but also to ensure system availability.
• T5823 additional Apply updates, patches, and security technical implementation while maintaining control system performance and availability requirements.
• T5826 additional Consult on control system security matters (e.g., risk assessment, configuration management) as needed.
• T5828 additional Ensure configuration and collection of control system audit logs for monitoring and forensic analysis as appropriate.
• T5829 additional Establish and maintain security configuration baseline for the control system(s), including field devices, IT components, interconnections, and interfaces.
• T5830 additional Implement Risk Management Framework (RMF) Assessment requirements for control systems, and document/maintain records for them.
• T5831 additional Maintain knowledge of the function and security of control system and IT technologies with which the control systems interface.
• T5832 additional Maintain network segmentation to isolate control systems from business networks and other external connections as directed.
• T5833 additional Off-load and review control system audit logs and review for anomalies.
• T5834 additional Participate in control system change management in conjunction with IT personnel and control system experts (e.g., system supplier).
• T5835 additional Participate in control system incident and disaster response, including secure system recovery.
• T5836 additional Perform asset management and maintain inventory of control system devices and components through physical inspection or logical scans.
• T5840 additional Support risk assessments by reviewing and documenting the implementation status of security requirements of control systems.
• T708A additional Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
• T809 additional Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• K0079 knowledge core Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
• K0106 knowledge core Knowledge of remote access technology concepts.
• K3277 knowledge core Knowledge of general SCADA system components.
• K6927 knowledge core Knowledge of control system environment risks, threats and vulnerabilities.
• K6929 knowledge core Knowledge of control system technologies, such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Distributed Control Systems (DCS) and Operational Technology (OT).
• K6933 knowledge core Knowledge of risk management processes specific to control systems.
• S3740 skill core Skill in determining installed patches on various operating systems and identifying patch signatures.
• S6940 skill core Skill in applying security and managing risk in resource-constrained systems and networks.
• S6941 skill core Skill in architecting compensating security controls to reduce risk for control systems and control system components that do not have adequate or compliant security capabilities.
• S6946 skill core Skill in securing control system communication protocols (e.g., IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA, GOOSE) and media used for field device control.
• K043A knowledge additional Knowledge of embedded systems.
• K069A knowledge additional Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).
• K088A knowledge additional Knowledge of current and emerging cyber technologies.
• K3353 knowledge additional Knowledge of the Risk Management Framework Assessment Methodology.
• K342A knowledge additional Knowledge of operating system command line/prompt.
• K6928 knowledge additional Knowledge of control system performance and availability requirements.
• K6934 knowledge additional Knowledge of RMF assessment types (e.g., Assess & Authorize (A&A), Assess Only) and authorization boundaries (e.g., Closed Restricted Network (CRN), Stand-alone Information System (SIS)).
• K6937 knowledge additional Knowledge of what "normal" control system operations for specific mission/business functions look like.
• S3A skill additional Skill in recognizing vulnerabilities in security systems.
• S6939 skill additional Skill in active and passive methods to safely gather information and conduct vulnerability and network analysis scans in control system environments.
• S6943 skill additional Skill in identifying and investigating "abnormal" control system operations based on what specific mission/business functions look like.

EWU courses that develop this role

Related lectures and labs

Capture-the-Flag challenges that exercise this role

NCAE CyberGames scoreboard errors for this role

• NCAE-7aabdb11ec DNS EXT FWD / failure: Can't contact DNS Server on IP
• NCAE-79daa735d3 Postgres Access / failure: An error was encountered while trying to connect to the database
• NCAE-b364740c09 DNS EXT REV / failure: Can't contact DNS Server on IP
• NCAE-9b363f6139 DNS INT FWD / failure: Can't contact DNS Server on INT_IP
• NCAE-7f0bb3106d DNS INT REV / failure: Can't contact DNS Server on INT_IP
• NCAE-53a9f9da43 WWW Port 80 / failure: Failed to connect to server, is port 80 open?
• NCAE-eeb5e4e8f3 SMB Login / failure: SMB operation failed: [Errno 111] Connection refused
• NCAE-efd6404d3c SMB Read / failure: SMB operation failed: [Errno 111] Connection refused
• NCAE-600767ba09 SMB Write / failure: SMB operation failed: [Errno 111] Connection refused
• NCAE-ed9f4ee89c SMB Read / partial: SMB operation failed: Failed to get attributes for addict_with_a_pen.data on files: Unable to open remote file object
• NCAE-a35a20c717 DNS EXT REV / partial: Connected to IP:53, no useful content though...
• NCAE-5e1da0ed9d SSH Login / failure: Failed to connect to host: IP
• NCAE-4b7774940b SMB Login / failure: SMB operation failed: [Errno 113] Host is unreachable
• NCAE-b9e0ec08d1 SMB Write / failure: SMB operation failed: [Errno 113] Host is unreachable
• NCAE-1c78c96e24 SMB Read / failure: SMB operation failed: [Errno 113] Host is unreachable
• NCAE-c8514560b8 Router ICMP / failure: Request Timed Out to host IP after 1 seconds
• NCAE-93ded42199 SMB Read / partial: 22 files have incorrect content
• NCAE-cb9ddf3665 DNS INT REV / partial: Connected to INT_IP:53, no useful content though...
• NCAE-a159d521db DNS INT FWD / partial: Connected to INT_IP:53, no useful content though...
• NCAE-4dc6feb4c8 SMB Read / failure: SMB connection failed: protocol error
• NCAE-2ec02e1cd0 SMB Login / failure: SMB connection failed: protocol error
• NCAE-7aef47fca9 SMB Write / failure: SMB connection failed: protocol error
• NCAE-6874759148 SMB Read / partial: SMB operation failed: Failed to get attributes for cottonwood.data on files: Unable to open remote file object
• NCAE-935f9d5213 SMB Read / partial: SMB operation failed: Failed to retrieve before_you_start_your_day.data on files: Unable to open file
• NCAE-c1a43a09d2 DNS EXT FWD / partial: Failed to lookup: ns1.team15.ncaecybergames.org, files.team15.ncaecybergames.org, shell.team15.ncaecybergames.org
• NCAE-523d40773c SMB Read / partial: SMB operation failed: Failed to get attributes for .choker.data on files: Unable to open remote file object
• NCAE-b149cb49bf SMB Read / partial: SMB operation failed: Failed to get attributes for air_catcher.data on files: Unable to open remote file object
• NCAE-4b8d0cb667 SMB Read / failure: Failed to connect to host: IP
• NCAE-d9f492a0da SMB Login / failure: Failed to connect to host: IP
• NCAE-864b183177 SMB Write / failure: SMB operation failed: timed out

Other roles in this element