Date of Conferral

2021

Degree

Doctor of Information Technology (D.I.T.)

School

Information Systems and Technology

Advisor

Bob Duhainy

Abstract

Supervisory Control and Data Acquisition (SCADA) systems monitor and control physical processes in critical infrastructure. The impact of successful attacks on the SCADA systems includes the system's downtime and delay in production, which may have a debilitating effect on the national economy and create critical human safety hazards. Grounded in the general systems theory, the purpose of this qualitative multiple case study was to explore strategies SCADA security managers in the Southwest region of the United States use to secure SCADA systems' networks. The participants comprised six SCADA security managers from three oil and gas organizations in the midstream sector located within this region. Data were collected using semistructured interviews and a review of organizational documents. Four themes emerged from the thematic analysis: (a) the importance of security awareness and workforce security training, (b) the use of technical control mechanisms, (c) the establishment of standard security policies, and (d) the use of access and identity management techniques. A key recommendation is for IT managers to adopt security awareness and workforce security training to strengthen the security chain's most vulnerable link. The implications for positive social change include the potential to prevent consequences such as loss of lives, damage to the environment, and the economy resulting from malicious activities.

Download

Share

 
COinS