Control Systems Security Specialist

Work Role ID: 462  |  Workforce Element: Cybersecurity

What does this work role do? Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems, including security monitoring and maintenance along with stakeholder coordination to ensure the system and its interconnections are secure in support of mission operations.

KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
6935 * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Knowledge
6938 * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. Knowledge
3A Skill in recognizing vulnerabilities in security systems. Skill
43A Knowledge of embedded systems. Knowledge
69A Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). Knowledge
79 Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). Knowledge
88A Knowledge of current and emerging cyber technologies. Knowledge
106 Knowledge of remote access technology concepts. Knowledge
342A Knowledge of operating system command line/prompt. Knowledge
420 Apply security policies to meet security objectives of the system. Task
708A Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. Task
809 Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Task
3277 Knowledge of general SCADA system components. Knowledge
3353 Knowledge of the Risk Management Framework Assessment Methodology. Knowledge
3740 Skill in determining installed patches on various operating systems and identifying patch signatures. Skill
5821 Act as a liaison between facility operations/engineer teams and IT or network security teams to coordinate security activities. Task
5822 Apply tailored organizational security policies and procedures for control system environments to maintain security, but also to ensure system availability. Task
5823 Apply updates, patches, and security technical implementation while maintaining control system performance and availability requirements. Task
5826 Consult on control system security matters (e.g., risk assessment, configuration management) as needed. Task
5828 Ensure configuration and collection of control system audit logs for monitoring and forensic analysis as appropriate. Task
5829 Establish and maintain security configuration baseline for the control system(s), including field devices, IT components, interconnections, and interfaces. Task
5830 Implement Risk Management Framework (RMF) Assessment requirements for control systems, and document/maintain records for them. Task
5831 Maintain knowledge of the function and security of control system and IT technologies with which the control systems interface. Task
5832 Maintain network segmentation to isolate control systems from business networks and other external connections as directed. Task
5833 Off-load and review control system audit logs and review for anomalies. Task
5834 Participate in control system change management in conjunction with IT personnel and control system experts (e.g., system supplier). Task
5835 Participate in control system incident and disaster response, including secure system recovery. Task
5836 Perform asset management and maintain inventory of control system devices and components through physical inspection or logical scans. Task
5840 Support risk assessments by reviewing and documenting the implementation status of security requirements of control systems. Task
6929 Knowledge of control system technologies, such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Distributed Control Systems (DCS) and Operational Technology (OT). Knowledge
6927 Knowledge of control system environment risks, threats and vulnerabilities. Knowledge
6928 Knowledge of control system performance and availability requirements. Knowledge
6933 Knowledge of risk management processes specific to control systems. Knowledge
6934 Knowledge of RMF assessment types (e.g., Assess & Authorize (A&A), Assess Only) and authorization boundaries (e.g., Closed Restricted Network (CRN), Stand-alone Information System (SIS)). Knowledge
6937 Knowledge of what “normal” control system operations for specific mission/business functions look like. Knowledge
6939 Skill in active and passive methods to safely gather information and conduct vulnerability and network analysis scans in control system environments. Skill
6940 Skill in applying security and managing risk in resource-constrained systems and networks. Skill
6941 Skill in architecting compensating security controls to reduce risk for control systems and control system components that do not have adequate or compliant security capabilities. Skill
6943 Skill in identifying and investigating “abnormal” control system operations based on what specific mission/business functions look like. Skill
6946 Skill in securing control system communication protocols (e.g., IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA, GOOSE) and media used for field device control. Skill