Ground Truth Competency Assessment for Smart Grid Cyber Security
The constant change in smart grid technology and the cyber security threat landscape demand an adaptive workforce which aligns specialist skills across a broad range of job roles. Energy companies have lacked clear guides and tools to help them understand whether their staff and consultants possess the right competencies to address the latest developments, or ground truth, in smart grid vulnerability and best practices for deterring and responding to the growing threat. Guided by a model of Ground Truth Expertise Development1 of the cyber security workforce, the Department of Energy recently commissioned a multi-year study to produce and validate predictive models of on-the-job performance by smart grid cyber security professionals. In this presentation, we will review the Smart Grid Cybersecurity Job Performance Model (SGC JPM) that resulted from the first phase of this project, focusing on the critical metrics expected to differentiate performance at varying levels of competency: novice, proficient, competent, expert, and master. We will discuss the implications of this model for the assessment of human capital vulnerabilities which limit the preparedness or resilience of smart grid installations to cyber threats and attacks. Finally, we will review the implications of the SGC JPM competency model and assessment tools for research and development of cyber security and control system engineering curricula and performance support technology.
1M.J. Assante and D. H. Tobey, “Enhancing the cybersecurity workforce,” IEEE IT Professional, vol. 13, pp. 12–15, 2011
Michael Assante is currently the President & Chief Executive Officer of NBISE and Chair of NBISE’s National Board. Michael Assante is an internationally recognized expert and thought leader in information and cyber security and the recipient of many awards in the space. Mr. Assante most recently held the position of Vice President and Chief Security Officer at the North American Electric Reliability Corporation and oversaw the implementation of cyber security standards across the North American electric power industry. Prior to joining NERC, Assante held notable positions at Idaho National Labs, was Vice President and Chief Security Officer for American Electric Power, and pioneered the security intelligence landscape in his role as Chief Operating Officer of LogiKeep. A former U.S. Navy intelligence officer with experience in information warfare and information security management, Mr. Assante recognized the need to bring intelligence-type analysis to the networks of the corporate world by identifying risks and threats specific to the hardware, software and systems used by individual organizations.
Dr. David Tobey is the Director of Research at the National Board of Information Security Examiners. Dr. Tobey's research into the formation of expertise led to the development of a theory of human performance, the V-to-B Loop, which identifies the cognitive and neurological mechanisms that predict the transition of knowledge into skill. According to this theory, skill develops after sufficient practice leads to the formation of neural clusters deep in the unconscious that execute behavioral programs without the need to recall specific instructions or procedures—the brain’s equivalent to a software applet which Dr. Tobey labeled a thinkLet. The formation of thinkLets is detected by a new psychometric technique, Potential Performance Analysis, which NBISE uses to assess the level and potential of cyber security skill development and predict job performance. Prior to joining NBISE Dr. Tobey was a serial entrepreneur whose companies have been listed among INC Magazine's 500 fastest-growing private companies, set international industry standards for systems configuration and integration, and became publicly-traded companies in the early 1990s. He has also served as a consultant, officer and/or board member for private and public companies in the distribution, financial services, hospitality, information technology, life sciences, publishing, and transportation industries.
The seminar series is presented by the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Project, an $18 million multi-university research effort whose partner institutions include the University of Illinois at Urbana-Champaign, Arizona State University, Dartmouth, and Washington State University. The TCIPG Project, a successor to the earlier NSF-funded TCIP Center, was founded in 2009 with support from the U.S. Department of Energy and the U.S. Department of Homeland Security. It is housed in the Information Trust Institute, University of Illinois at Urbana-Champaign.