Date of Award

Fall 2023

Document Type

Open Access Thesis

Degree Name

Master of Science (MS)

Department

Computer Science

Abstract

The State of Maine’s (SOM) electrical grid is aging. While there are public and private efforts to bring it up to date, gaps in cybersecurity policies and laws exist (NERC, n.d.; see also MPUC, n.d.; CISA, n.d.). This policy and law research may also apply to other states and the protection of their critical infrastructure. The researcher examined the grid’s controls, policies, and laws to determine the influence each exerts over the grid and where that influence presents vulnerabilities in security. The research focused on the controls, policies, and laws that play a role in protecting the grid. The researcher created and analyzed each procedure, approach, and regulation against a NIST five-function framework merged with the MITRE Adversarial Tactics, Aspects, and Common Knowledge (ATT&CK) model to observe and analyze what gaps or policies lack effectiveness or present risk (MITRE ATT&CK®. n.d.). The researcher utilized publicly available data and information from participating government agencies to discover and analyze current public policy regarding the cybersecurity of the State of Maine (SOM) Electrical Transmission Network. The study's results present numerous policies designed around the NIST recommendations. These policies are robust and work against most adversarial strategies. These policies are compared against the Center of Information Security’s (CIS) Critical Control list to find any controls that the current policies and procedures have not covered. The researcher used the merged matrix to analyze each relevant policy from the SOM Office of Information Technology (OIT). The researcher designed the rubric to be improved and utilized to view policy from the perspective of the attacker in an efficient manner.

Comments

Cybersecurity

Download

Share

COinS