A model for measuring multi-concern assurance of critical infrastructure control systems

Digital transformation of engineering practice, paradigms, processes, and workforce engender agreement uncertainty among professionals, particularly in the critical industry control system field. Control systems are susceptible to cyber-mediated changes that can uniquely affect the control of the physical world from data-centric information systems. Change to the system can be introduced by any proposed or forced alteration that affects the acceptability, suitability, feasibility, or resiliency to perform its intended mission, either positively or negatively. The potential impact of the cybersecurity threat on control systems is difficult to quantify. Agreement among professionals about decision authority and Command and Control (C2) over this threat is even more challenging to quantify. Understanding what cybersecurity entails still needs to be widely understood by the critical infrastructure control system workforce, and the control system assets are not widely understood by the Information Technology (IT) workforce. This research introduces a model and methodology for measuring multi-concern assurance through the statistical uncertainty analysis of Likert semantic differential scales. The model addresses agreement in priority, the lack of which means there might be competing aims, competing spending, and competing focus on different aspects of the cybersecurity governance or policy as examples. The outcome identifies where different types of professionals do not agree about cybersecurity readiness and best practices for critical infrastructure control systems.