Readiness of Cybersecurity in the USA Energy Industry

Author

Aaron Cavanaugh, Portland State UniversityFollow

Sponsor

Portland State University. Department of Engineering and Technology Management

First Advisor

Tugrul Daim

Term of Graduation

Fall 2024

Date of Publication

10-23-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy (Ph.D.) in Technology Management

Department

Engineering and Technology Management

Language

English

Subjects

Cybersecurity, Energy

Physical Description

1 online resource (xvi, 337 pages)

Abstract

Cybersecurity Readiness shows an organizations ability of applicant and application to be able to fully utilize computing resources through behaviors (e.g., training employees), practices, and processes, while managing risk through efficient controls in order to prevent, detect, and respond to outage scenarios using audit and assessment techniques. An evaluation of cybersecurity readiness for the USA energy industry assists industry decision makers to comprehensively assess readiness gaps for prioritizing a risk-based cybersecurity implementation plan. There is a currently a lack of a Multi-Criteria Decision Model (MCDM) to assist decision makers to comprehensively assess Readiness of Cybersecurity in the USA Energy Industry.

The Hierarchical Decision Model (HDM) was created using a multidisciplinary research approach, studying academic principles and security expert approaches including frameworks, models, and theories. Research was then conducted through expert participants qualitative evaluations and quantitative scoring. The HDM model identifies common factors that have major impact, assesses readiness, and points out where corrective actions are needed through case studies and scenarios. The model prepares an organization to implement cybersecurity criteria with the goal of reducing the time to recover the electric grid in order to provide stability, if and when, an incident happens. This dissertation verifies and validates the previous literature reviews and interviews.

The findings and output of the dissertation has created artifacts designed to meet energy sector specific readiness and thus resilience needs. An organization must be able to resume operations, from attacks and outages, in order to be considered resilient. Readiness is also important because remediation will lead to reliable operations which contributes to higher financial returns overall.

Rights

© 2024 Aaron Cavanaugh

In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/ This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).

Persistent Identifier

https://archives.pdx.edu/ds/psu/42893

Recommended Citation

Cavanaugh, Aaron, "Readiness of Cybersecurity in the USA Energy Industry" (2024). Dissertations and Theses. Paper 6731.