View Position Qualification

13-509-1249

Name

Supervisory Control and Data Acquisition Server Specialist

Status

Published

Version

1.2

Updated

1/4/2019 4:57:33 PM

Original Release

11/07/2017

Last Major Release

01/04/2019

Resource Category

Cybersecurity

Primary Core Capability

Cybersecurity

Secondary Core Capability

Resource Kind

Personnel

Overall Function

The Supervisory Control and Data Acquisition (SCADA) Server Specialist is responsible for the controller-side hardware, firmware, and software

Single resource

In conjunction with a NIMS typed team

NIMS Typed Team

In conjunction with a NIMS typed unit

NIMS Typed Unit

Description Notes

Not Specified

Supporting Core Capabilities
None

Types
Type 1	The SCADA Server Specialist position is responsible for the controller-side hardware, firmware, and software and: 1. Responds to crisis or urgent situations for SCADA front-end systems and associated server-side infrastructure to manage controllers and their associated software and hardware systems 2. Is responsible for Incident Command System (ICS)/SCADA workstations and servers 3. Executes various approaches aimed at mitigating, preparing, responding, and recovering servers from shutdown 4. Is an adjunct to the National Incident Management System (NIMS) Type 1 SCADA Controller Specialist

Type 1

The SCADA Server Specialist position is responsible for the controller-side hardware, firmware, and software and: 1. Responds to crisis or urgent situations for SCADA front-end systems and associated server-side infrastructure to manage controllers and their associated software and hardware systems 2. Is responsible for Incident Command System (ICS)/SCADA workstations and servers 3. Executes various approaches aimed at mitigating, preparing, responding, and recovering servers from shutdown 4. Is an adjunct to the National Incident Management System (NIMS) Type 1 SCADA Controller Specialist

Education

Not Specified

Component Types
Type	Criteria
Type 1	Not Specified

Training

Not Specified

Component Types
Type	Criteria
Type 1	Completion of the following: 1. IS-100: Introduction to Incident Command System, ICS-100 2. IS-200: Incident Command System for Single Resources and Initial Action Incidents 3. IS-700: National Incident Management System, An Introduction 4. IS-800: National Response Framework, An Introduction

Experience

Not Specified

Type 1

Agency Having Jurisdiction (AHJ)-documented and validated knowledge, skills, and abilities demonstrated in the following areas: 1. Desktop, server, and mainframe operating systems including Windows, Unix, Linux, and Mac OS 2. Human Machine Interfaces (HMIs) 3. Remote controlled equipment and front-end-servers 4. Common two and three wire hardware control buses 5. Physical and server security, firewalls and intrusion detection systems 6. Data backup, types of backups, and recovery concepts and tools 7. Host/network access controls and defense-in-depth concepts and controls 8. Log analytics and the use of the corresponding industry tools 9. Applying host access controls and network access controls including firewalls and screening routers 10. Intrusion detection and prevention (IDS/IPS) systems 11. Performing backup and recovery functions 12. Diagnosing and troubleshooting SCADA issues AHJ-documented and validated experience demonstrated in the following areas: 1. Administering and operating SCADA servers, archive servers, and front-end servers 2. Server-side controller software operation, installation and troubleshooting 3. Master/central control terminal units and systems 4. Vendor patch management 5. Coordinating with and providing expert technical support to enterprise-wide computer network defense (CND) specialists to resolve CND incidents

Physical/Medical Fitness

Not Specified

Component Types
Type	Criteria
Type 1	Not Specified

Currency

Provider must carry out and use any background checks as applicable law specifies. This may include a background check completed within past 12 months; sex-offender registry check; and a local, state, and a local, state, and national criminal history.

Component Types
Type	Criteria
Type 1	1. Participates in exercise, drill, or simulation at least once every year 2. Background checks as applicable law permits and requires 3. Active security clearance

Professional and Technical Licenses and Certifications

Not Specified

Component Types
Type	Criteria
Type 1	Not Specified

Composition and Ordering Specifications
Specification
Discuss logistics for deploying this position, such as security, lodging, transportation, and meals, prior to deployment
This position typically works 12 hours per shift, is self-sustainable for 72 hours, and is deployable for up to 14 days

892

Notes

References
Reference
Initiative for Cybersecurity Education, National Cybersecurity Workforce Framework, v.2, May 2014