|Annie McIntyre, Blair Becker, Ron Halbgewachs|
This document describes the foundations of metrics, discusses application of these metrics to control system environments, introduces a metrics taxonomy, and suggests usage of metrics to achieve operational excellence. The security metrics work package began as part of the overall National SCADA Test Bed Program to address the applicability of security metrics to control system and operational environments. One of the four fundamental goals delineated within the Roadmap to Secure Control Systems in the Energy Sector (2005) is the development of the capability to measure and assess security posture. This metrics team was tasked to develop an approach to security metrics as they pertain to control systems, including development of a metrics taxonomy and guidelines for using metrics. This approach is targeted at the organizational level for an audience of asset owners and control systems management.