Reconfiguring governance: How cyber security regulations are reconfiguring water governance

Michalec, Ola; Milyaeva, Sveta; Rashid, Awais

doi:10.1111/rego.12423

Cited by 14 publications

(22 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As both IT and OT systems are gaining Internet connectivity and real-time analytics functionalities, they are 'blending' into a single entity. And so are the previously separate concerns for cyber security and safety (Michalec et al, 2021). In short, contemporary 'big data' practices of OT and IT professionals are reconfiguring what critical infrastructures are made of.…”

Section: Operational Technologies Versus Information Technologiesmentioning

confidence: 99%

“…Understanding risk management in critical infrastructures is a multifaceted issue of both qualitative and quantitative nature (Shreeve et al 2020). Despite the rise of rule-based and probabilistic risk methodologies, for example, attack trees, attribute-based algorithms (Tatam et al, 2021), security risk is ‘incalculable’ since there are limits of what could be inferred from scientific data (Amoore, 2014: 424).…”

Section: Introductionmentioning

confidence: 99%

“…Previous risk studies embedded in the critical infrastructure context highlighted that risk assessments are collaborative processes, rather than a matter of following a formal methodology (Frey et al, 2019; Shreeve et al, 2020). In doing so, they challenge the trope of ‘security expertise’ being solely a technical and individual matter.…”

Section: Introductionmentioning

confidence: 99%

“…weaknesses in computer systems) are thought about most commonly, and assets (i.e. equipment, documents, employees) least often, leading to an over-reliance on vulnerabilities-centred threat assessments (Shreeve et al 2020). Moreover, risk thinking is ‘front-loaded,’ as practitioners tend to think about risk in the beginning of the decision-making process, rather than systematically throughout the lifecycle of OT systems (Shreeve et al, 2020).…”

Section: Introductionmentioning

confidence: 99%

“…equipment, documents, employees) least often, leading to an over-reliance on vulnerabilities-centred threat assessments (Shreeve et al 2020). Moreover, risk thinking is ‘front-loaded,’ as practitioners tend to think about risk in the beginning of the decision-making process, rather than systematically throughout the lifecycle of OT systems (Shreeve et al, 2020). Meanwhile, as threats in cybersecurity evolve over time, risk management ought to be iterative and regularly updated (Ani et al, 2016; Frey et al, 2019).…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?

2022

Self Cite

View full text Add to dashboard Cite

Big data technologies are entering the world of ageing computer systems running critical infrastructures. These innovations promise to afford rapid Internet connectivity, remote operations or predictive maintenance. As legacy critical infrastructures were traditionally disconnected from the Internet, the prospect of their modernisation necessitates an inquiry into cyber security and how it intersects with traditional engineering requirements like safety, reliability or resilience. Looking at how the adoption of big data technologies in critical infrastructures shapes understandings of risk management, we focus on a specific case study from the cyber security governance: the EU Network and Information Systems Security Directive. We argue that the implementation of Network and Information Systems Security Directive is the first step in the integration of safety and security through novel risk management practices. Therefore, it is the move towards legitimising the modernisation of critical infrastructures. But we also show that security risk management practices cannot be directly transplanted from the safety realm, as cyber security is grounded in anticipation of the future adversarial behaviours rather than the history of equipment failure rates. Our analysis offers several postulates for the emerging research agenda on big data in complex engineering systems. Building on the conceptualisations of safety and security grounded in the materialist literature across Science and Technology Studies and Organisational Sociology, we call for a better understanding of the ‘making of’ technologies, standardisation processes and engineering knowledge in a quest to build safe and secure critical infrastructures.

show abstract

Section: Operational Technologies Versus Information Technologiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?

2022

Self Cite

View full text Add to dashboard Cite

show abstract

Security Culture in Industrial Control Systems Organisations: A Literature Review

Evripidou

Ani

Watson

et al. 2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

Industrial control systems (ICS) are a key element of a country's critical infrastructure, which includes industries like energy, water, and transport. In recent years, an increased convergence of operational and information technology has been taking place in these systems, increasing their cyber risks, and making security a necessity. People are often described as one of the biggest security risks in ICS, and historic attacks have demonstrated their role in facilitating or deterring them. One approach to enhance the security of organisations using ICS is the development of a security culture aiming to positively influence employees' security perceptions, knowledge, and ultimately, behaviours. Accordingly, this work aims to review the security culture literature in organisations which use ICS and the factors that affect it, to provide a summary of the field. We conclude that the factors which affect security culture in ICS organisations are in line with the factors discussed in the general literature, such as security policies and management support. Additional factors related to ICS, such as safety culture, are also highlighted. Gaps are identified, with the limited research coverage being the most prominent. As such, proposals for future research are offered, including the need to conduct research with employees whose roles are not security related.

show abstract

Participation of Cybersecurity Practitioners in a Cybersecurity CoP in Africa

Mabaso,

Kabanda

2024

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Reconfiguring governance: How cyber security regulations are reconfiguring water governance

Cited by 14 publications

References 62 publications

When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?

When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?

Security Culture in Industrial Control Systems Organisations: A Literature Review

Participation of Cybersecurity Practitioners in a Cybersecurity CoP in Africa

Contact Info

Product

Resources

About