Developments in improved monitoring, asset management and resource efficiencies led to the water industry promising a step-change in the design and operation of these facilities: the “blending” of traditional engineering equipment with digital technologies. These apparent benefits inevitably produce new challenges of regulating an emerging techno-political landscape. One of the regulations is Europe’s Network and Information Systems Security Directive which aims to improve cyber security across critical infrastructure providers. This paper focuses on the implementation of NIS in the context of the water sector in England. At the national and supranational levels, NIS acts as a boundary object that gathers diverse communities of practice without the need to establish common goals. Further, in the process of transposing the Directive into the sectoral context, NIS requires interpretation by expert communities. We show how translating the regulatory scope to the sectoral landscape involves prioritizing some water governance goals over others. As diverse expert communities converge in their collaboration practices, their priorities align or stand in tension with public interests. We argue that cyber security regulations have potential to reconfigure water governance by refocusing strategic priorities away from traditional concerns of environmental governance. We suggest ways to maintain diverse collaborations across engineering, computing and water expertise that NIS implementation remains aligned with the goals of water governance.
Bibliographical noteFunding Information:
The authors thank their participants for sharing the insights and inviting them to their professional events. The authors disclosed receipt of the following financial support for the research and/or authorship of this article: This research is supported by the Research Institute in Trustworthy Inter‐connected Cyber‐physical Systems (RITICS); project title: “How many shades of NIS? Understanding Organizational Cybersecurity Cultures and Sectoral Differences”. RITICS is funded by the National Cyber Security Centre.
© 2021 The Authors. Regulation & Governance published by John Wiley & Sons Australia, Ltd.
- critical infrastructure
- cyber security
- science and technology studies