Abstract
Critical infrastructures (e.g. water, energy, transport) use Operational Technologies to provide their services. Operational Technologies are engineering equipment traditionally built for safety and resilience which, over the last few years, have been digitised and connected to the Internet. This creates new avenues for cyber security attacks: blackouts in power stations, pollution of water supply, hacked traffic signals.
The Network and Information Systems Security (NIS) directive aims to improve the baseline level of security across critical infrastructures. Since 2018, the European
Union member states and the UK have been working on implementing it. NIS raises questions about defining scope, providing evidence or mobilising funding for digital innovation. Most importantly, critics have questioned whether it would become a tick-box exercise or lead to long-term improvements in security practices. In order to understand possible pathways of policy implementation, this research sought to
understand how the Operational Technology expertise in critical infrastructure security is created. The notion of technical expertise is crucial to understand, as it is increasingly influencing the direction of policies like NIS, by providing advice and shaping the scope. We conducted interviews with 30 cyber security practitioners in the UK: including sectoral regulators, infrastructure operators, lawyers, consultants and training providers.
The Network and Information Systems Security (NIS) directive aims to improve the baseline level of security across critical infrastructures. Since 2018, the European
Union member states and the UK have been working on implementing it. NIS raises questions about defining scope, providing evidence or mobilising funding for digital innovation. Most importantly, critics have questioned whether it would become a tick-box exercise or lead to long-term improvements in security practices. In order to understand possible pathways of policy implementation, this research sought to
understand how the Operational Technology expertise in critical infrastructure security is created. The notion of technical expertise is crucial to understand, as it is increasingly influencing the direction of policies like NIS, by providing advice and shaping the scope. We conducted interviews with 30 cyber security practitioners in the UK: including sectoral regulators, infrastructure operators, lawyers, consultants and training providers.
| Original language | English |
|---|---|
| Type | Policy briefing |
| Media of output | Text |
| Number of pages | 2 |
| Publication status | Published - Sept 2020 |
Fingerprint
Dive into the research topics of 'Regulating digitisation of critical infrastructure: cyber security decisions must be based on robust evidence'. Together they form a unique fingerprint.Projects
- 1 Finished
-
How many shades of NIS? Understanding organisational cultures and sectoral differences during cyber security policy implementation
Michalec, O. (Principal Investigator), Rashid, A. (Principal Investigator), Milyaeva, S. (Co-Investigator) & van der Linden, D. (Co-Investigator)
1/08/19 → 31/03/21
Project: Research
Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver