Thesis

How can we design a socio-technical, interorganisational response to ensure better cybersecurity for critical infrastructure?

Downloadable Content

Download PDF
Creator
Rights statement
Awarding institution
  • University of Strathclyde
Date of award
  • 2023
Thesis identifier
  • T16618
Person Identifier (Local)
  • 201455935
Qualification Level
Qualification Name
Department, School or Faculty
Abstract
  • The monitoring and control of critical infrastructures enables greater efficiencies and more effective operation. However, growing complexities across these interconnected systems brings a higher risk of cyber-attack. This thesis explores the organisational and regulatory aspects of improving the cybersecurity of Critical Infrastructure, proposing a cooperative socio-technical response across public and private actors. Alongside a transforming energy sector, to integrate renewable generation and electrify heat and transport, a significant cybersecurity response is also required. This research provides a thorough investigation of cybersecurity concerns of energy utilities to explain their organisational and sectoral context. A case study of public-private partnership in the European energy sector serves to demonstrate private actors fostering public values to protect grid networks and energy services. This evidence-based analysis of the formation of an ISAC demonstrates the qualities that built a trusted network and deepened cooperation among energy sector participants both within Europe and globally. It recommends a new approach going forward for the ISAC to integrate their actions into the changing regulatory landscape and cross-border requirements of the continental synchronous grid area. A study of interorganisational cooperation within the context of securing supply chains to critical infrastructure contributes a cross-industry comparison of the UK’s implementation of the NIS Directive. This compares experiences in Energy, Water & Aviation evaluating their response to NIS interventions and the extent of their ability to oversee supply chain cybersecurity. It recommends an approach to supply chain oversight to achieve a balance between control and cooperation, that enhances the existing UK NCSC guidance. These insights can be more broadly applied now that NIS2 proposes all member states include supply chain responsibilities in their NIS expectations. Central to this work was the need to establish an orient function, as a foundation for energy operators to orient themselves among the interdependencies of critical infrastructure, to better understand their place and responsibility to secure assets and services, for their own business and for the energy system as a whole. The multi-actor collaborative approach proposed, and validated in practice groups, establishes a necessary Orientation function and enables a clearer understanding of cybersecurity risk by all participants.
Advisor / supervisor
  • Irvine, James, 1968-
Resource Type
DOI

Relations

Items

Thumbnail Title Date Uploaded Visibility Actions
file details PDF of thesis T16618 2023-06-19 Public Download