Home > Research > Publications & Outputs > The shadow warriors

Electronic data

  • shadow_warriors_camera_ready

    Final published version, 334 KB, PDF-document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

View graph of relations

The shadow warriors: in the no man’s land between industrial control systems and enterprise IT systems

Research output: Contribution in Book/Report/ProceedingsConference contribution

Forthcoming
Publication date13/06/2017
Host publication3rd Workshop on Security Information Workers (WSIW 2017): In conjunction with 13th Symposium on Usable Privacy and Security (SOUPS)
PublisherUSENIX Association
Number of pages6
<mark>Original language</mark>English

Abstract

Modern production processes are heavily reliant on industrial control systems (ICS) to help automate large-scale facilities. The security of these systems is paramount as evidenced by high profile attacks such as those against Iran’s nuclear facilities and the Ukrainian Power Grid. Existing research has largely focused on technical measures against such attacks and little attention has been given to the security challenges and complexities arising from non-technical factors. For instance, cyber security workers need to maintain security whilst satisfying the demands of varied stakeholders such as managers, control engineers, enterprise IT personnel and field site operators. Existing ICS models, such as the Purdue model, tend to abstract away such complexities. In this paper, we report on initial findings from interviews with 25 industry operatives in the UK and Italy. Our analysis shows that the varying demands of various stakeholders in an ICS represent many complexities that we term grey area. Security workers often play the role of shadow warriors tackling the competing and complex demands in these grey areas while protecting themselves, their integrity and credibility.