A high level scan of the literature (Table 1) and brief conversations with cyber security specialists shows there appears to be a good understanding of the layers of risk in SCADA systems by professionals (Figure 1). This understanding, however, may not extend to Directors and Senior Executives – the ultimate owners of these risks and their implications.
Figure 1: Some high level cyber security issues raised by the move from private serial networks to IP based networks
Relevant gaps for ‘something different’ in a whitepaper
A scan of some of the available literature shows two gaps that may be of interest:
- A subtle gap appears to be the area of convergence between cyber, operational and physical risks driven by the move from private serial networks to IP networks. This move is a double-edged sword increasing productivity alongside vulnerabilities.
- The further gap is a holistic expression of the cyber security threat to SCADA and its implications in a language Boards and C-level executives understand. Efforts at filling this gap would support key IT influencers and decision makers in their internal recommendations process to this stakeholder group.
This information would be drawn from the existing literature. Non-exhaustive, SCADA security related areas and references are tabulated below. This reference list would be fleshed-out in the whitepaper development process, including source article identification, referencing and triangulation.
Table 1: Light touch examples of existing news articles and grey literature.