Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems

The extensive integration of interconnected devices and the inadvertent information obtained from untrusted sources has exposed the Industrial Control Systems (ICS) ecosystem to remote attacks by the exploitation of new and old vulnerabilities. Unfortunately, although recognized as an emerging risk based on the recent rise of cyber attacks, cybersecurity for ICS has not been addressed adequately both in terms of technology but, most importantly, in terms of organizational leadership and policy. In this paper, we will present our findings regarding the cybersecurity challenges for Smart Grid and ICS and the need for changes in the way that organizations perceive cybersecurity risk and leverage resources to balance the needs for information security and operational security. Moreover, we present empirical data that point to cybersecurity governance and technology principles that can help public and private organizations to navigate successfully the technical cybersecurity challenges for ICS and Smart Grid systems. We believe that by identifying and mitigating the inherent risks in their systems, operations, and processes, enterprises will be in a better position to shield themselves and protect against current and future cyber threats.