The shadow warriors : in the no man’s land between industrial control systems and enterprise IT systems

Zanutto, Alberto and Shreeve, Benjamin Oliver and Follis, Karolina and Busby, Jeremy Simon and Rashid, Awais (2017) The shadow warriors : in the no man’s land between industrial control systems and enterprise IT systems. In: 3rd Workshop on Security Information Workers (WSIW 2017) : In conjunction with 13th Symposium on Usable Privacy and Security (SOUPS). USENIX Association.

[thumbnail of shadow_warriors_camera_ready]
PDF (shadow_warriors_camera_ready)
shadow_warriors_camera_ready.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (342kB)


Modern production processes are heavily reliant on industrial control systems (ICS) to help automate large-scale facilities. The security of these systems is paramount as evidenced by high profile attacks such as those against Iran’s nuclear facilities and the Ukrainian Power Grid. Existing research has largely focused on technical measures against such attacks and little attention has been given to the security challenges and complexities arising from non-technical factors. For instance, cyber security workers need to maintain security whilst satisfying the demands of varied stakeholders such as managers, control engineers, enterprise IT personnel and field site operators. Existing ICS models, such as the Purdue model, tend to abstract away such complexities. In this paper, we report on initial findings from interviews with 25 industry operatives in the UK and Italy. Our analysis shows that the varying demands of various stakeholders in an ICS represent many complexities that we term grey area. Security workers often play the role of shadow warriors tackling the competing and complex demands in these grey areas while protecting themselves, their integrity and credibility.

Item Type:
Contribution in Book/Report/Proceedings
ID Code:
Deposited By:
Deposited On:
20 Jun 2017 15:18
Last Modified:
22 Apr 2024 23:42