Using integrated system theory approach to assess security for SCADA systems cyber security for critical infrastructures: A pilot study

The security of system that monitor critical infrastructure are vital. The possibility of critical infrastructure services being disrupted would have a significant impact on the wider society as it involves energy, water, gas, transport, and many more utilities. This paper examines critical infrastructure and the system that monitors and controls critical services. It also measures the information security aspects of the system by adopting Integrated System Theory which covers the importance of enforcing cyber security policies, assessing and managing risks, internal control-management, technical and process controls and information auditing. This study was initiated by preliminary interviews with experts from different countries on the themes of awareness, compliance and assessments, and measures and controls. Subsequently, a pilot study was done by conducting online surveys to practitioners from different countries, and several different critical infrastructure sectors on the existing information security practices in their organisations. We examined the constituents of existing policies, and controls implemented by the organisations. The conclusion was made the pilot study would provide a good basis for estimating and measuring the security awareness and controls implemented at the organisation level.