On materialities of risk: how digital innovations challenge the notion of expertise in critical infrastructures

Keywords: cybers security, safety, expertise, infrastructures
Session Type: Virtual Paper Abstract
Day: Friday
Session Start / End Time: 2/25/2022 09:40 AM (Eastern Time (US & Canada)) - 2/25/2022 11:00 AM (Eastern Time (US & Canada))
Room: Virtual 75

Abstract

The infamous Stuxnet worm targeted industrial control systems operating nuclear centrifuges In Natanz, Iran, causing them to accelerate and fall apart (Stevens 2020). The incident generated discussions about the novel risks of living with interconnected digital infrastructures. While risk management practices are not new in the field of Information Technologies (IT) security, the opposite is true in the recently internet-enabled engineering infrastructures known under as Operational Technologies – OT (Urquhart and McAuley 2018). This distinction is important as it informs who gets to conceptualise risk, how do they do it and why.

Although the notion of cyber security risk is still novel in critical infrastructures, a cognate area of “safety research” offers to lend useful insights to security practitioners and scholars alike (Downer 2010; Stilgoe 2021). Although one could argue that safety and security concerns are conceptually different, the current direction in policy and practice is to integrate these two requirements through the harmonisation of regulatory frameworks, product standards and professional training (Kriaa et al. 2015).

The presentation will address the following question “How does the emergence of big data practices in critical infrastructures shape the plural understandings of risk management?” Our empirical contribution will focus on a case study from the UK cyber security governance, where I will argue that the implementation of the EU Network and Information Systems Directive (NIS) is the first step towards the integration of safety and security concerns across critical infrastructure providers.