Achieving cybersecurity improvements through Enterprise Systems Engineering

Wallis, T. (2020) Achieving cybersecurity improvements through Enterprise Systems Engineering. In: ASEC 2020 Conference, 17-18 Nov 2020,

[img] Text
228994.pdf - Published Version

287kB

Abstract

The Critical Infrastructures (CI) that provide essential services such as energy, water and transport have been undergoing a digital transformation to achieve more effective and efficient operations. These changes are increasing the potential attack surface and exposure to cybersecurity incidents. The EU Directive on Security of Network and Information Systems (NIS Directive) (National Cyber Security Centre, 2018) has brought a new emphasis on improving the cybersecurity of essential services. It has introduced mandatory incident reporting and a framework to raise the cybersecurity and resilience levels of CI. Rather than a dislocated approach to managing the system in parts, taking on responsibility for cybersecurity requires an integrated, whole-system governance approach, to discover the full end-toend picture and risk assess the potential gaps in security. The NIS Directive expects cybersecurity to be managed through the wider system of contractors and sub-contractors and vendors to the sector, all participating in a complex adaptive system. From whole organisations down to products, components and data flows, deciding the scope of critical systems that support essential services has integrated activity across different work areas such as operational technologies, enterprise IT and telecoms networks. Understanding the end-to-end system and whole enterprise interactions is necessary to achieve the outcome-based nature of the NIS Directive. This paper investigates the activities that have evolved to secure the broader and deeper supply chains as well as internal networks and systems of CI organisations. Enterprise Systems Engineering (ESE) is introduced as a tool to facilitate the shared cybersecurity requirements across organisations for securing essential services, streamlining whole system security behaviours of people, processes and technology towards a more resilient CI.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Wallis, Dr Tania
Authors: Wallis, T.
College/School:College of Science and Engineering > School of Computing Science
Copyright Holders:Copyright © 2020 by Tania Wallis
First Published:First published in ASEC 2020 Proceedings
Publisher Policy:Reproduced with the permission of the author
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record