Human and Organizational Aspects of Cyber Security : From a System Suppliers Perspective

Abstract: SCADA systems have been successfully implemented in industries like oil, gas and electricity for maintenance, monitoring and control. While these systems provide immense advantage in terms of productivity, management and performance, they are also prone to exploitation and problems. These SCADA systems largely consist of network infrastructure which is subject to cyber security issues. Most of the weaknesses, or threats posed to these systems can be eliminated or reduced if the human aspect associated with them can be explored and corrected if needed. Because of human involvement in planning, designing, developing, deployment and operating of such systems, probability of flaws will always be present. This study focuses on such human aspects which effect cyber security in SCADA systems. We identified common mistakes which can be attributed to human error or negligence. A set of causes was then identified by use of interviews and finally, a Bayesian model was developed to simulate the identified cases and mistakes. We analyzed the influence and probability of occurrence of mistakes using this model. Our results prove that causes of the mistakes resulting in security problems for SCADA systems are directly related to human aspects. Furthermore, we identified some of the most prominent of these causes in this study. Based on the identified causes and mistakes, we suggested mitigation strategies to cater the problems faced.