Back to search

NAERINGSPH-Nærings-phd

How to improve Cyber Security performance by researching human behavior and improve processes in an industrial environment.

Alternative title: Økt Cybersikkerhet for industrien gjennom forskning på mennesker og prosesser.

Awarded: NOK 1.8 mill.

Project Number:

323131

Application Type:

Project Period:

2021 - 2025

Funding received from:

Organisation:

Location:

Reading a cyber security standard is a tedious task, the subject is vast and new for many within the process and manufacturing industry. These obstacles makes it hard to start or to enter into the world of cyber security. The objective for this PhD is to lower the entry barriers and ensure that as many companies as possible are engaged and committed to cyber security. With the above-mentioned obstacles, the resulting product or deliverance from this PhD will be a framework outlining a set of clear recommendations of the minimum measures? companies should implement. The framework will be based on IEC 62443, which is the most used standard for companies operating within the process and manufacturing industry. Furthermore, companies will be categorized to secure that the proposed measures are proportionate and reasonable. However, having a set of measures in place; either technical, procedures or policies have little value if employees don?t act compliant to these rules. As a second research topic, discovering the true drivers behind security compliant behaviour will be researched. The results from this research will assist in the design and ensure that the proposed measures will be followed, this will provide value to the operational success of the framework. The research should provide improved understanding and be of interest and benefit for regulatory institutions, standardization organizations, science, and the industrial market.

Reading a cyber security standard is a tedious task, the subject is vast and new for many withing the process and manufacturing industry. With these inherent obstacles that must be overcome one might say that there are entry barriers into the world of cyber security. However, if these hurdles are overcome and your company have managed to put in place a cyber security program for end-users to follow, this work will be in vain if the management and end-users are not compliant with the system and its policies. This PhD will focus on the two problems above, firstly, lowering the barriers to design and implement a cyber security program, and secondly, research what motivates management and end-users to follow and act compliant with the company’s cyber security program. For the first topic, the idea is to use the latest research on socio-technical system together with IEC62443 and the result should be a set of clear and precise cyber recommendations. For the second topic the idea is to use the four most studied behavioral theories in an information security context: Protection Motivation Theory (PMT), Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), and Technology Acceptance Model (TAM) to uncover the real drivers for cyber security. The result from the second research will be crucial for the operational success of the recommendations from the first research topic. The scope will be on process and manufacturing companies that operates or own a physical production system. Participation should consist of a broad selection from organizations, factory workers, CTO, CISO, IT manager, production manager to mention some positions. Both qualitative and quantitative research methods will be used. For the qualitative an observational descriptive study using in-depth interview or questioner will be used, together with an applied descriptive study to measure the effect of new polices. To conduct quantitative research a quasi-experimental method is proposed.

Funding scheme:

NAERINGSPH-Nærings-phd