Evaluating the Security Posture and Protection of Critical Assets of Industrial Control Systems in Zambia

Abstract

The number of successful attacks on vital infrastructure has increased, as has the sophistication of the attacks. Many cybersecurity strategies include traditional best practices, but they frequently overlook organizational circumstances and unique critical infrastructure protection requirements. The goal of this qualitative multiple case research was to look into the cybersecurity tactics employed by IT managers and compliance officers to protect critical infrastructure from cyber threats. The participants in this study were IT managers and compliance officials from four Zambian case organizations. The conceptual framework was based on the routine activity theory published by criminologists Cohen and Felson in 1979. Interviews with two IT managers, three compliance officers, and 25 papers relating to cybersecurity and policy governance were used to gather data. Four significant themes emerged from data triangulation: the need for a robust worker training program, prioritizing infrastructure resiliency, the importance of security awareness, and the importance of organizational leadership support and investment. This research uncovered essential tactics that can help OT and compliance professionals enhance their cybersecurity strategy, which can help reduce successful assaults on critical infrastructure. The study findings will contribute to positive social change through an exploration and contextual analysis of cybersecurity strategy with situational awareness of OT practices to enhance cyber threat mitigation and inform business processes.