Abstract
Looking back over papers, publications and standards for the security of Industrial Control Systems (ICSs), it is striking how little human factors featured in the early days. Very extensive discussions of ‘Defence in Depth’ took no real notice of the risk to systems from poor security awareness, lack of training or malicious or casual behaviour. More recently, human factors have been recognised as a significant factor in securing ICS, but even now there has been relatively little consideration of this as much more than a footnote to detailed technical analysis and recommendations. This article examines the key considerations, develops them into some areas which may not be immediately apparent, and highlights the ways in which human factors in ICS security may differ from the security of conventional IT systems.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
