The Shadow Warriors: In the no man's land between industrial control systems and enterprise IT systems.

Modern production processes are heavily reliant on industrial control systems (ICS) to help automate large-scale facilities. The security of these systems is paramount as evidenced by high profile attacks such as those against Iran’s nuclear facilities and the Ukrainian Power Grid. Existing research has largely focused on technical measures against such attacks and little attention has been given to the security challenges and complexities arising from non-technical factors. For instance, cyber security workers need to maintain security whilst satisfying the demands of varied stakeholders such as managers, control engineers, enterprise IT personnel and field site operators. Existing ICS models, such as the Purdue model, tend to abstract away such complexities. In this paper, we report on initial findings from interviews with 25 industry operatives in the UK and Italy. Our analysis shows that the varying demands of various stakeholders in an ICS represent many complexities that we term grey area. Security workers often play the role of shadow warriors tackling the competing and complex demands in these grey areas while protecting themselves, their integrity and credibility.