Augmenting Cybersecurity Awareness at Critical Infrastructures in Developing Countries Through a Cybersecurity Governance Maturity Model

Abstract

As the utilization of cyber systems in the management and operation of critical infrastructures have grown, the cybersecurity threats to critical infrastructure sectors such as energy, healthcare, transportation and water simultaneously increased exponentially. Critical infrastructures in developing countries are particularly vulnerable to growing cybersecurity threats due to limited resources, inadequate cybersecurity policies and a general shortage of skilled cybersecurity specialists. Addressing these vulnerabilities is essential for developing countries to ensure the operational continuity, data protection and public safety associated with functioning critical infrastructures. An explorative literature review identified a number of aspects that can be used to counter the increasing cybersecurity threats to critical infrastructures in developing countries.  Literature suggests that although there are defined norms and standards for critical infrastructures in developing countries, there is room for improvement in terms of the contribution that enhanced cybersecurity awareness can accomplish. A good cybersecurity awareness program must include sufficient training that is aligned with an organization’s objectives, focus on raising cybersecurity awareness while performing normal duties whilst creating an interactive cybersecurity communication culture between all stakeholders. This paper presents research that is in progress to develop a functional cybersecurity governance maturity model aimed at capacitating role players responsible for the safeguarding of critical infrastructure systems in developing countries. The primary aim of the evolving Critical Infrastructure Cyber Governance Maturity Model (CICGM²) is to improve the cybersecurity governance of critical infrastructure systems in developing countries. The purpose of the article is to specifically describe how the CICGM² can be used to assess and determine the level of maturity of cybersecurity awareness programs at critical infrastructures in developing countries. The integration of recognized cybersecurity governance frameworks and established cybersecurity maturity models into the CICGM² presents unique opportunities to establish, measure and manage cybersecurity awareness initiatives at critical infrastructure systems in developing countries. This article contributes to the field of cybersecurity governance by offering a non-technical, scalable and adaptable CICGM² for key stakeholders at critical infrastructures in developing countries that can be used to determine the level of the cybersecurity awareness initiatives for the facilities that they are responsible for.