Strengths and Knowledge Gaps Identified From Cybersecurity Education and Training Programs, and the Implications for Operational Technology Personnel in Critical Infrastructures: A Scoping Review

Strengths and Knowledge Gaps Identified From Cybersecurity Education and Training Programs, and the Implications for Operational Technology Personnel in Critical Infrastructures: A Scoping Review

Critical infrastructures, such as energy or water management, provide services that are essential to society’s function. With the advent of digitalization and Industry 4.0, these infrastructures have transitioned from offline, self-contained systems to digitally interconnected networks. W...

Full description

Saved in:
Bibliographic Details
Main Authors: Leanne Noelle Strom Torgersen, Elizabeth Rebecca Noble, Torvald Fossaen Ask, Benjamin J. Knox
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Operational technology
critical infrastructure
cybersecurity training and education
human factors
facilitators and barriers to learning
cybersecurity performance metrics
Online Access:https://ieeexplore.ieee.org/document/11104227/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Critical infrastructures, such as energy or water management, provide services that are essential to society’s function. With the advent of digitalization and Industry 4.0, these infrastructures have transitioned from offline, self-contained systems to digitally interconnected networks. While these advancements have streamlined operations, they have also left critical infrastructures vulnerable to cyber threats. Training all users, including non-technical personnel, in cybersecurity is crucial to safeguard these systems. However, current trainings primarily focus on information technology personnel rather than addressing the needs of non-information technology personnel such as operational technology. This scoping review aimed to address this gap by systematically mapping the available academic literature on cybersecurity education and training programs, particularly focusing on operational technology. The objectives were to identify what different training tools and approaches existed, what knowledge gaps from published literature remained, and what were the potential facilitators and barriers with developing cybersecurity trainings tailored for operational technology environments. Following the JBI methodology, 837 articles were retrieved from 8 databases, with 132 articles included in the final analysis. 39 studies specifically targeted operational technology. The results showed several studies utilized active learning approaches including testbeds, simulations, and gamification. There was, however, a lack of consistent application of performance measurements, with 9 papers specifying self-efficacy as a performance measure. From mapping facilitators, the review presents that, through a co-creative process, tailored cybersecurity education and training programs can be developed to address the needs of operational technology, in turn contributing to the overall cyber-resilience of organizations through increased self-efficacy of personnel.
ISSN:2169-3536

Similar Items