CYBERSECURITY VULNERABILITIES OF OPERATIONAL TECHNOLOGY AND INFORMATION TECHNOLOGY CONVERGENCE IN POWER PLANTS

The researcher conducted a survey and retained a sample of 160 participants, complemented by 25 semi-structured interviews. These participants included a wide selection of stakeholders versed in the energy sector. With the OT/IT convergence, threats, breaches, vulnerabilities, and risks as variables, the analysis indicated their respective mean scores ranging between 14.34 and 14.74, and standard deviations from 3.87 to 4.65, suggesting a moderate variability in participants’ responses. Further analysis showed a significant correlation between OT/IT convergence and breaches (r= .201), risks (r = .172), vulnerabilities (r = .345), and threats (r = .314). These findings suggested that higher levels of IT/OT convergence yielded increased perception of cybersecurity threats, breaches, risks, and vulnerabilities. The findings also revealed several organizational, technical, and regulatory concerns. Organizationally, these concerns included the lack of proper training, budget constraints, and culture resistance. Technically, network complexity, legacy systems obsolescence, standardization, and equipment interoperability were found challenging. Finally, regulatory issues such as a complex incident reporting process, a compliance budgetary burden, and a non-uniform regulatory landscape constituted the main concerns. This study proposed a set of cybersecurity recommendations.