{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:33:44Z","timestamp":1777455224334,"version":"3.51.4"},"reference-count":73,"publisher":"SAGE Publications","issue":"1","license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"the National Cyber Security Centre"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Big Data & Society"],"published-print":{"date-parts":[[2022,1]]},"abstract":"Big data technologies are entering the world of ageing computer systems running critical infrastructures. These innovations promise to afford rapid Internet connectivity, remote operations or predictive maintenance. As legacy critical infrastructures were traditionally disconnected from the Internet, the prospect of their modernisation necessitates an inquiry into cyber security and how it intersects with traditional engineering requirements like safety, reliability or resilience. Looking at how the adoption of big data technologies in critical infrastructures shapes understandings of risk management, we focus on a specific case study from the cyber security governance: the EU Network and Information Systems Security Directive. We argue that the implementation of Network and Information Systems Security Directive is the first step in the integration of safety and security through novel risk management practices. Therefore, it is the move towards legitimising the modernisation of critical infrastructures. But we also show that security risk management practices cannot be directly transplanted from the safety realm, as cyber security is grounded in anticipation of the future adversarial behaviours rather than the history of equipment failure rates. Our analysis offers several postulates for the emerging research agenda on big data in complex engineering systems. Building on the conceptualisations of safety and security grounded in the materialist literature across Science and Technology Studies and Organisational Sociology, we call for a better understanding of the \u2018making of\u2019 technologies, standardisation processes and engineering knowledge in a quest to build safe and secure critical infrastructures.<\/jats:p>","DOI":"10.1177\/20539517221108369","type":"journal-article","created":{"date-parts":[[2022,6,29]],"date-time":"2022-06-29T01:15:35Z","timestamp":1656465335000},"update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":25,"title":["When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?"],"prefix":"10.1177","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3807-0197","authenticated-orcid":false,"given":"Ola","family":"Michalec","sequence":"first","affiliation":[{"name":"The University of Bristol, Bristol, UK"},{"name":"Bristol Cyber Security Research Group, Bristol, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0156-5359","authenticated-orcid":false,"given":"Sveta","family":"Milyaeva","sequence":"additional","affiliation":[{"name":"The University of Bristol, Bristol, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0109-1341","authenticated-orcid":false,"given":"Awais","family":"Rashid","sequence":"additional","affiliation":[{"name":"The University of Bristol, Bristol, UK"},{"name":"Bristol Cyber Security Research Group, Bristol, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2022,6,28]]},"reference":[{"key":"bibr1-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"bibr2-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1093\/CYBSEC\/TYY006"},{"key":"bibr3-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0967010614539719"},{"key":"bibr4-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1080\/23742917.2016.1252211"},{"key":"bibr5-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0967010610382687"},{"key":"bibr6-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1068\/a250301"},{"key":"bibr7-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1049\/CP.2018.0024"},{"key":"bibr8-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/2492007.2492018"},{"key":"bibr9-20539517221108369","unstructured":"Cabinet Office (2022) National cyber strategy. Available at: https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/1053023\/national-cyber-strategy-amend.pdf (accessed 13 June 2022)."},{"key":"bibr10-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.09.009"},{"key":"bibr11-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1093\/scipol\/scy061"},{"key":"bibr12-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1007\/s11191-005-2389-6"},{"key":"bibr13-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1080\/21624887.2020.1792158"},{"key":"bibr14-20539517221108369","unstructured":"\u00a0Department for Digital, Culture, Media and Sport \u2013 DCMS (2018) The NIS regulations. Available at: https:\/\/www.gov.uk\/government\/collections\/nis-directive-and-nis-regulations-2018"},{"key":"bibr15-20539517221108369","unstructured":"Department for Digital, Culture, Media and Sport \u2013 DCMS (2021) Government response to the call for views on amending the security of network and information systems regulations. Policy paper. Available at: https:\/\/www.gov.uk\/government\/publications\/government-response-on-amending-the-nis-regulations\/government-response-to-the-call-for-views-on-amending-the-security-of-network-and-information-systems-regulations"},{"key":"bibr16-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1111\/j.1468-4446.2009.01303.x"},{"key":"bibr17-20539517221108369","unstructured":"Dragos (2019) Key Considerations for Selecting an Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response. Report. 2019. Available at: https:\/\/www.dragos.com\/wp-content\/uploads\/Key-Considerations-Industrial-Cybersecurity-Solution.pdf"},{"key":"bibr18-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1111\/misr.12023"},{"key":"bibr19-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2009.08.006"},{"key":"bibr20-20539517221108369","doi-asserted-by":"publisher","DOI":"10.17645\/pag.v6i2.1385"},{"key":"bibr21-20539517221108369","unstructured":"Dwyer AC (2018) The NHS cyber-attack: A look at the complex environmental conditions of WannaCry.\n RAD Magazine\n , 44."},{"key":"bibr22-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1111\/area.12728"},{"key":"bibr23-20539517221108369","first-page":"1","author":"Elish MC","year":"2019","journal-title":"Engaging Science, Technology, and Society"},{"key":"bibr24-20539517221108369","unstructured":"European Commission (2016) NIS Directive. Available at: https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/nis-directive"},{"key":"bibr25-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1017\/S0260210521000681"},{"key":"bibr26-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2782813"},{"key":"bibr27-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/S0925-7535(00)00014-X"},{"key":"bibr28-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1057\/s41599-020-00667-9"},{"key":"bibr29-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1080\/10429247.2013.11431973"},{"key":"bibr30-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0309132513506270"},{"key":"bibr31-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0162243921992844"},{"key":"bibr32-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/2053951720985557"},{"key":"bibr33-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/3274361"},{"key":"bibr34-20539517221108369","doi-asserted-by":"publisher","DOI":"10.4159\/9780674039681"},{"key":"bibr35-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.ress.2015.02.008"},{"key":"bibr36-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1111\/1468-4446.12746"},{"key":"bibr37-20539517221108369","unstructured":"Martin A (2021) UK Cyber security law forcing energy companies to report hacks has led to no reports, despite numerous hacks.\n Sky News\n . Available at: https:\/\/news.sky.com\/story\/uk-cyber-security-law-forcing-energy-companies-to-report-hacks-has-led-to-no-reports-despite-numerous-hacks-12254296"},{"key":"bibr38-20539517221108369","unstructured":"Matthew A, Cheshire C (2016) Trust and community in the practice of network security. Preprint. Available at: https:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2756244"},{"key":"bibr39-20539517221108369","first-page":"301","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)","author":"Michalec OA","year":"2020"},{"key":"bibr40-20539517221108369","first-page":"1","author":"Michalec O","year":"2021","journal-title":"Regulation & Governance"},{"key":"bibr41-20539517221108369","unstructured":"Michels JD, Walden I (2018) How safe is safe enough? Improving cybersecurity in Europe\u2019s critical infrastructure under the NIS directive. Queen Mary School of Law Legal Studies Research Paper No. 291\/2018, Available at SSRN: https:\/\/ssrn.com\/abstract=3297470"},{"key":"bibr42-20539517221108369","doi-asserted-by":"publisher","DOI":"10.4225\/75\/5a84f7b595b4e"},{"key":"bibr43-20539517221108369","unstructured":"National Cyber Security Centre (2019) Cyber assessment framework guidance. Available at: https:\/\/www.ncsc.gov.uk\/collection\/caf"},{"key":"bibr44-20539517221108369","unstructured":"National Cyber Security Centre (2021) Technology assurance. Guidance. Available at: https:\/\/www.ncsc.gov.uk\/collection\/technology-assurance\/future-technology-assurance\/whitepaper-developing-a-new-approach-to-assurance"},{"key":"bibr45-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1353\/tech.2015.0065"},{"key":"bibr47-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2017.3680959"},{"key":"bibr48-20539517221108369","unstructured":"Perrow C (1984) Normal Accidents: Living with High-Risk Technologies. Princeton University Press, pp. 1\u2013466."},{"key":"bibr49-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/2073276"},{"key":"bibr50-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2010.06.003"},{"key":"bibr51-20539517221108369","unstructured":"Pinch TJ, Bijker WE (1984) The social construction of facts and artifacts: or how the sociology of science and the sociology of technology might benefit each other. The Social Construction of Technological Systems: New Directions in the Sociology and History of Technology: Anniversary Edition, 11\u201344. Available at: https:\/\/mitpress.mit.edu\/books\/social-construction-technological-systems-anniversary-edition (Accessed: December 16, 2021)."},{"key":"bibr52-20539517221108369","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/9780262162524.001.0001"},{"key":"bibr53-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0306312719889405"},{"key":"bibr54-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.10.007"},{"key":"bibr55-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.06.006"},{"key":"bibr56-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0306312719867768"},{"key":"bibr57-20539517221108369","doi-asserted-by":"publisher","DOI":"10.4324\/9781351106177"},{"key":"bibr58-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/3419101"},{"key":"bibr59-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2019.8884963"},{"key":"bibr60-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1111\/rego.12168"},{"key":"bibr61-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/3411763.3451731"},{"key":"bibr62-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1111\/rego.12251"},{"key":"bibr63-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1177\/0306312717741687"},{"key":"bibr64-20539517221108369","first-page":"1","volume":"2021","author":"Stilgoe J","year":"2021","journal-title":"Ethics and Information Technology"},{"key":"bibr65-20539517221108369","volume-title":"Human-machine Reconfigurations: Plans and Situated Actions","author":"Suchman L","year":"2007"},{"key":"bibr66-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2018.0033"},{"key":"bibr67-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2021.e05969"},{"key":"bibr68-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.41"},{"key":"bibr69-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1145\/3411498.3419970"},{"key":"bibr70-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102324"},{"key":"bibr71-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2017.12.004"},{"key":"bibr72-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSA49311.2020.9139641"},{"key":"bibr73-20539517221108369","doi-asserted-by":"publisher","DOI":"10.1109\/EUROSPW51379.2020.00047"},{"key":"bibr74-20539517221108369","unstructured":"Wynne B, Waterton C, Grove-White R (2007) Public perceptions and the nuclear industry in west Cumbria. Available at: http:\/\/inis.iaea.org\/Search\/search.aspx?orig_q=RN:34004547 (Accessed: December 16, 2021)."}],"container-title":["Big Data & Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/20539517221108369","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/20539517221108369","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/20539517221108369","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T12:58:35Z","timestamp":1777381115000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/20539517221108369"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1]]},"references-count":73,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1]]}},"alternative-id":["10.1177\/20539517221108369"],"URL":"https:\/\/doi.org\/10.1177\/20539517221108369","relation":{},"ISSN":["2053-9517","2053-9517"],"issn-type":[{"value":"2053-9517","type":"print"},{"value":"2053-9517","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1]]},"article-number":"20539517221108369"}}