Cybersecurity Governance for Critical Infrastructure in Finance and Energy: Bridging the Compliance–Readiness Gap between Saudi Arabia and the United States (OT/IoT, AI, and Post-Quantum Cryptography)
No Thumbnail Available
Date
2025
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
King’s College London
Abstract
This dissertation critically examines the cybersecurity governance of critical infrastructure in Saudi Arabia and the United States, focusing on the finance and energy sectors. It explores how regulatory compliance translates into operational readiness against emerging risks from Operational Technology (OT), Internet of Things (IoT), Artificial Intelligence (AI), and post-quantum cryptography (PQC).
The research applies Digital Security Risk Management (DSRM), the Regulatory Governance and Collective Accountability (RGCA) model, and Calo’s framework on privacy harm to assess the effectiveness of each jurisdiction’s cybersecurity architecture. Through a comparative legal and policy analysis, it identifies systemic gaps that hinder resilience and proposes a governance roadmap for Saudi Arabia to strengthen sectoral coordination, enforce quantum-aware breach disclosure, and institutionalize PQC migration.
Ultimately, the study argues that bridging the compliance–readiness gap requires integrated oversight between legal and technical domains, proactive threat modelling, and adaptive regulatory mechanisms that align with technological evolution and interdependent risk environments.
Description
This dissertation investigates how cybersecurity governance frameworks in Saudi Arabia and the United States address the protection of critical infrastructure in the finance and energy sectors. It highlights the regulatory and technical challenges arising from OT, IoT, AI, and post-quantum cryptography, comparing legal enforcement, agility, and readiness across both jurisdictions. The study proposes a strategic governance model for Saudi Arabia to enhance resilience, compliance, and quantum-era preparedness through integrated legal and technical oversight.
Keywords
critical infrastructure, Saudi Arabia, Cybersecurity governance, United States, operational technology (OT), Internet of Things (IoT), artificial intelligence (AI), post-quantum cryptography (PQC), regulatory compliance, cyber readiness, data protection law, financial sector, energy sector, risk management, digital resilience
Citation
Alshuwaier, Abeer Abdulrahman (2025). Cybersecurity Governance for Critical Infrastructure in Finance and Energy: Bridging the Compliance–Readiness Gap between Saudi Arabia and the United States (OT/IoT, AI, and Post-Quantum Cryptography). Master’s Dissertation, King’s College London, Dickson Poon School of Law.