Cybersecurity Governance for Critical Infrastructure in Finance and Energy: Bridging the Compliance–Readiness Gap between Saudi Arabia and the United States (OT/IoT, AI, and Post-Quantum Cryptography)
| dc.contributor.advisor | Urbelis, Alexander | |
| dc.contributor.author | Alshuwaier, Abeer Abdulrahman | |
| dc.date.accessioned | 2025-11-13T15:07:13Z | |
| dc.date.issued | 2025 | |
| dc.description | This dissertation investigates how cybersecurity governance frameworks in Saudi Arabia and the United States address the protection of critical infrastructure in the finance and energy sectors. It highlights the regulatory and technical challenges arising from OT, IoT, AI, and post-quantum cryptography, comparing legal enforcement, agility, and readiness across both jurisdictions. The study proposes a strategic governance model for Saudi Arabia to enhance resilience, compliance, and quantum-era preparedness through integrated legal and technical oversight. | |
| dc.description.abstract | This dissertation critically examines the cybersecurity governance of critical infrastructure in Saudi Arabia and the United States, focusing on the finance and energy sectors. It explores how regulatory compliance translates into operational readiness against emerging risks from Operational Technology (OT), Internet of Things (IoT), Artificial Intelligence (AI), and post-quantum cryptography (PQC). The research applies Digital Security Risk Management (DSRM), the Regulatory Governance and Collective Accountability (RGCA) model, and Calo’s framework on privacy harm to assess the effectiveness of each jurisdiction’s cybersecurity architecture. Through a comparative legal and policy analysis, it identifies systemic gaps that hinder resilience and proposes a governance roadmap for Saudi Arabia to strengthen sectoral coordination, enforce quantum-aware breach disclosure, and institutionalize PQC migration. Ultimately, the study argues that bridging the compliance–readiness gap requires integrated oversight between legal and technical domains, proactive threat modelling, and adaptive regulatory mechanisms that align with technological evolution and interdependent risk environments. | |
| dc.format.extent | 88 | |
| dc.identifier.citation | Alshuwaier, Abeer Abdulrahman (2025). Cybersecurity Governance for Critical Infrastructure in Finance and Energy: Bridging the Compliance–Readiness Gap between Saudi Arabia and the United States (OT/IoT, AI, and Post-Quantum Cryptography). Master’s Dissertation, King’s College London, Dickson Poon School of Law. | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14154/76980 | |
| dc.language.iso | en | |
| dc.publisher | King’s College London | |
| dc.subject | critical infrastructure | |
| dc.subject | Saudi Arabia | |
| dc.subject | Cybersecurity governance | |
| dc.subject | United States | |
| dc.subject | operational technology (OT) | |
| dc.subject | Internet of Things (IoT) | |
| dc.subject | artificial intelligence (AI) | |
| dc.subject | post-quantum cryptography (PQC) | |
| dc.subject | regulatory compliance | |
| dc.subject | cyber readiness | |
| dc.subject | data protection law | |
| dc.subject | financial sector | |
| dc.subject | energy sector | |
| dc.subject | risk management | |
| dc.subject | digital resilience | |
| dc.title | Cybersecurity Governance for Critical Infrastructure in Finance and Energy: Bridging the Compliance–Readiness Gap between Saudi Arabia and the United States (OT/IoT, AI, and Post-Quantum Cryptography) | |
| dc.title.alternative | حوكمة الأمن السيبراني للبنية التحتية الحيوية في قطاعي المال والطاقة: سد الفجوة بين الامتثال والجاهزية بين المملكة العربية السعودية والولايات المتحدة (OT/IoT، الذكاء الاصطناعي، والتشفير ما بعد الكمي) | |
| dc.type | Thesis | |
| sdl.degree.department | Dickson Poon School of Law | |
| sdl.degree.discipline | Law and Technology | |
| sdl.degree.grantor | King’s College London | |
| sdl.degree.name | Master of Laws (LL.M.) |