ADVANCED CYBERSECURITY ARCHITECTURES FOR RESILIENCE IN U.S. CRITICAL INFRASTRUCTURE CONTROL NETWORKS

Abstract

This study examined predictive analytics for risk and compliance in IT-enabled project management systems by modeling how operational performance indicators and governance-control indicators jointly explained adverse project outcomes. A retrospective quantitative design was applied to 312 projects drawn from an initial pool of 353, with 41 projects excluded for incomplete baselines or missing workflow trails, producing an inclusion rate of 88.4%. The sample comprised 39.7% infrastructure projects (n = 124), 34.6% software/IT delivery projects (n = 108), and 25.6% mixed/operational projects (n = 80). Descriptive analysis indicated that 29.5% of projects met the schedule distress criterion (n = 92) and 20.5% met the cost distress criterion (n = 64), while 13.1% met the combined distress definition (n = 41). Compliance deviations were recorded in 17.9% of projects (n = 56), with repeated exceptions in 7.4% (n = 23). Key variables showed heavy-tailed distributions, including change requests with a mean of 9.8, median 7.0, and maximum 88, and documentation completeness with a mean of 91.6%, median 94.0%, and missingness of 11.5%; access-control anomaly indicators had the highest missingness at 18.6%. Correlation results showed alignment between instability and governance signals, including schedule variance with cost variance (r = .46) and change intensity (r = .41), and documentation completeness with exception recurrence (ρ = −.52) and approval latency with exception recurrence (ρ = .44). Stratified results showed stronger schedule variance–change coupling in software/IT projects (r = .48) than infrastructure projects (r = .31), and stronger late-phase governance–exception relationships for approval latency (ρ = .57) than early phase (ρ = .28). Reliability testing supported construct consistency with α = .88 for governance adherence, α = .91 for documentation completeness, and α = .84 for workflow conformance. Collinearity reduction lowered maximum VIF from 7.4 to 3.4 and maximum condition index from 28.3 to 17.6. Regression findings showed risk distress was positively associated with schedule variance (β = 0.41, p < .001) and change intensity (β = 0.29, p = .002), while compliance exceptions were strongly associated with documentation completeness (β = −0.47, p < .001) and approval adherence (β = −0.39, p < .001). Model performance improved with governance predictors, increasing AUC from 0.68 to 0.83 for risk distress and from 0.66 to 0.86 for compliance exceptions, with top-decile capture reaching 61% for risk distress and 69% for compliance exceptions.