A1 Journal article (refereed)
Cyber Situational Awareness in Critical Infrastructure Protection (2020)

Pöyhönen, J., Rajamäki, J., Ruoslahti, H., & Lehto, M. (2020). Cyber Situational Awareness in Critical Infrastructure Protection. Annals of Disaster Risk Sciences, 3(1). https://doi.org/10.51381/adrs.v3i1.36

JYU authors or editors

Publication details

All authors or editors: Pöyhönen, Jouni; Rajamäki, Jyri; Ruoslahti, Harri; Lehto, Martti

Journal or series: Annals of Disaster Risk Sciences

ISSN: 2584-4873

eISSN: 2623-8934

Publication year: 2020

Volume: 3

Issue number: 1

Publisher: Veleučilište Velika Gorica

Publication country: Croatia

Publication language: Finnish

DOI: https://doi.org/10.51381/adrs.v3i1.36

Publication open access: Openly available

Publication channel open access: Open Access channel

Additional information: This special issue presents the best research and professional papers submitted for the conference Cyber-security of Critical Infrastructure (CYSEC 2020).

Abstract

The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions for domain-specific real world problems, while the research question is: “How can cyber situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.

Keywords: cyber security; cyber attacks; infrastructures; risk management; risk assessment; interagency cooperation; private sector

Free keywords: critical infrastructure; cyber situational awareness; five-layer cyber structure; OODA Loop; risk assessment

Contributing organizations

Ministry reporting: Yes

Reporting Year: 2020

JUFO rating: 0