A1 Journal article (refereed)
Cyber Situational Awareness in Critical Infrastructure Protection (2020)
Pöyhönen, J., Rajamäki, J., Ruoslahti, H., & Lehto, M. (2020). Cyber Situational Awareness in Critical Infrastructure Protection. Annals of Disaster Risk Sciences, 3(1). https://doi.org/10.51381/adrs.v3i1.36
JYU authors or editors
Publication details
All authors or editors: Pöyhönen, Jouni; Rajamäki, Jyri; Ruoslahti, Harri; Lehto, Martti
Journal or series: Annals of Disaster Risk Sciences
ISSN: 2584-4873
eISSN: 2623-8934
Publication year: 2020
Volume: 3
Issue number: 1
Publisher: Veleučilište Velika Gorica
Publication country: Croatia
Publication language: Finnish
DOI: https://doi.org/10.51381/adrs.v3i1.36
Publication open access: Openly available
Publication channel open access: Open Access channel
Additional information: This special issue presents the best research and professional papers submitted for the conference Cyber-security of Critical Infrastructure (CYSEC 2020).
Abstract
The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions for domain-specific real world problems, while the research question is: “How can cyber situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.
Keywords: cyber security; cyber attacks; infrastructures; risk management; risk assessment; interagency cooperation; private sector
Free keywords: critical infrastructure; cyber situational awareness; five-layer cyber structure; OODA Loop; risk assessment
Contributing organizations
Ministry reporting: Yes
Reporting Year: 2020
JUFO rating: 0