Abstract
The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions for domain-specific real world problems, while the research question is: “How can cyber situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.
Highlights
One strategic area in Finlands Cyber Security Strategy 2019 is promoting collaboration between authorities and companies to support the continuity of infrastructure and services that are critical to society (Tke Security Committee, 2019)
The following sections look at the cyber structures and decision-making levels of critical infrastructure organizations, and a systems approach is applied to organizational cyber security
The contents of table three are based on a previous case study (Pöyhönen et al, 2018), where the findings indicate that: The following operations of the planning and absorb stages within the physical domain of Linkov’s model were recognized: taking care of the functionality, supervision and control of the technology, planning of the system isolation and needed operational segments, and planning of the alternative networks and routes
Summary
One strategic area in Finlands Cyber Security Strategy 2019 is promoting collaboration between authorities and companies to support the continuity of infrastructure and services that are critical to society (Tke Security Committee, 2019). The European Union (EU) Network and Information Security (NIS) Directive (European Commission, 2016) increases the demand for collaboration between authorities and the private sector (Public Private Partnership, PPP) in the important field of cyber security. Corporate-level ICT systems are related to the administration and management of information and the material flows in the network, and on the production level are industrial automation systems (industrial control systems, ICS) (Edwards, et al, 2016) (EU Commission, 2009). Developing better situational awareness (SA) requires information sharing between the different interest groups and enhances the preparation for and management of incidents. The research question of this study is: “How can cyber situational awareness protect critical infrastructures?”
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
