Abstract
Catastrophes and smaller incidents can have unexpected effect on Critical Infrastructure (CI) companies. Also, the cascading of these incidents can be due to many reasons. In this paper, we have studied Finnish CI companies' resilience for incidents, and how they estimate or measure the effect of cyber and other incidents on their operation. We also propose improving methods for the revealed problems. We focus especially on factors of impact analysis, cascading effects and dependencies. Our study contributes to offering significant new information about CI state with relation to cyber risks, benefiting not only water industry, but CI systems in general. The study was conducted by interviewing representatives of Finnish water utilities using semi-structured interviews. Our findings are that companies assess industry-specific security impacts, estimate cascading effects, dependencies between impacts and recognize dependencies to industrial automation providers. However, there is a clear lack of cyber security risk recognition and impact assessment, clear interfaces and responsibilities. One development area is to integrate cyber risk management into automation-related risk management. Also, there is a need for systematic situation awareness at national level and locally. Finally, there should be communication-enablers between different actors in Finland and between Nordic and European countries
Original language | English |
---|---|
Number of pages | 6 |
Publication status | Published - 2017 |
MoE publication type | Not Eligible |
Event | World Congress on Industrial Control Systems Security, WCICSS 2017 - University of Cambridge, London, United Kingdom Duration: 11 Dec 2017 → 14 Dec 2017 |
Conference
Conference | World Congress on Industrial Control Systems Security, WCICSS 2017 |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 11/12/17 → 14/12/17 |