Impact of Cyber and Physical Incidents in Finnish Water Utilities

Anni Karinsalo, Heimo Pentikäinen

Research output: Contribution to journalArticleProfessional


Critical Infrastructure (CI) companies are facing more and more cyber and other incidents, either by direct attacks or by accident. The result can be unexpected. The cascading of these incidents can also be due to many reasons. In this paper, we study Finnish CI companies’ incident resilience and how they estimate or measure the effect of cyber and other incidents on their operation, by interviewing Finnish water utilities. We propose improving methods for the revealed problems and focus especially on factors of impact analysis, cascading effects and dependencies. Our analysis offers significant new information about CI state with relation to cyber risks, benefiting not only water industry, but CI systems in general. Our findings are that companies assess industry-specific security impacts, estimate cascading effects, dependencies between impacts and recognize dependencies to industrial automation providers. However, there is a clear lack of cyber security risk recognition and impact assessment, clear interfaces and responsibilities. One development area is to integrate cyber risk management into automation related risk management, and increase cyber risk education. In addition, there is a need for systematic situation awareness at national level and locally. Finally, there should be communication-enablers between different actors in Finland and between Nordic and European countries.
Original languageEnglish
Pages (from-to)73-82
Number of pages9
JournalInternational Journal of Industrial Control Systems Security IJICSS
Issue number1
Publication statusPublished - 2017
MoE publication typeNot Eligible


Dive into the research topics of 'Impact of Cyber and Physical Incidents in Finnish Water Utilities'. Together they form a unique fingerprint.

Cite this