Cross-layer Approach for Designing Resilient (Sociotechnical, Cyber-Physical, Software-intensive and Systems of) Systems

Our society’s critical infrastructures are sociotechnical cyber-physical systems (CPS) increasingly using open networks for operation. The vulnerabilities of the software deployed in the new control system infrastructure will expose the control system to many potential risks and threats from attackers. This paper starts to develop an information systems design theory for resilient software-intensive systems (DT4RS) so that communities developing and operating different security technologies can share knowledge and best practices using a common frame of reference. By a sound design theory, the outputs of these communities will combine to create more resilient systems, with fewer vulnerabilities and an improved stakeholder sense of security and welfare. The main element of DT4RS is a multi-layered reference architecture of the human, software (cyber) and platform (physical) layers of a cyber-physical system. The layered architecture can facilitate the understanding of the cross-layer interactions between the layers. Cyber security properties are leveraged to help analyzing the interactions between these layers

ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

Twitter as a Tool in Crisis Communication in the European Union Area

n this study we built understanding on how the social media and especially Twitter can be used in crisis communication in the EU. We conducted a case analysis about how the Munich Police Department did their crisis communication via Twitter during the Munich shooting crisis. The use of social media in crisis communication is increasing as well as the available mobile phone environment for the people in the EU area. EU projects have increased knowledge about the possible crises situations in the EU by analyzing the crises events which happened in the EU. Moving people are more often connected to social media and the services in that environment give new possibilities to the authorities. EU projects are delivering directions to the EU authorities for social media. The EU authorities have a lack of common guidelines for the social media environment which could unify their actions. The analyzed Twitter case concluded in the understanding that Twitter can be used as one tool in crisis communication. It is impossible to manage all the portals on Twitter during a crisis – the effective way to tackle threats in crisis communication with that tool is to concentrate mainly on own portal and on common ones. The Twitter service could be developed for crisis communication by adding a couple of information windows for authorities to the main window

Design science research towards resilient cyber-physical eHealth systems

Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur.Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur

How the Data Provided by IIoT Are Utilized in Enterprise Resource Planning: A Multiple-Case Study of Three Change Projects

An extreme increase in data production has taken place over the past few decades with a large number of sensor and smart devices acquired from distributed data sources. Industrial Internet of Things (IIoT) enables seamless processing of information by integrating physical and digital world devices that can be used ubiquitously. This multiple-case study analyzes how the data generated by the IIoT benefit enterprise resource planning. In the analyzed cases, IIoT has been produced using and integrating various digital services and software in the enterprise. Data produced by IIoT might be raw data or pre-analyzed by the IIoT service provider according to the enterprise’s needs. Services based on IIoT solutions ensure competitiveness within the enterprise since IIoT is flexible and easy to apply on future demands. IIoT generates increased amount of data and enterprises can utilize it to provide significant benefits to their operations. The cross-case conclusions emphasize that improving operational processes with data does not provide maximal benefit to the enterprise. Data-driven procedure and the entire change project (digital transformation) together with new procedures will provide most benefits to the enterprise

Market surveillance of electrical equipment in Finland : analysis and development

The importance of market surveillance has been recognised by many agencies and individuals in many contexts. Without market surveillance, the conformity of the products on the market, as well as the common playing field for entrepreneurs, can not be guaranteed. Safety is the most important aspect of conformity. For the realistic realisation of market surveillance, exceptional resources are called for; it can not be done superficially and needs total commitment. About 8.5 M€ has been allocated to market surveillance in Finland annually. Irrespective of these facts, very little research has been carried out on the market surveillance of any product field. The safety and environmental compatibility enforcement of electrical equipment in Finland changed in 1994 when Finland joined the European Economic Area (EEA). Today, supervision is based on international obligations and TUKES is responsible for maintaining it in Finland. Finland has invested considerably in the surveillance of electrical products, and TUKES has a recognised reputation for its work in Finland and abroad. The aim of this research was to clarify 1) if today's governing systems (legislation, standards, etc.) ensure that electrical equipment is safe and compatible; and 2) if TUKES's market surveillance is appropriate for today's needs and if it fulfils the principles of modern authority supervision. Following these clarifications, this research specified the means and methods as to how the governing systems and TUKES's operations should be improved so as to better fulfil the needs of citizens and entrepreneurs now and in the future. The empirical study consisted of four parts. One of them assessed TUKES's market surveillance of electrical products by utilising the European Foundation for Quality Management criterions. Another part examined through interview surveys, the way importers of electrical equipment operate and the expectations and opinions of subjects of supervision with regard to how TUKES carries out surveillance. The interviewed individuals were selected from TUKES's product consistency enforcement database (the TUVA database), which contains information on all market surveillance cases with regard to electrical equipment in Finland since 1994; to date over 10,000 cases have been recorded. The actual research material consisted of profound face-to-face interviews with ten importers and a telephone survey of 101 entrepreneurs. The third part of the empirical study was composed of TUKES's market surveillance projects that inspected the electromagnetic compatibility (EMC) of products. The projects were carried out 1997-2002 and they were directed to equipment groups whose EMC features had been known to be problematic: uninterruptible power supplies, personal computers, frequency converters and energy-saving lamps. In each project, typical products of this group were tested, results were analysed and the reasonableness of products' EMC requirements were evaluated from technical, as well as administrative points of view. In the fourth part of the empirical study, the TUVA database was statistically analysed. Also, the Finnish Communication Regulatory Authority's and Digita Ltd's interference statistics were researched for provision of comparative information for analysing TUKES's EMC surveillance. The main focus of market surveillance is to inspect the operation of the "system" and to see that all parties concerned observe their responsibilities. This research indicated that both the governing systems and TUKES's market surveillance met expectations, even though there was room for improvement. The biggest problems in governing systems were found to be in technical standards. Another big problem is the fact that levels of market surveillance in the EEA are very different. Market surveillance is a good system for supervising series products intended for the normal consumer. On the other hand, the supervision of non-serial products as well as business-to-business products is much more complicated. Unfortunately, market surveillance does not make it possible to have an influence on the compatibility of products, whose electromagnetic features mostly depend on the method of installation and how and where they are used. If the manufacturer has specified these aspects so as to fulfil his/her own vested interest, the Authority has no tools. This is because legislation concerning EMC does not require that a product be manufactured so as to cater for any possible impending misuse. From the safety legislation point of view, this requirement is strictly observed. The most effective way to prevent the appearance of more dangerous or non-compatible electrical equipment is to change legislation and general attitudes so that it should always be more profitable and rewarding to follow the safety and conformity rules, which is far better than trying to do the conformity assessment procedure at as low a price as possible. Finland is a small market area and for this reason, global manufacturers are not interested in making products solely for the Finnish market. It is reasonable to believe that improvements in only TUKES's own market surveillance would hardly reduce the number of non-conforming products on the Finnish market. If market surveillance were effectively operational throughout the EEA, manufacturers would be driven to invest more in the quality and conformity of their products. TUKES must actively strive towards better and more effective EEA-levels of market surveillance, at the same time, nevertheless not neglecting its prime responsibilities in monitoring the Finnish market. Today, goods flow around the world at unbelievable speed. In the long term, global safety and EMC requirements as well as their enforcement throughout should be the target to aim for.reviewe

Kyberturvallisuuden arvokonfliktit kotona selviytymistä tukevissa terveysteknologiossa: Suunnittelutieteellinen tutkimus kohti eettistä päätöksentekoa

The transition of health care and health services to information networks raises ethical challenges. Especially when designing digital solutions for older citizens, their rights and opportunities to live a good life at home or in a homelike environment must be taken into account. In this case, ethics and ethical expertise play a key role, from design to implementation and evaluation. Ethics need to be looked at from a variety of perspectives, but at the same time, unfortunately, there are often value conflicts between different ethical values and norms. This design science research examines ethical issues related to the cybersecurity of digital health services through four different reference frameworks: biomedical ethics, care ethics, the core functions of health information technology, and cybersecurity core value clusters. The research focuses on value conflicts between different perspectives and presents a conceptual model for the simultaneous consideration of these different frameworks to aid ethical decision-making. In addition, the article discusses ethical decision-making through fuzzy multi-criteria decision-making and considers the use of the digital twin produced through machine learning and homomorphic encryption in this context.Terveydenhuollon ja terveyspalveluiden siirtyminen tietoverkkoihin nostaa esiin eettisiä haasteita. Etenkin kun digitaalisia ratkaisuja suunnitellaan ikääntyville kansalaisille, tulee ottaa huomioon heidän oikeutensa ja mahdollisuutensa elää hyvää elämää kotona tai kodinomaisessa ympäristössä. Etiikka ja eettinen osaaminen ovatkin tällöin keskeisessä roolissa suunnittelusta aina toteutukseen ja arviointiin saakka. Etiikkaa on tarkasteltava usealta eri näkökulmalta, mutta samalla valitettavan usein törmätään arvokonflikteihin eri eettisten arvojen ja normien välillä. Tämä suunnittelutieteellinen tutkimus tarkastelee digitaalisten terveyspalveluiden kyberturvallisuuteen liittyviä eettisiä asioita neljän eri viitekehyksen kautta: biolääketieteen etiikka, hoitoalan etiikka, terveydenhuollon informaatioteknologian ydintehtävät ja kyberturvallisuuden arvoklusterit. Tutkimus keskittyy eri näkökulmien välisiin arvokonflikteihin ja esittelee eettisen päätöksenteon avuksi käsitemallin eri viitekehysten samanaikaiseen huomioimiseen. Lisäksi artikkeli käsittelee eettistä päätöksentekoa sumean monikriteerisen päätöksenteon avulla sekä pohtii koneoppimisen ja homomorfisen salauksen avulla tuotettavan digitaalisen kaksosen hyödyntämistä tässä yhteydessä

CISE as a Tool for Sharing Sensitive Cyber Information in Maritime Domain

The ECHO project aims at organizing and coordinating an approach to strengthen proactive cyber security in the European Union through effective and efficient multi-sector collaboration. One important tool for this aim is the ECHO Early Warning System (E-EWS). The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain, as well as models from other domains. In 2009, the Commission adopted a Communication Towards the integration of maritime surveillance in the EU: “A common information sharing environment for the EU maritime domain (CISE),” setting out guiding principles towards its establishment. The aim of the COM(2010)584 final was to generate a situational awareness of activities at sea and impact overall maritime safety and security. As a outcome of COM(2010)584 final, the EUCISE2020 project has developed a test-bed for maritime information sharing. This case study analyses information sharing models in the maritime domain, the EUCISE2020 test bed and the CISE itself as an alternative for cyber information sharing system. The maritime sector represents a suitable research case because it is already digitized in many aspects

Cyber Situational Awareness in Critical Infrastructure Protection

The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and&nbsp; other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational&nbsp; awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions&nbsp; for domain-specific real world problems, while the research question is: “How can cyber&nbsp; situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote&nbsp; collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical&nbsp;infrastructures typically lack resilience and may easily lose essential functionality when hit by&nbsp;an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.</p

Secure Data Communications for Controlling Electric Power Stations and Distribution Systems

Uninterrupted electric power distribution is vital for modern society. One of the key components is electric power stations and distribution systems. SCADA systems are used for controlling the power stations. SCADA systems have traditionally used propriety communication networks. For added electrical power station security, a video surveillance is required. Current telecommunication networks used for SCADA systems don't support speeds required for real time video. A standard Internet connection does not offer required reliability and security for SCADA communications. Multi-Agency Cooperation In Cross-border Operations (MACICO) project aims to produce a new way of combining multiple telecommunication channels, such as TETRA, satellite and 2G/3G/4G networks. A certain target is to create a single redundant secure and faster data transfer path for SCADA and video surveillance systems. In Finland there is a project starting utilizing new technologies for data transfer thus demonstrating usability and reliability of this new communication method