Cyber Situational Awareness in Critical Infrastructure Protection

  • Jouni Pöyhönen University of Jyväskylä
  • Jyri Rajamäki Laurea University of Applied Sciences
  • Harri Ruoslahti Laurea University of Applied Sciences
  • Martti Lehto University of Jyväskylä
Keywords: Critical infrastructure, Cyber situational awareness, Five-layer cyber structure, OODA Loop, Risk assessment


The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and  other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational  awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions  for domain-specific real world problems, while the research question is: “How can cyber  situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote  collaboration towards a shared situational picture, awareness and understanding to meet
challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.


Boyd, J. R. (1995). The Essence of Winning and Losing. s.l.:s.n.

Carsten, P., Yampolskiy, M., Andel, T. & McDonald, J. (2015). In-Vehicle Networks: Attacks, Vulnerabilities, and Proposed Solutions. CISR ’15 Proceedings of the 10th Annual Cyber and Information Security Research Conference , p. 477–482.

Corrigan, S. (2016). Introduction to the Controller Area Network (CAN)., s.l.: Texas Instruments.

Crnkovic, G. D. (2010). Constructive research and info-computational knowledge generation. In: W. C. &. C. P. L. Magnani, ed. Model-Based Reasoning in Science and Technology: Abduction, Logic, and Computational Discovery. Heidelberg: Springer Berlin, p. 359–380.

Cybersecurity and Infrastructure Security Agency (2017). ICS Alert (ICS-ALERT-17-209-01), CAN Bus Standard Vulnerability, s.l.: s.n.

ECHO project (2019). s.l.: s.n.

Edwards, N. et al. (2016). Supply Chain Decision Analytics: Application and Case Study for Critical Infrastructure Security. Proceedings of The11th International Conference on Cyber Warfare and Security ICCWS 2016, pp. 99-106.

Endsley, M. R. (1995). Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors and Ergonomics Society, 37(1), pp. 32-64.

EU Commission (2009). Critical information infrastructure protection. COM (2009) 149 final, Brussels: Commission of the European Communities.

European Commission (2016). Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union. [Online] Available at: [Accessed 8 6 2019].

Faber, S. (2015). Flow Analysis for Cyber Situational Awareness. [Online] Available at: [Accessed 8 6 2019].

Fortinet (2019). Fortinet Q2 2019 Quarterly Threat Landscape Report, s.l.: Fortinet, Inc..

Gustafsson, A., Kristensson, P. & Witell, L. (2012). Customer co-creation in service innovation: a matter of communication?. Journal of Service Management, 23(3), pp. 311-327.

Johansson, K. H., Törngren, M. & Nielsen, L. (2005), Vehicle applications of controller area network. In: D. H. B. William S. Levine, ed. Handbook of Networked and Embedded Control Systems. s.l.:s.n.

Joint Task Force Transformation Initiative (2011). NIST Special Publication 800-39: Managing Information Security Risk - Organization, Mission, and Information System View, Gaithersburg: National Institute of Standards and Technology.

Kokkonen, T. (2016). Anomaly-Based Online Intrusion Detection System as a Senor for Cyber Security Situational Awareness System., s.l.: Jyväskylä studies in computing 251. University of Jyväskylä.

Lebrun, A. & Demay, J. C. (2016). Canspy: a platform for auditing can, s.l.: s.n.

Lehtiranta, L., Junnonen, J.-M., Kärnä, S. & Pekuri, L. (2015). The constructive research approach: Problem solving for complex projects. In: B. Pasian, ed. Designs, Methods and Practices for Research of Project Management. s.l.:Gower Publishing Limited..

Lehto, M. & Neittaanmäki, P. (2018). The modern strategies in the cyber warfare. Cyber Security: Cyber power and technology. Berlin: Springer.

Libicki, M. C. (2007). Conquest in Cyberspace – National Security and Information Warfare. New York: Cambridge University Press.

Linkov, I. et al. (2014). Changing the resilience paradigm. Nature Climate Change, Volume 4, pp. 407-409.

Linkov, I. et al. (2013a). Measurable Resilience for Actionable Policy. Environmental Science & Technology.

Linkov, I. et al. (2013b). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), pp. 471-476.

O’Rourke, T. D. & Briggs, T. R. (2007). Critical Infrastructure’, Interdependencies, and Resilience. The Bridge, Volume 37.

Pahi, T., Leitner, M. & Skopik, F. (2017). Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers. ICISSP, pp. 334-345.

Pirinen, R. (2017). Towards Common Information Systems Maturity Validation ‐ Resilience Readiness Levels (ResRL). Proceedings of the 9th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, Volume 3, pp. 259-266.

Pöyhönen, J., Nuojua, V., Lehto, M. & Rajamäki, J. (2018). Application of Cyber Resilience Review to an Electricity Company. The proceedings of the 17th European Conference on Cyber Warfare and Security ECCWS2018, pp. 380-389.

Pöyhönen, J., Nuojua, V., Rajamäki, J. & Lehto, M. (2019). Cyber situational awareness and information sharing in critical infrastructure organizations. Information & Security: An International Journal, Volume 43, pp. 236-255.

Ruoslahti, H., Rajamäki, J. & Koski, E. (2018). Educational Competences with regard to Resilience of Critical Infrastructure. Journal of Information Warfare, 17(3), pp. 1-16.

Tikanmäki, I. & Ruoslahti, H. (2019). How Are Situation Picture, Situation Awareness, and Situation Understanding Discussed in Recent Scholarly Literature?. In: A. S. a. J. F. Jorge Bernardino, ed. Proceedings of the 11th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management. Portugal: SCITEPRESS – Science and Technology Publications, Lda., pp. 419-426.

Tke Security Committee (2019). Finland´s Cyber Security Strategy 2019. [Online] Available at: [Accessed 15 02 2019].

Weed, S. A. (2019). US Policy Response to Cyber Attack on SCADA Systems Supporting Critical National Infrastructure, s.l.: Air Force Research Institute.

Vos, M. (2017). Communication in Turbulent Times: Exploring Issue Arenas and Crisis Communication to Enhance Organisational Resilience, Jyväskylä: Jyväskylä University School of Business and Economics.

Voss, W. & Comprehensible, A. (2005). Guide to Controller Area Network. Massachusetts. Massachusetts: Copperhill Media Corporation.

Zager, R. & Zager, J. (2017). OODA loops in cyberspace: A new cyber-defense model. Small Wars Journal, 20(11).

How to Cite
Pöyhönen, J., Rajamäki, J., Ruoslahti, H., & Lehto, M. (2020). Cyber Situational Awareness in Critical Infrastructure Protection. Annals of Disaster Risk Sciences, 3(1).