Business Continuity for Critical Infrastructure Operators

  • Harri Ruoslahti Laurea University of Applied Sciences
Keywords: Business continuity, Critical Infrastructure, Risk assessment, Impact analysis


Critical infrastructures often lack resilience and easily lose critical functionalities if hit by adverse events. Continuity management strategies for critical infrastructure operators and the networks that they form, rely also on the functionality of other interrelated networks. Disruptions in operations may affect society and for this reason, securing the operations of critical infrastructure operators is important. The technological impacts of CPS become evident to the resilience of all fields of critical infrastructure, but there is also human elements to take into account. The research question of this study is: How to enhance business continuity of critical infrastructure? This case study research uses qualitative methods collected by conducting interviews of resilience and continuity professionals who work with Finnish critical infrastructure. Resilience and continuity management are key for critical infrastructure operators. Important factors identified were identifying risks, critical activities, key personnel, creating guidelines and procedures, and open communication, which themes were recognised as important to improve resilience and manage continuity.


Alberts, D. (2002). Information age transformation, getting to a 21st century military, Defense Technical Information Center, Fort Belvoir.

Amir, S., & Kant, V. (2018). Sociotechnical resilience: A preliminary concept. Risk Analysis, 38(1), 8-16.

Baskerville, R. L., & Myers, M. D. (2009). Fashion waves in information systems research and practice. Mis Quarterly, 647-662.

Broy, M & Geisberger, E. (2011). Cyber-physical systems, driving force for innovation in mobility, health, energy and production, Acatech: The National Academy of Science and Engineering, Munich.

Dahlberg, R, Johannessen-Henry, C, Raju, E & Tulsiani, S. (2015). Resilience in disaster research: Three versions, Civil Engineering and Environmental Systems, pp 44–54.

ECHO - the European network of Cybersecurity centres and competence Hub for innovation and Operations (2019). ECHO Website, [Online] Available at: [Accessed December 8 2019]

European Commission (2016). Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union. [Online] Available at: [Accessed June 8 2019].

Fortinet (2019). Fortinet Q2 2019 Quarterly Threat Landscape Report, Fortinet, Inc.

Gustafsson, A, Kristensson, P, & Witell, L. (2012). Customer co-creation in service innovation: a matter of communication?, Journal of Service Management, Vol. 23 No. 3, 2012 pp. 311-327.

Lehto, M. & Neittaanmäki, P. (2018). The modern strategies in the cyber warfare. Cyber Security: Cyber power and technology. Berlin: Springer.

Linkov, I et al. (2014). Changing the resilience paradigm, Nature Climate Change, Vol 4, pp 407– 409.

Murakami, K.J. (2012). CPSS (Cyber-physical-social systems) initiative - Beyond CPS (Cyber-physical systems) for a better future, [online], Grid Consortium Japan,

National Research Council (2012). Disaster Resilience: A National Imperative, The National Academies Press, Washington, DC.

O’Rourke, T. D. & Briggs, T. R. (2007). Critical Infrastructure, Interdependencies, and Resilience. The Bridge, Volume 37.

Pahi, T., Leitner, M. & Skopik, F. (2017). Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers. ICISSP, pp. 334-345.

Leveson, N., Dulac, N., Zipkin, D., Cutcher-Gershenfeld, J., Carroll, J., & Barrett, B. (2006). Engineering resilience into safety-critical systems. Resilience engineering: Concepts and precepts, 95-123.

Pearson, C & Clair, J. (1998). Reframing Crisis Management, Academy of Management Review, Vol 23, No. 1, pp 59–76.

Pinho, N, Beirão, G, Patrício, L & Fisk, R. (2014). Understanding value co-creation in complex services with many actors, Journal of Service Management, vol. 25, no. 4, pp. 470-493.

Pirinen, R. (2017). Towards Common Information Systems Maturity Validation ‐ Resilience Readiness Levels (ResRL), Proceedings of the 9th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management ‐ Volume 3: ISE, 259 ‐266.

Pöyhönen, J., Rajamäki, J., Ruoslahti, H. & Lehto, M. (2020). Cyber Situational Awareness in Critical Infrastructure Protection. Presented at CYSEC 2020: Cyber Security of Critical Infrastructure, April 28 – 30, Dubrovnik, Croatia.

Rajamäki, J & Pirinen, R. (2017). Design science research towards resilient cyber-physical eHealth systems, Finnish Journal of eHealth and eWelfare, Vol 9, No. 2–3, pp 203–216.

Roloff, J. (2008). Learning from Multi-Stakeholder Networks: Issue-Focused Stakeholder Management’, Journal of Business Ethics, 82:233–250.

Ruoslahti, H. (2019). Co-creation of knowledge for innovation in multi-stakeholder projects. JYU dissertations.

Ruoslahti, H. (2018). Co-creation of Knowledge for Innovation Requires Multi-Stakeholder Public Relations, in Sarah Bowman , Adrian Crookes, Stefania Romenti, Øyvind Ihlen (ed.) Public Relations and the Power of Creativity (Advances in Public Relations and Communication Management, Volume (3) Emerald Publishing Limited, pp.115 - 133

Ruoslahti, H & Hyttinen, K. (2016). A Co-created Network Community for Knowledge and Innovations – Promoting Safety and Security in the Arctic, Proceedings of the 23rd International Public Relations Research Symposium BledCom, Faculty of Social Sciences, Ljubljana, pp 100–106.

Ruoslahti, H., Rajamäki, J. & Koski, E. (2018). Educational competences with regard to resilience of critical infrastructure. Journal of Information Warfare. Journal of Information Warfare 17.3: 1-16.

Savage, M. (2002). Business continuity planning’, Work Study, Vol 51, No. 5, pp 254–261.

Singapore-ETH Centre (2015). Future Resilient Systems, [Online],

Tikanmäki, I. & Ruoslahti, H. (2017). Increasing Cooperation between the European Maritime Domain Authorities, International Journal of Environmental Science, Vol 2, pp 392–399.

Vos, M. (2017). Communication in Turbulent Times: Exploring Issue Arenas and Crisis Communication to Enhance Organisational Resilience, Jyväskylä University School of Business and Economics, N:o 40 / 2017.

Vos M. & Schoemaker, H. (2004). Accountability of Communication Management, A Balanced Scorecard for Communication Quality, Lemma Publishers, Utrecht, 2004.

How to Cite
Ruoslahti, H. (2020). Business Continuity for Critical Infrastructure Operators. Annals of Disaster Risk Sciences, 3(1).