Paralyzed or Compromised: A Case Study of Decisions in Cyber-Physical Systems
Peer reviewed, Journal article
Accepted version
View/ Open
Date
2024Metadata
Show full item recordCollections
Original version
Lecture Notes in Computer Science (LNCS). 2024, 14729 (2), 134-152. 10.1007/978-3-031-61382-1_9Abstract
Human operators of Cyber-Physical Systems (CPSs) within Critical Infrastructure (CI) need to protect their systems from cyber-attacks. When CPSs are compromised the operators might be faced with the dilemma of letting the systems be compromised to maintain the operation of CPSs or to paralyze the CPSs to mitigate the attack. How human operators resolve this dilemma was investigated through a case study of the Sunburst attack within the electrical power and manufacturing CI in Norway. Four actors were interviewed regarding the dilemma, including three actors interviewed regarding their handling of the Sunburst case. The interviews with additional incident reports from one of the actors were analyzed inductively to identify how the human operators made decisions in this context. Ten themes were identified and synthesized into a logic model of the decision process. The logic model was then compared to existing theoretical models of Situation Awareness (SA) to assess if SA theory could explain the findings. This study concludes that existing SA models are compatible with the findings. Some parts of the logic model based on the findings provide unique contributions to the understanding of the decisions. One important finding is that the design of the systems related to CPSs must allow adequate mitigation alternatives. The study highlights several implications for practice and further research. Although the findings may not be generalizable beyond the setting of the case, the study contributes to bridging the recognized research gap of empirical studies of the SA of human operators of CPSs. Paralyzed or Compromised: A Case Study of Decisions in Cyber-Physical Systems