The author’s contribution to the included articles varies. PaperP1: The author is responsible for the original idea for the proposed model, gathering and collecting the test data, formalizing the model, as well as being the main writer of the article. PaperP2: The author is responsible for developing the idea and major parts of the software for the proposed simulator and middleware, in conjunction with the other authors. The author further participated in gathering, analyzing, and refining the data required for running the simulations. The author developed the geographic information system view, for visualization in the COP system. All named authors participated in the writing process. ArticleP3: The author is responsible for designing and developing the data collection middleware solution, the analysis methods, and some of the server-side user interface code. The author also chiefly participated in statistical analyses, as well as contributed most of the article’s text. This article has appeared as a part of another dissertation, without overlapping contribution between authors [102]. PaperP4: The author is responsible for developing the idea
and concept, as well as creating the reporting tool and for collecting and analyzing the data. The author also contributed text to the article, in conjunction with the other authors. PaperP5: The author contributed the central concept, and participated in data collection, analysis study design, as well as writing. PaperP6: The author contributed to the overall design of the study, feature engineering and evaluation, data collection and analysis, and writing. PaperP7: The author con-tributed the main concept, study design and most of the text, as well as participated in selecting suitable statistical methods and distributions. PaperP8: The author contributed to the literary re-view and writing. PaperP9: The author is responsible for conceptualization, methodology, data processing, software, and participated in writing the original draft.
2 T H E O R E T I C A L F O U N D AT I O N
In this chapter the relevant theoretical foundations are presented in brief detail. The chapter does not attempt to address these subjects comprehensively: The goal is to present central concepts, case examples, and challenges in these relatively disjoint topics, enabling the reader to consider the included articles in context.
2.1 Critical infrastructure and situational awareness
Critical infrastructure (CI)refers to systems that form the basis structure for vital societal func-tions [48]. The European Council, for example, highlights health, safety, security, economy, and social well-being as examples of functions that should be considered vital [17].
2.1.1 Common operating picture
Critical infrastructure is a complex environment, with complex relationships. The task of main-tainingsituational awareness (SA)about the state is one of the prominent research areas of the field [14]. By definition, CI is critical, and there is massive incentive to holistically monitor its functionality, and predict the extent and impact of current and future failures in real time. Both governmental and private-sector actors are interested in monitoring their own assets, as well as the state of other systems they are dependent on. In order to effectively disseminate and utilize in-formation, each actor is required to share details of their system in a controlled way. This sharing can be incentivized by making information sharing mutually beneficial [103].
A platform to share information, along with suitable analysis functionality and visualization techniques provide a so-calledcommon operating picture (COP)solution. Although military in origin, COP in CI context refers to a platform where all the sectors are represented together using data fusion and visualization tools [103]. CI spans every infrastructure sector, and the breadth of devices and systems that must be integrated grows large. Some systems, such as those connected directly to the Internet, are very easy to monitor remotely by their nature, others may require a human-in-the-loop approach. Research areas include data collection and fusion elements, a task complicated by the diversity of CI components [48].
The analysis capability of a COP system is tied to the task of maintaining the situational aware-ness of human operators. As proposed by Endsley, SA includes three levels of comprehension, consisting of understanding current elements, their relation to each other, and the future devel-opments of the system as a whole [14]. Consequently, the analysis capability should provide suitable information on each of the SA levels in a way that assists the operator in maintaining SA.
As maintaining SA is an ongoing effort, the underlying model must be capable of operating in real time, and provide continuous output and forecasts as the situation evolves, while tolerating disruptions in data delivery.
2.1.2 Modeling interdependencies, predicting cascading failures
One of the challenges associated with CI is recognizing what and where those critical assets are [48]. When this work was first conducted in 1990s, it was swiftly discovered that the infras-tructure was highly interconnected: both physically, and via telecommunication systems. Latter research went on to call CI asinterdependent[48]. Rinaldiet al.define interdependent as “highly interconnected and mutually dependent in complex ways”, as it was discovered that failures on one part of CI may causecascading failuresimpacting other parts of CI [80]. CI is often owned and controlled by various public and private parties, further complicating the relationship between its various parts.
Much of the research on CI is focused on studying the interdependencies. This field encom-passes researching suitable mathematical and technical models, and mapping and observing CI structure and events as they appear in the real world. Both of these research activities are some-what hindered by the sensitive nature of these systems, as well as the fragmented ownership land-scape. There is also a conflict between the open nature of scientific research and publishing, and the sensitive nature of CI datasets.
Various different modeling approaches have been proposed in academic literature [66]. One of the particular challenges in creating a CI model for a COP system is keeping the individual model relatively simple, allowing the chaining of the modeled components and influences to simulate the interdependent nature of CI at scale. The model should also provide some estimates on how severe an observed failure was, and how it relates to the systems that are dependent on its operation.
Systems like cellular base-stations are dependent on external power, although they may operate using emergency battery power for several hours. This creates a time-sensitive component to the model. A COP system receives status updates from some of the infrastructure components periodically. The model should both use these updates to keep up to date, as well as interpret the cessation of these updates as a sign of failure. Papers in C 1.1 describe a model based on graphs and finite state transducers, and then present an application of that model to a real-world use case.