Abstract
Human and organizational issues are able to create both vulnerabilities and resilience to threats. In this chapter, we investigate human and organizational factors, conducted through ethnographic studies of operators and sets of interviews with staff responsible for security, reliability and quality in two different organizations, which own and operate utility networks. Ethnography is a qualitative aspect of research that emphasizes the detailed observation and interviewing of people in naturally occurring settings. Our findings indicate that ‘human error’ forms the biggest threat to cyber-security and that there is a need for security operations centres to document all cyber-security incidents. Also, we conclude that it will always be insufficient to assess mental security models in terms of their technical correctness, as it is sometimes more important to know how well they represent prevailing social issues and requirements. As a practical recommendation from this work, we suggest that utility organizations (and others) engage in penetration testing and perhaps other forms of vulnerability analysis, not only to discover specific vulnerabilities but also to learn more about the mental models they use.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bierly PE III, Spender JC (1995) Culture and high reliability organizations: the case of the nuclear submarine. J Manage 21(4):639–656
Bostrom A, Morgan MG, Fischhoff B, Read D (1994) What do people know about global climate change? 1. mental models. Risk Anal 14(6):959–970
Bourrier M (1996) Organizing maintenance work at two american nuclear power plants. J Contingencies Crisis Manage 4(2):104–112
Dobson S, Hutchison D, Mauthe A, Schaeffer-Filho A, Smith P, Sterbenz JP (2019) Self-organization and resilience for networked systems: design principles and open research issues. Proc IEEE 107(4):819–834
Gouglidis A, Green B, Busby J, Rouncefield M, Hutchison D, Schauer S (2016) Threat awareness for critical infrastructures resilience. In: 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM). IEEE, pp 196–202
Gouglidis A, Green B, Hutchison D, Alshawish A, de Meer H (2018) Surveillance and security: protecting electricity utilities and other critical infrastructures. Energy Inf 1(1):15
Gouglidis A, König S, Green B, Rossegger K, Hutchison D (2018) Protecting water utility networks from advanced persistent threats: a case study. In: Game Theory for Security and Risk Management. Springer, pp 313–333
Grabowski M, Roberts KH (2016) Reliability seeking virtual organizations: challenges for high reliability organizations and resilience engineering. Saf Sci 117:512–522
Hilgartner S (1992) The social construction of risk objects: or, how to pry open networks of risk. In: Organizations, Uncertainties, and Risk, pp 39–53
Hutchison D, Sterbenz JPG (2018) Architecture and design for resilient networked systems. Comput Commun 131:13–21
IAEA Euratom, F.I.O.P.U., WHO: Fundamental safety principles: Safety fundamentals (2006)
Knowles W, Such JM, Gouglidis A, Misra G, Rashid A (2015) Assurance techniques for industrial control systems (ICS). In: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or Privacy. ACM, pp 101–112
König S, Gouglidis A, Green B, Solar A (2018) Assessing the impact of malware attacks in utility networks. In: Game Theory for Security and Risk Management. Springer, pp 335–351
La Porte TR, Thomas CW (1995) Regulatory compliance and the ethos of quality enhancement: surprises in nuclear power plant operations1. J Pub Adm Res Theor 5(1):109–138
Perrow C (2011) Normal accidents: living with high risk technologies-Updated edition. Princeton University Press
Rass S (2018) Decision making when consequences are random. Springer International Publishing, pp 21–46. https://doi.org/10.1007/978-3-319-75268-6_2
Rass S (2018) Security strategies and multi-criteria decision making. Springer International Publishing, pp 47–74. https://doi.org/10.1007/978-3-319-75268-6_3
Roberts KH (1990) Some characteristics of one type of high reliability organization. Organ Sci 1(2):160–176
Rochlin GI, La Porte TR, Roberts KH (1987) The self-designing high-reliability organization: aircraft carrier flight operations at sea. Naval War Coll Rev 40(4):76–92
Schmidt K (1991) Riding a tiger, or computer supported cooperative work. In: Proceedings of 2nd European Conference on Computer-Supported Cooperative Work ECSCW’91. Springer, pp 1–16
Smith P, Hutchison D, Sterbenz JP, Schöller M, Fessi A, Karaliopoulos M, Lac C, Plattner B (2011) Network resilience: a systematic approach. IEEE Commun Mag 49(7):88–97
Sterbenz JP, Hutchison D, Çetinkaya EK, Jabbar A, Rohrer JP, Schöller M, Smith P (2010) Resilience and survivability in communication networks: strategies, principles, and survey of disciplines. Comput Netw 54(8):1245–1265
Suchman L (1993) Working relations of technology production and use. Comput Support Coop Work 2(1–2):21–39
Suchman L (2016) Making work visible. In: The New Production of Users. Routledge, pp 143–153
Suchman LA (1987) Plans and situated actions: the problem of human-machine communication. Cambridge University Press, Cambridge
(US), N.I.A.C.: Critical infrastructure resilience: final report and recommendations. National Infrastructure Advisory Council (2009)
Vogus TJ, Sutcliffe KM (2007) Organizational resilience: towards a theory and research agenda. In: 2007 IEEE International Conference on Systems, Man and Cybernetics, pp 3418–3422
Weick KE (1987) Organizational culture as a source of high reliability. Calif Manage Rev 29(2):112–127
Weick KE, Roberts KH (1993) Collective mind in organizations: heedful interrelating on flight decks. Adm Sci Q, 357–381
Wildavsky A (1997) But is it true? A citizen’s guide to environmental health and safety issues. Harvard University Press, Cambridge
Acknowledgements
This chapter is based on work from COST Action CA15127 (“Resilient communication services protecting end-user applications from disaster-based failures—RECODIS”) supported by COST (European Cooperation in Science and Technology) and supported by the European Union Seventh Framework Programme under grant agreement no. 608090: project HyRiM (Hybrid Risk Management for Utility Providers).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Anderson, T., Busby, J., Gouglidis, A., Hough, K., Hutchison, D., Rouncefield, M. (2020). Human and Organizational Issues for Resilient Communications. In: Rak, J., Hutchison, D. (eds) Guide to Disaster-Resilient Communication Networks. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-030-44685-7_32
Download citation
DOI: https://doi.org/10.1007/978-3-030-44685-7_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44684-0
Online ISBN: 978-3-030-44685-7
eBook Packages: Computer ScienceComputer Science (R0)