DiVA

diva-portal.org

Digitala Vetenskapliga Arkivet

EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cyber situation awareness and common operational pictures: Studies of the Swedish public sector
KTH, School of Electrical Engineering and Computer Science (EECS), Human Centered Technology, Media Technology and Interaction Design, MID.ORCID iD: 0000-0003-1748-3769
2025 (English)Doctoral thesis, comprehensive summary (Other academic)
Sustainable development
SDG 8: Decent work and economic growth, SDG 9: Industry, innovation and infrastructure
Abstract [en]

Cybersecurity is one of the pillars of successful digitalization of our societies. A key component of cybersecurity is that staff involved in cybersecurity work develop situational awareness of the cyber environment and respond to events  based on that understanding. Despite growing interest in situation awareness for cybersecurity, few empirical studies look at cyber situation awareness from the human actor’s perspective within organizational contexts. The purpose of this thesis is to contribute to research on improving cyber situation awareness capabilities in organizations, with a focus on the Swedish public sector.

The thesis includes five papers concerning different aspects of cyber situation awareness. In the first paper, a census is conducted presenting a snapshot of the cybersecurity maturity of the Swedish public sector and how the public sector communicated cybersecurity risks during the COVID-19 pandemic. In the second paper, the conditions under which cybersecurity work is conducted at Swedish administrative authorities are investigated, and results from semi-structured interviews with respondents involved in cybersecurity work are presented. In the third paper, four personas, based on empirical material from the first and second papers, are created and validated. In the fourth paper, a case study on how staff members involved in handling a cyberthreat in a large, complex organization develop cyber situation awareness while handling the threat is presented. In the fifth paper, participatory video prototyping is used to explore common operational picture system support needs to aid cyber situation awareness for staff involved in handling cyberthreats.

The thesis discusses challenges to cyber situation awareness in organizations, how cyber situation awareness can be improved, and how common operational pictures should be designed. 
Abstract [sv]

Cybersäkerhet är en av grundpelarna för en framgångsrik digitalisering av våra samhällen. En nyckelkomponent för cybersäkerhet är att personal som arbetar med cybersäkerhet utvecklar cyberlägesförståelse för att ”få koll på läget” i cybermiljön och, baserat på den förståelsen, reagerar på händelser. Trots det växande intresset för cyberlägesförståelse så finns det få empiriska studier som undersöker cyberlägesförståelse från den mänskliga aktörens perspektiv i organisatoriska sammanhang. Syftet med avhandlingen är att bidra till cyberlägesförståelseforskningen  genom att undersöka cyberlägesförståelse i organisationer och presentera empiriska studier med fokus på svensk offentlig sektor.

I denna avhandling ingår fem artiklar som studerar olika aspekter av cyberlägesförståelse. I den första artikeln har en totalundersökning av den svenska offentliga sektorn genomförts och en  ögonblicksbild av sektorns cybersäkerhetsmognad samt hur offentlig sektor kommunicerade om cybersäkerhetsrisker under COVID-19-pandemin presenteras. I den andra artikeln har de förutsättningar under vilka cybersäkerhetsarbete bedrivs vid svenska förvaltningsmyndigheter undersökts och resultat från semi-strukturerade intervjuer med respondenter som deltar i cybersäkerhetsarbetet vid förvaltningsmyndigheterna presenteras. I den tredje artikeln presenteras fyra personor, baserade på det empiriska materialet från den första och andra artikeln, som validerats. I den fjärde artikeln presenteras en fallstudie om hur personal i en stor, komplex organisation utvecklade cyberlägesförståelse under tiden de hanterade ett cyberhot. I den femte artikeln utforskas behovet av systemstöd för lägesbilder som kan underlätta för cyberlägesförståelse hos personal som hanterar cyberhot genom den deltagande design-metoden video-prototypande. 

Avhandlingen diskuterar utmaningarna för cyberlägesförståelse i organisationer, hur cyberlägesförståelse kan förbättras, samt hur systemstöd för lägesbilder bör utformas för att stödja cyberlägesförståelse.
Place, publisher, year, edition, pages
Stockholm: Kungliga Tekniska högskolan, 2025. , p. ix, 67
Series
TRITA-EECS-AVL ; 2025:40
Keywords [en]
cyber situation awareness, cybersecurity, public sector, common operational picture, crisis management
Keywords [sv]
cyberlägesförståelse, cybersäkerhet, offentlig sektor, lägesbild, krishantering
National Category
Human Computer Interaction
Research subject
Human-computer Interaction
Identifiers
URN: urn:nbn:se:kth:diva-362904ISBN: 978-91-8106-241-0 (print)OAI: oai:DiVA.org:kth-362904DiVA, id: diva2:1955314
Public defence
2025-05-27, F3 (Flodis), Lindstedtsvägen 26 & 28, Stockholm, 14:00 (English)
Opponent
Supervisors
Funder
Swedish Armed Forces
Note

QC 20250430

Available from: 2025-04-30 Created: 2025-04-29 Last updated: 2025-05-09Bibliographically approved
List of papers
1. A Census of Swedish Public Sector Employee Communication on Cybersecurity during the COVID-19 Pandemic
Open this publication in new window or tab >>A Census of Swedish Public Sector Employee Communication on Cybersecurity during the COVID-19 Pandemic
2021 (English)In: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021, Institute of Electrical and Electronics Engineers (IEEE), 2021, p. 1-8Conference paper, Published paper (Refereed)
Abstract [en]

The COVID-19 pandemic has accelerated the digitalization of the Swedish public sector, and to ensure the success of this ongoing process cybersecurity plays an integral part. While Sweden has come far in digitalization, the maturity of cybersecurity work across entities covers a wide range. One way of improving cybersecurity is through communication, thereby enhancing employee cyber situation awareness. In this paper, we conduct a census of Swedish public sector employee communication on cybersecurity at the beginning of the COVID-19 pandemic using questionnaires. The study shows that public sector entities find the same sources of information useful for their cybersecurity work. We find that nearly two thirds of administrative authorities and almost three quarters of municipalities are not yet at the implemented cybersecurity level. We also find that 71 % of municipalities have less than one dedicated staff for cybersecurity.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2021
Keywords
Cybersecurity, COVID-19, public sector, situation awareness
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-312759 (URN)10.1109/CyberSA52016.2021.9478241 (DOI)2-s2.0-85114209574 (Scopus ID)
Conference
International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021, Dublin, Ireland, June 14-18, 2021
Funder
Swedish Armed Forces
Note

Part of ISBN 978-1-6654-2529-2QC 20220524

Available from: 2022-05-23 Created: 2022-05-23 Last updated: 2025-04-29Bibliographically approved
2. Cybersecurity work at Swedish administrative authorities: taking action or waiting for approval
Open this publication in new window or tab >>Cybersecurity work at Swedish administrative authorities: taking action or waiting for approval
2024 (English)In: Cognition, Technology & Work, ISSN 1435-5558, E-ISSN 1435-5566, Vol. 26, no 4, p. 709-731Article in journal (Refereed) Published
Abstract [en]

In recent years, the Swedish public sector has undergone rapid digitalization, while cybersecurity efforts have not kept even steps. This study investigates conditions for cybersecurity work at Swedish administrative authorities by examining organizational conditions at the authorities, what cybersecurity staff do to acquire the cyber situation awareness required for their role, as well as what experience cybersecurity staff have with incidents. In this study, 17 semi-structured interviews were held with respondents from Swedish administrative authorities. The results showed the diverse conditions for cybersecurity work that exist at the authorities and that a variety of roles are involved in that work. It was found that national-level support for cybersecurity was perceived as somewhat lacking. There were also challenges in getting access to information elements required for sufficient cyber situation awareness.
Place, publisher, year, edition, pages
Springer Nature, 2024
National Category
Computer and Information Sciences
Research subject
Human-computer Interaction
Identifiers
urn:nbn:se:kth:diva-354123 (URN)10.1007/s10111-024-00779-1 (DOI)001321655700001 ()2-s2.0-85205049306 (Scopus ID)
Funder
Swedish Armed Forces
Note

QC 20240930

Available from: 2024-09-29 Created: 2024-09-29 Last updated: 2025-04-29Bibliographically approved
3. Four personas in search of cyber situation awareness
Open this publication in new window or tab >>Four personas in search of cyber situation awareness
(English)Manuscript (preprint) (Other academic)
Abstract [en]

The conditions for cybersecurity work in the public sector are diverse. This study presents user-centered personas representative of the variety of Swedish administrative authority cybersecurity staff. These personas are intended to be used for communication and design purposes to improve cyber situation awareness support systems and facilitate crisis communication.

Empirical material from 17 semi-structured interviews with cybersecurity staff and data on administrative authority size, were used to create personas. The personas were validated using triangulation through three activities. Implications for practice are addressed by suggesting solutions for the personas' problems, and use cases for the persona card deck are presented and discussed. Using personas in this way captures diverse needs for cyber situation awareness for staff involved in upholding cybersecurity in public sector organizations.
Keywords
cybersecurity, public sector, persona, crisis management
National Category
Computer and Information Sciences
Research subject
Human-computer Interaction
Identifiers
urn:nbn:se:kth:diva-362899 (URN)
Funder
Swedish Armed Forces
Note

QC 20250430

Available from: 2025-04-29 Created: 2025-04-29 Last updated: 2025-04-30Bibliographically approved
4. Cyber situation awareness during an emerging cyberthreat: a case study
Open this publication in new window or tab >>Cyber situation awareness during an emerging cyberthreat: a case study
(English)Manuscript (preprint) (Other academic)
Abstract [en]

The digitalization of our societies makes them increasingly vulnerable to emerging cyberthreats. These cyberthreats can manifest themselves in the form of organized, sophisticated, and persistent threat actors, as well as nonadversarial mistakes. Staff involved in responding to cyberthreats and handling incidents in organizations need cyber situation awareness. This paper presents a case study on what challenges members of staff involved in cybersecurity in a large, complex organization experience when developing cyber situation awareness while handling a remote code execution vulnerability in the form of Log4j. Two types of qualitative empirical material were used for the case study, data collected through semi-structured interviews with ten informants, and internal documentation. The empirical material was analyzed to create a timeline of events in the organization. The results show how information about the threat spread throughout the organization, the types of artifacts that served as common operational pictures, and the role played by information sharing in maintaining staff cyber situation awareness. Three major challenges to the organization were found: (i) information sharing among staff was not effortless, (ii) there was no organization-level common operational picture established, and (iii) inaccurate information was shared. This study adds a real-world contribution to the literature on organizational handling of cyberthreats.
Keywords
cyber situation awareness, common operational picture, cybersecurity, public sector, Log4j, Log4Shell
National Category
Computer and Information Sciences
Research subject
Human-computer Interaction
Identifiers
urn:nbn:se:kth:diva-362901 (URN)
Funder
Swedish Armed Forces
Note

QC 20250430

Available from: 2025-04-29 Created: 2025-04-29 Last updated: 2025-04-30Bibliographically approved
5. Envisioning cyber situation awareness through participatory video prototyping
Open this publication in new window or tab >>Envisioning cyber situation awareness through participatory video prototyping
2025 (English)In: Proceedings of the 22nd International Conference on Information Systems for Crisis Response and Management (ISCRAM 2025) / [ed] H. Afshari, A. Chauhan, L. Petersen, L. A. S. Britton, M. Melanson, M. Bhati, A. Habib, & R. Pelot, 2025Conference paper, Published paper (Refereed)
Abstract [en]

Our digital societies are vulnerable to cyber crises. Without cyber-resilient organizations, vital societal functions may suffer incidents or loss of service. The diverse roles involved in cybersecurity decision-making require cyber situation awareness to uphold robust cybersecurity. Existing systems and processes supporting cyber situation awareness are not tailored to organizational needs, either at the role or the group level. This study explores the need for socio-technical system support, presenting common operational pictures supporting cyber situation awareness for staff handling cyberthreats. The participatory design method video prototyping was used to elicit needs from staff in a large, complex, public sector organization providing essential services. All participants have roles in cybersecurity crisis and incident management. Results from the video prototyping workshop suggest that cybersecurity staff need (i) a single support system for incident management, and (ii) a shared data repository underpinning (iii) role-specific common operational pictures. The envisioned system support provides traceability and accountability.
Keywords
Cyber situation awareness, common operational picture, cyber crises, participatory design, video prototyping
National Category
Information Systems
Research subject
Human-computer Interaction
Identifiers
urn:nbn:se:kth:diva-362897 (URN)10.59297/xp06tf49 (DOI)
Conference
International Conference on Information Systems for Crisis Response and Management (ISCRAM 2025), May 18-21 2025, Halifax, Nova Scotia, Canada
Funder
Swedish Armed Forces
Note

Available from: 2025-04-29 Created: 2025-04-29 Last updated: 2025-05-07

Open Access in DiVA

Annika_Andreasson_Comprehensive_Summary(1547 kB)109 downloads
File information
File name FULLTEXT01.pdfFile size 1547 kBChecksum SHA-512
a8b6d1e5438004053f0ec5ff74ca1476cae93d06e71eab6b8f442350ef3326653b88b0edab6454427b382251cce36e977a87f6fbdfa8f5aed16d487fa3beee5d
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Andreasson, Annika
By organisation
Media Technology and Interaction Design, MID
Human Computer Interaction

Search outside of DiVA

GoogleGoogle Scholar
Total: 114 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1744 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
About DiVA Portal
|
About the DiVA Consortium