Sign In

Manage cyber-physical risks


How to avoid disturbances in critical systems?

Critical infrastructure related systems are complex and highly networked. Identifying and managing the related risks is challenging, especially if interdependencies between cyber and physical risks are analyzed simultaneously.

VTT has developed a risk analysis method for abnormal situations, where cyber-risk causes disturbances in the physical functions of your system, machine or device. Our target is to identify all serious malfunctions and possible consequences in order to understand the cause-effect relationships of different risk situations as well as to plan actions for their control and treatment.

Why to pay attention to unlikely events?

In cyber risk management, attention is paid to hypothetical events that are likely to be low in probability but have high consequences, including major system disruptions. This approach helps us find out which scenarios would be most obvious for hacking.

When assessing the impact of control and treatment actions interrelated with critical infrastructure, one aspect of acceptability is to weigh up which actions you should take against the possible serious consequences for society.






​Poussa, L., Pentikäinen, H., Molarius, R., Noponen, S., & Välisalo, T. (2017). Managing cyber and physical risk of water entities. In SRA Nordic 2017 Abstracts - link

Karanta, I., & Rautila, M. (2017). Active mitigation support against advanced persistent threat risks. In SRA Nordic 2017 Abstracts Aalto University. - link

Karanta, I., & Rautila, M. (2017). An Expert System for Mitigation Actions. In Proceedings of the 20th Conference of Open Innovations Association FRUCT (pp. 125-130). - link


You'll find more information on publications and other research activities on VTT's Research Information Portal.