Our society’s critical infrastructures (CI) —energy, water, transportation, communication, critical information infrastructure —lacks of resilience, typically losing essential functionality following adverse events. In the future, the number of climatic extremes may intensify or become more frequent, and building resilience becomes the optimal course of action for large complex systems. CI are cyber-physical systems (CPS) increasingly using open networks for operation. The vulnerabilities of the software deployed in the new control system infrastructure will expose the control system to many potential risks and threats from attackers. CPS have become a major area for research and development. However, all CPS are also sociotechnical systems (STS), and for successful integration with society, the sociotechnical dimension of CPS should be addressed. The target of this paper is to research how resilience management of critical systems can be understood. The study indicates that situational awareness, continuous learning and the sociotechnical dimension of CPS are prerequisites for any CI to become resilient.
Cyber security, Critical infrastructure, Critical infrastructure protection, Resilience, Sociotechnical system, Cyber-Physical system, Software-Intensive System, System of systems
 I. Linkov, T. Bridges, F. Creutzig, J. Decker, C. Fox-Lent, W. Kröger, J. H. Lambert, A. Levermann, B. Montreuil, J. Nathwani, R. Nyer, O. Renn, B. Scharte, A. Scheffler, M. Schreurs and T. ThielClemen, “Changing the resilience paradigm,” Nature Climat Change, vol. 4, pp. 407-409, 2014.
 P. Bosch, “RESIN: Resilient Cities and Infrastructures,” European CIIP Newsletter, vol. 9, no. 3, pp. 15-16, 2015.
 M. Sveda, “Dependability in CyberPhysical Systems Network Applications,” in Latest Trends in Circuits, Systems, Signal Processing and Automatic Control, Salerno, 2014.
 L. Lukas and M. Hromada, “Management of protection of Czech Republic critical infrastructure elements,” in Proceedings of the 13th WSEAS international conference on Automatic control, modelling & simulatio, 2011.
 H. S. Ariane Hellinger, Cyber-Physical Systems. Driving force for innovation in mobility, health, energy and production, 2011.
 A. Hevner and S. Chatterjee, Design Science Research in Information Systems, Springer, 2010.
 J. Rajamäki, “Towards a Design Theory for Resilient (Sociotechnical, CyberPhysical, Software-intensive and Systems of) Systems,” in Recent Advances in Information Science, Barcelona, 2016.
 M. Jamshidi, Systems of Systems Engineering: principle and applications, CRC Press, 2009.
 R. McMillan, “Siemens: Stuxnet worm hit industrial systems,” Sept. 2010. [Online]. Available: http://www.computerworld.com/s/article/ print/9185419. [Accessed 18 March 2016].
 S. Greengard, “The new face of war,” Commun. ACM, vol. 53, no. 12, pp. 20-22, 2010.
 B. Krebs, “Cyber incident blamed for nuclear power plant shutdown,” Washington Post, June 2008. [Online]. Available: http://www.washingtonpost.com/wpdyn/content/article/2008/06/05/AR200806 0501958.html. [Accessed 18 March 2016].
 S. Gorman, “Electricity grid in U.S. penetrated by spies,” Wall Str. J., April 2009. [Online]. Available: http://online.wsj.com/article/SB12391480 5204099085.html. [Accessed 18 March 2016].
 A. Cardenas, S. Amin and S. Sastry, “Securecontrol:Towards survivablecyberphysicalsystems,” in Proceedings oftheTwenty-Eighth International Conferenceon Distributed Computing Systems Workshops, 2008.
 Y. Liu, P. Ning and M. Reiter, “ False data injection attacks against state estimation in electric power grids,” in Proceedings of the Sixteenth ACM Conference on Computer and Communications Security, 2009.
 C. Li, A. Raghunathan and N. Jha, “Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system,” in Proceedings of the Thirteenth IEEE International Conference on eHealth Networking Applications and Services, 2011.
 J. Radcliffe, “Hacking medical devices for fun and insulin: Breaking the human SCADA system,” in The Black Hat Technical Security Conference USA, 2011.
 D. Shepard, J. Bhattiand and T. Humphreys, “Dronehack: Spoofing attack demonstration on a civilian unmanned aerial vehicle,” GPS World, 1 August 2012.
 A. Hahn, R. Thomas, I. Lozano and A. Cardenas, “A multi-layered and kill-chain based security analysis framework for cyber-physical systems,” Internal Journal of Critical Infrastructure Protection, vol. 11, pp. 39-50, 2015.
 Q. Zhu and T. Basar, “Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems,” IEEE Control Systems, vol. 35, no. 1, pp. 46-65, 2015.
 M. Ilic, “From hierarchical to open access electric power systems,” Proc. IEEE, vol. 95, no. 5, pp. 1060-1084, 2007.
 W. Lee and S. Jang, “A study on information security management system model for small and medium enterprises,” Recent Advances in E-Activities, Information Security and Privacy, pp. 84- 87, 2009.
 J. S. Broderick, “ISMS, security standards and security regulations,” Information Security Technical Report, vol. 11, pp. 26- 31, 2006.
 M. Siponen and R. Willison, “Information security management standards: Problems and solutions,” Information & Management, vol. 46, pp. 267-270, 2009.
Cite this paper
Jyri Rajamäki. (2017) Resilient Sociotechnical, Cyber-Physical, Software-Intensive Systems of Systems. International Journal of Computers, 2 , 1-7