Mikko Kiviharju's research delves into the cybersecurity of critical infrastructure

Aalto University’s new Professor of Practice Mikko Kiviharju thinks information security should be integral to organisations and not just another software product
Mikko Kiviharju käytävällä, kuva Aalto-yliopisto Matti Ahlgren
Kiviharju worked with information and cybersecurity at the Finnish Defence Research Agency for the past twenty years. Image: Matti Ahlgren/Aalto University

What is your research about?

My research is focused on applied cybersecurity for logistics and critical infrastructure. This covers cybersecurity as life cycle thinking, the vulnerabilities in the internet of things and machine learning in cybersecurity.

How would you describe the impact of your research?

My main focus is on systems that are already in use, or directly available for use to protect critical infrastructure. Hence, societal impact is largely built-in to my line of research. I hope it will also be channeled into practical impact through collaborations with our partner organisations. From a scientific perspective, I think machine learning in our field is still in its infancy and there’s plenty of ground to cover with new research.

How has the information security of critical infrastructure evolved over the past two decades?

Stuxnet was a wake-up call for cybersecurity awareness in critical infrastructure. It was also a turning point. It’s been 13 years since its discovery, and I’d argue that situational awareness about security in different parts of critical infrastructure has improved dramatically. Yet, the questions of how we improve the security of these various parts, and when, are very different. Operational technology (OT) systems – the technology that helps to run and manage machines, plants, and equipment in various industries – are usually detached from the regular cycle of information systems, so there’s plenty of work to do. On the other hand, the security of critical information infrastructure has made some very positive strides in the past decade.

What are the highlights of your career, so far?

Regardless of its serious real-world effects, cybersecurity engineering is like a game. One party tries to protect systems and information while the other party attempts to break them or gain access to them. The attacker’s role is often more rewarding because success often feeds big and fast rewards. Personally I’ve engaged in some reverse engineering in, for example, figuring out the workings of an undocumented program. For example, revealing vulnerabilities in a highly protected protocol is rewarding – one such experience is when I managed to reverse engineer a security protocol in Microsoft’s fingerprint reader.

Mikko Kiviharju, kuva Aalto-yliopisto, Matti Ahlgren

Information and cybersecurity are often seen only through products, although they are an integral part of organisational strategy.

Mikko Kiviharju, professor of practice in cybersecurity, Aalto University

What are you excited about in your field currently?

Machine learning is entering real-world systems real fast, including logistics. They’re very different in technical terms, although security practices and security goals will stay more or less the same. It’s interesting to study how technical information security which has been tailored for machine learning technologies can fulfill traditional security goals.

What are common misconceptions about information security?

Information and cybersecurity are often seen only through products, although they are an integral part of organisational strategy and risk analysis. Integrity has many dimensions – hacking is a good measurement of systems integrity, while the integrity of function and processes is built on various parts.

Where do you find beauty in information security?

Information security theory is mostly applied mathematics. In mathematics, simple principles and inferences that have far-reaching implications have meaning and are considered beautiful. In this vein, the Shannon entropy – meaning theoretical uncertainty in information – is a concept and theory I find beautiful.

Who is your worst and best critic?

My worst critic is me, of course. Who else would know better if I actually tried my hardest! My best critic is a tough one – what makes someone a good critic? Perhaps someone who can provide a relevant context for your work, who has an idea of where you’re at and where you’re going an someone who can enable you to exceed yourself. My PhD supervisor, emerita professor Kaisa Nyberg was very good at this.

What do you do on your spare time and how do you relax?

I have my hands full with maintaining my 30-year-old house and garden! I also do carpentry and woodcraft – I build shelves, tables and ornaments. For sports, I've found that cross-country skiing, running and rollerblading work best for me.

Mikko Kiviharju has worked with information and cybersecurity at the Finnish Defence Research Agency, most recently as a research manager in cryptographic systems. His main areas of competence are information security and applied cryptography in access control and network security. Kiviharju has started as a professor of practice at Aalto University’s Department of Computer Science in May 2023. 

 Mikko Kiviharju

Mikko Kiviharju

Assistant Professor Russell Lai wants to solve practical problems with his strong theoretical background in cryptography.

Russell Lai is at the vanguard of cryptography

Aalto University’s new Assistant Professor Russell Lai is a cryptography researcher, who wants to bring the fruits of his academic work to the use of everyday citizens, without sacrificing robustness.


For Chris Brzuska, truth and understanding are supreme virtues

Assistant Professor Chris Brzuska feels very lucky to be able to interact with great people in mathematics and computer science in a meaningful way, every single day.

  • Published:
  • Updated:

Read more news

Miia Mäkelä
Appointments Published:

Miia Mäkelä has been appointed as Associate Professor at the Department of Bioproducts and Biosystems

D.Sc. (Microbiology) Miia Mäkelä has been appointed as tenured Associate Professor at the Department of Bioproducts and Biosystems as of 1 September 2024.
Daniel Martin-Yerga
Appointments Published:

Daniel Martin-Yerga has been appointed Assistant Professor at the Department of Chemistry and Materials Science

Ph. D. Daniel Martin-Yerga has been appointed five-year fixed term Assistant Professor position at the Department of Chemistry and Materials Science as of 1 January 2025.
Aalto-yliopiston kauppakorkeakoulu / Kuva Roope Kiviranta
Appointments Published:

Professor appointments at the School of Business

Prottoy Akbar, Pablo Warnes, Erkki Vihriälä and Christoph Huber will start in their new positions on 1 August 2024.
Appointments Published:

Introducing four new professors at the School of Engineering

Professors of Practice Hannele Holttinen and Teemu Manderbacka and Assistant Professors Mikko Suominen and Risto Ojala were appointed to the career path of professors during January-June 2024.