News

Mikko Kiviharju's research delves into the cybersecurity of critical infrastructure

Aalto University’s new Professor of Practice Mikko Kiviharju thinks information security should be integral to organisations and not just another software product
Mikko Kiviharju käytävällä, kuva Aalto-yliopisto Matti Ahlgren
Kiviharju worked with information and cybersecurity at the Finnish Defence Research Agency for the past twenty years. Image: Matti Ahlgren/Aalto University

What is your research about?

My research is focused on applied cybersecurity for logistics and critical infrastructure. This covers cybersecurity as life cycle thinking, the vulnerabilities in the internet of things and machine learning in cybersecurity.

How would you describe the impact of your research?

My main focus is on systems that are already in use, or directly available for use to protect critical infrastructure. Hence, societal impact is largely built-in to my line of research. I hope it will also be channeled into practical impact through collaborations with our partner organisations. From a scientific perspective, I think machine learning in our field is still in its infancy and there’s plenty of ground to cover with new research.

How has the information security of critical infrastructure evolved over the past two decades?

Stuxnet was a wake-up call for cybersecurity awareness in critical infrastructure. It was also a turning point. It’s been 13 years since its discovery, and I’d argue that situational awareness about security in different parts of critical infrastructure has improved dramatically. Yet, the questions of how we improve the security of these various parts, and when, are very different. Operational technology (OT) systems – the technology that helps to run and manage machines, plants, and equipment in various industries – are usually detached from the regular cycle of information systems, so there’s plenty of work to do. On the other hand, the security of critical information infrastructure has made some very positive strides in the past decade.

What are the highlights of your career, so far?

Regardless of its serious real-world effects, cybersecurity engineering is like a game. One party tries to protect systems and information while the other party attempts to break them or gain access to them. The attacker’s role is often more rewarding because success often feeds big and fast rewards. Personally I’ve engaged in some reverse engineering in, for example, figuring out the workings of an undocumented program. For example, revealing vulnerabilities in a highly protected protocol is rewarding – one such experience is when I managed to reverse engineer a security protocol in Microsoft’s fingerprint reader.

Mikko Kiviharju, kuva Aalto-yliopisto, Matti Ahlgren

Information and cybersecurity are often seen only through products, although they are an integral part of organisational strategy.

Mikko Kiviharju, professor of practice in cybersecurity, Aalto University

What are you excited about in your field currently?

Machine learning is entering real-world systems real fast, including logistics. They’re very different in technical terms, although security practices and security goals will stay more or less the same. It’s interesting to study how technical information security which has been tailored for machine learning technologies can fulfill traditional security goals.

What are common misconceptions about information security?

Information and cybersecurity are often seen only through products, although they are an integral part of organisational strategy and risk analysis. Integrity has many dimensions – hacking is a good measurement of systems integrity, while the integrity of function and processes is built on various parts.

Where do you find beauty in information security?

Information security theory is mostly applied mathematics. In mathematics, simple principles and inferences that have far-reaching implications have meaning and are considered beautiful. In this vein, the Shannon entropy – meaning theoretical uncertainty in information – is a concept and theory I find beautiful.

Who is your worst and best critic?

My worst critic is me, of course. Who else would know better if I actually tried my hardest! My best critic is a tough one – what makes someone a good critic? Perhaps someone who can provide a relevant context for your work, who has an idea of where you’re at and where you’re going an someone who can enable you to exceed yourself. My PhD supervisor, emerita professor Kaisa Nyberg was very good at this.

What do you do on your spare time and how do you relax?

I have my hands full with maintaining my 30-year-old house and garden! I also do carpentry and woodcraft – I build shelves, tables and ornaments. For sports, I've found that cross-country skiing, running and rollerblading work best for me.

Mikko Kiviharju has worked with information and cybersecurity at the Finnish Defence Research Agency, most recently as a research manager in cryptographic systems. His main areas of competence are information security and applied cryptography in access control and network security. Kiviharju has started as a professor of practice at Aalto University’s Department of Computer Science in May 2023. 

 Mikko Kiviharju

Mikko Kiviharju

Mahine Learning researchers working at Department of Computer Science in Aalto University

Department of Computer Science

To foster future science and society.

Assistant Professor Russell Lai wants to solve practical problems with his strong theoretical background in cryptography.

Russell Lai is at the vanguard of cryptography

Aalto University’s new Assistant Professor Russell Lai is a cryptography researcher, who wants to bring the fruits of his academic work to the use of everyday citizens, without sacrificing robustness.

News
Chris_Brzuska_Aalto_SCI_photo_by_Matti_Ahlgren

For Chris Brzuska, truth and understanding are supreme virtues

Assistant Professor Chris Brzuska feels very lucky to be able to interact with great people in mathematics and computer science in a meaningful way, every single day.

News
  • Published:
  • Updated:

Read more news

Minna Halme, photo by Hayley Le
University Published:

Minna Halme: At first, sustainability wasn’t taken seriously

In the most recent Walk in my shoes interview, Professor Minna Halme shares how it felt to be one of the pioneers in the field of sustainability management.
Cone Calorimeter Testing
Research & Art Published:

BIOSUOJA project is saving lives by developing bio-based fire retardant coatings

A talented group of young researchers is making these non-toxic coatings out of wood.
Sandra Kaabel
Appointments Published:

Sandra Kaabel has been appointed Assistant Professor at the Department of Chemistry and Materials Science

Ph.D. Sandra Kaabel has been appointed five-year fixed term Assistant Professor position at the Department of Chemistry and Materials Science as of 1 April 2024. The field of the professorship is Organic Synthesis Technologies.
Sirje Liukko
Awards and Recognition Published:

Decorations of the President of the Republic to Sirje Liukko

Presidential Medal of Honour has been awarded to Planning Officer Sirje Liukko at the School of Chemical Engineering.