News

Mikko Kiviharju's research delves into the cybersecurity of critical infrastructure

Aalto University’s new Professor of Practice Mikko Kiviharju thinks information security should be integral to organisations and not just another software product
Mikko Kiviharju käytävällä, kuva Aalto-yliopisto Matti Ahlgren
Kiviharju worked with information and cybersecurity at the Finnish Defence Research Agency for the past twenty years. Image: Matti Ahlgren/Aalto University

What is your research about?

My research is focused on applied cybersecurity for logistics and critical infrastructure. This covers cybersecurity as life cycle thinking, the vulnerabilities in the internet of things and machine learning in cybersecurity.

How would you describe the impact of your research?

My main focus is on systems that are already in use, or directly available for use to protect critical infrastructure. Hence, societal impact is largely built-in to my line of research. I hope it will also be channeled into practical impact through collaborations with our partner organisations. From a scientific perspective, I think machine learning in our field is still in its infancy and there’s plenty of ground to cover with new research.

How has the information security of critical infrastructure evolved over the past two decades?

Stuxnet was a wake-up call for cybersecurity awareness in critical infrastructure. It was also a turning point. It’s been 13 years since its discovery, and I’d argue that situational awareness about security in different parts of critical infrastructure has improved dramatically. Yet, the questions of how we improve the security of these various parts, and when, are very different. Operational technology (OT) systems – the technology that helps to run and manage machines, plants, and equipment in various industries – are usually detached from the regular cycle of information systems, so there’s plenty of work to do. On the other hand, the security of critical information infrastructure has made some very positive strides in the past decade.

What are the highlights of your career, so far?

Regardless of its serious real-world effects, cybersecurity engineering is like a game. One party tries to protect systems and information while the other party attempts to break them or gain access to them. The attacker’s role is often more rewarding because success often feeds big and fast rewards. Personally I’ve engaged in some reverse engineering in, for example, figuring out the workings of an undocumented program. For example, revealing vulnerabilities in a highly protected protocol is rewarding – one such experience is when I managed to reverse engineer a security protocol in Microsoft’s fingerprint reader.

Mikko Kiviharju, kuva Aalto-yliopisto, Matti Ahlgren

Information and cybersecurity are often seen only through products, although they are an integral part of organisational strategy.

Mikko Kiviharju, professor of practice in cybersecurity, Aalto University

What are you excited about in your field currently?

Machine learning is entering real-world systems real fast, including logistics. They’re very different in technical terms, although security practices and security goals will stay more or less the same. It’s interesting to study how technical information security which has been tailored for machine learning technologies can fulfill traditional security goals.

What are common misconceptions about information security?

Information and cybersecurity are often seen only through products, although they are an integral part of organisational strategy and risk analysis. Integrity has many dimensions – hacking is a good measurement of systems integrity, while the integrity of function and processes is built on various parts.

Where do you find beauty in information security?

Information security theory is mostly applied mathematics. In mathematics, simple principles and inferences that have far-reaching implications have meaning and are considered beautiful. In this vein, the Shannon entropy – meaning theoretical uncertainty in information – is a concept and theory I find beautiful.

Who is your worst and best critic?

My worst critic is me, of course. Who else would know better if I actually tried my hardest! My best critic is a tough one – what makes someone a good critic? Perhaps someone who can provide a relevant context for your work, who has an idea of where you’re at and where you’re going an someone who can enable you to exceed yourself. My PhD supervisor, emerita professor Kaisa Nyberg was very good at this.

What do you do on your spare time and how do you relax?

I have my hands full with maintaining my 30-year-old house and garden! I also do carpentry and woodcraft – I build shelves, tables and ornaments. For sports, I've found that cross-country skiing, running and rollerblading work best for me.

Mikko Kiviharju has worked with information and cybersecurity at the Finnish Defence Research Agency, most recently as a research manager in cryptographic systems. His main areas of competence are information security and applied cryptography in access control and network security. Kiviharju has started as a professor of practice at Aalto University’s Department of Computer Science in May 2023. 

 Mikko Kiviharju

Mikko Kiviharju

Assistant Professor Russell Lai wants to solve practical problems with his strong theoretical background in cryptography.

Russell Lai is at the vanguard of cryptography

Aalto University’s new Assistant Professor Russell Lai is a cryptography researcher, who wants to bring the fruits of his academic work to the use of everyday citizens, without sacrificing robustness.

News
Chris_Brzuska_Aalto_SCI_photo_by_Matti_Ahlgren

For Chris Brzuska, truth and understanding are supreme virtues

Assistant Professor Chris Brzuska feels very lucky to be able to interact with great people in mathematics and computer science in a meaningful way, every single day.

News
  • Published:
  • Updated:
Share
URL copied!

Read more news

A new eco-friendly method to modify cellulose for sustainable materials
Press releases, Research & Art Published:

A new eco-friendly method to modify cellulose for sustainable materials

Researchers at Aalto University have developed a method to modify cellulose, reducing toxic solvent use by over ten times compared to traditional methods. This innovation has potential applications in eco-friendly nanocomposites, cellulose-based membranes, and biomedical devices, supporting sustainable material development.
Three persons sitting in front of multiple screens, balloons floating in the air
Awards and Recognition, Studies Published:
The key research device at the ARotor laboratory in Otaniemi is a measurement and grinding machine with a paper machine roll.
Research & Art Published:

'It is just not possible' pushes mechanical engineering researchers towards more ambitious goals

Long-term cooperation and work in Valmet’s Veturi projects produce results for the needs of heavy industry.
Ana Triana was herself the subject of the research, monitored as she went about her daily life. Photo by Matti Ahlgren.
Press releases Published:

Echoes in the brain: Why today’s workout could fuel next week’s bright idea

In a rare, longitudinal study, researchers from Aalto University and the University of Oulu tracked one person’s brain and behavioural activity for five months using brain scans and data from wearable devices and smartphones.