Secure emergency communications of emergency responders a case study of Kemi municipality in Finland

University dissertation from Luleå tekniska universitet

Abstract: Emergency response is highly time-critical and information dependent: every moment counts and organizations need to access various information that supports their decision making and informs them about the scale and location of the emergency, the damages, and the availability of human and physical resources. This kind information can originate from many different places and the situation can be stressful as there is a need to communicate quickly, reliably and accurately within their own organization, but also inter-organizationally. ICTs make it possible to access and spread information with speed and efficiency, but other factors, such as different professional cultures, can still hinder information sharing. There is a growing need in emergency organizations to develop understanding for how communications between emergency responders can be secured. It seems important to consider how emergency responders respond to security objectives, since the assumptions for secure communications may not only be developed on the premise of ICT, but also how the emergency actors appreciate the emergency environments in terms of secure communications. The aim of this research is to develop understanding of information security and secure communications in a context where it has not been well researched. The research looks at secure emergency communications from a socio-technical viewpoint and concentrates on the communication inside and between the emergency organizations of police, the paramedics, and the rescue department in the municipality of Kemi, and more specifically on the communications of operative emergency actors while they are working in the preparedness and response phases of emergency management. Two persons from each organization were interviewed using semi-structured interviews, and the empirical data was used for writing the appended papers that are the basis of this thesis work. The research started by doing an extensive literature review and analysis on the field of secure emergency communications.The results show that while technical developments on the field aim at effective and secure technologies, organizational aspects of emergency communications seem to involve not only emergency actors, but also how these actors more and more utilize information technology. The landscape for emergency management is becoming very diverse, which challenges the way that secure emergency communications can be understood. The developers of future emergency communications structures not only need to ensure the technical aspects of confidentiality, availability and integrity of information, but they also need to take into account the social rules, norms and structures that guide the emergency communication. Next, this research sought out to re-conceptualize the role of information security in emergency response. A conceptual basis encompassing technical, cognitive and organizational information security layers as a relationship between association and connectivity was developed by synthesizing Actor Network Theoryand Theory of Organizational Routines. The approach of combining two theoretical accounts details the enactment of information security in emergency response so as to understand how cognition ties technical security features with organizational security issues. Without the cognitive layer, the technical and organizational aspects of information security remain static or disconnected to the actions performed during emergency response. Theoretically the approach contributes constructively to describe an alternative approach to information security research to address the gap between formal and informal criteria of information security. Lastly, the research sought out to explore the current situation of the case organizations in detail concerning their level of information security, communication challenges faced, and training offered. It was learned that different aspects of information security are valued depending on whether emergency responders work in preparation periods or if they are responding to an emergency: 1) When working in their own respective organizations the most important aspect was information confidentiality 2) When responding to emergency the most important aspects were information availability and integrity. Most communication challenges present in emergency communications can be seen to arise when responding to emergencies. This is not something currently being taken into account in the case organizations. The basic training of emergency actors and the training and guidelines of each organization largely concentrate on confidentiality issues, and tools and communications training that would be needed to ensure information availability and integrity when responding to an emergency is not prioritized. To overcome the communication challenges present in emergency communications and to ensure confidentiality, availability and integrity of emergency information, those responsible for information security in emergency organizations must therefore provide up to date information security training and awareness building, but also tools and communications training that supports inter-organizational communication.

  This dissertation MIGHT be available in PDF-format. Check this page to see if it is available for download.