Visualizing Operational Cybersecurity : Enhancing situational awareness in industrial internet of things environments
Zhao, Hanning (2025)
Tampere University
2025
Tieto- ja sähkötekniikan tohtoriohjelma - Doctoral Programme in Computing and Electrical Engineering
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Väitöspäivä
2025-11-14
Julkaisun pysyvä osoite on
https://urn.fi/URN:ISBN:978-952-03-4160-2
https://urn.fi/URN:ISBN:978-952-03-4160-2
Tiivistelmä
The integration of Information Technology (IT) and Operational Technology (OT) with the Industrial Internet of Things (loT) has significantly transformed industrial operations, enhancing efficiency and intelligence across a range of critical infrastructures and loT sensors in Industry 4.0. However, such operational environments have posed new cybersecurity challenges, particularly due to the low cyber situational awareness among diverse stakeholders. Both security professionals and field operators suffer from low visibility of the cybersecurity situation and the absence of efficient and standardized collaborative defense. This complexity has underscored the importance of developing operational security visualization for various stakeholders. Recent research has shown a growing interest in applying security visualization tailored for operational environments, focusing on smart grids, water facilities, maritime, and smart factories.
This dissertation investigates how tailored security visualization can enhance cyber situational awareness and facilitate security collaboration in operational environments. The primary research question explored is "How can security visualization be leveraged to increase cybersecurity situational awareness in operational environments?" Three interconnected research themes were studied to answer this question: Cybersecurity Visualization; Cybersecurity Management; Design and Evaluation.
For cybersecurity visualization, this dissertation implements role specific security visualization in two operational environments: the maritime industry and loT building automation. These security dashboards are designed based on comprehensive stakeholder roles, including terminal operators, security analysts and managers, house managers, IT personnel, and residents. Visualization techniques such as summary views, heatmaps, multivariate and location-based views like Dorling Cartogram were implemented to support real-time operational security monitoring, anomaly detection, and incident response.
Cybersecurity management emphasizes utilizing open standards such as the lncident Object Description Exchange Format (IODEF) and the Lightweight Machine to-Machine (LwM2M) protocol to enable real-time cyber awareness, security collaboration, and structured incident exchange. A LwM2M-based security monitoring and incident sharing framework is developed and evaluated using three data for mats- XML, JSON, and CBOR- to show the support for interoperable communication across heterogeneous operational systems and multiple stakeholder roles.
Finally, in design and evaluation, a User-Centered Design (UCD) methodology was applied for designing effective and usable visualization, and an Artificial Intelligence (Al}-assisted approach for user evaluation was implemented using Large Language Models (LLMs) such as ChatGPT-4, ChatGPT-4o, and Bing Chat to assess the usability of developed security dashboards in the context of building automation.
By employing a multidisciplinary approach, this study integrates key principles from cybersecurity, human-computer interaction, and data visualization. The proposed security visualization and collaboration solution in operational environments has demonstrated its effectiveness in reinforcing situational awareness among different stakeholder roles. Beyond the two specific environments explored, this dissertation also provides a summary of visualization techniques that are applicable to a broad range of industrial sectors. Other outcomes, such as implemented security dashboards, along with the design and evaluation methodologies, can be adapted and serve as a design framework for the future development of user-centric cybersecurity tools that enhance cybersecurity situational awareness and collaborative defense in other industrial domains.
This dissertation investigates how tailored security visualization can enhance cyber situational awareness and facilitate security collaboration in operational environments. The primary research question explored is "How can security visualization be leveraged to increase cybersecurity situational awareness in operational environments?" Three interconnected research themes were studied to answer this question: Cybersecurity Visualization; Cybersecurity Management; Design and Evaluation.
For cybersecurity visualization, this dissertation implements role specific security visualization in two operational environments: the maritime industry and loT building automation. These security dashboards are designed based on comprehensive stakeholder roles, including terminal operators, security analysts and managers, house managers, IT personnel, and residents. Visualization techniques such as summary views, heatmaps, multivariate and location-based views like Dorling Cartogram were implemented to support real-time operational security monitoring, anomaly detection, and incident response.
Cybersecurity management emphasizes utilizing open standards such as the lncident Object Description Exchange Format (IODEF) and the Lightweight Machine to-Machine (LwM2M) protocol to enable real-time cyber awareness, security collaboration, and structured incident exchange. A LwM2M-based security monitoring and incident sharing framework is developed and evaluated using three data for mats- XML, JSON, and CBOR- to show the support for interoperable communication across heterogeneous operational systems and multiple stakeholder roles.
Finally, in design and evaluation, a User-Centered Design (UCD) methodology was applied for designing effective and usable visualization, and an Artificial Intelligence (Al}-assisted approach for user evaluation was implemented using Large Language Models (LLMs) such as ChatGPT-4, ChatGPT-4o, and Bing Chat to assess the usability of developed security dashboards in the context of building automation.
By employing a multidisciplinary approach, this study integrates key principles from cybersecurity, human-computer interaction, and data visualization. The proposed security visualization and collaboration solution in operational environments has demonstrated its effectiveness in reinforcing situational awareness among different stakeholder roles. Beyond the two specific environments explored, this dissertation also provides a summary of visualization techniques that are applicable to a broad range of industrial sectors. Other outcomes, such as implemented security dashboards, along with the design and evaluation methodologies, can be adapted and serve as a design framework for the future development of user-centric cybersecurity tools that enhance cybersecurity situational awareness and collaborative defense in other industrial domains.
Kokoelmat
- Väitöskirjat [5189]