Visualization of Cyber Threats: Visualization to leading operatives during cybersecurity exercises
Information
Författare: Gustaf TyskBeräknat färdigt: 2023-05
Handledare: Annika Skoglund
Handledares företag/institution: Department of Civil and Industrial Engineering
Ämnesgranskare: Annika Skoglund
Övrigt: Entreprenörsskolan
Presentation
Presentatör: Gustaf TyskPresentationstid: 2023-05-18 11:15
Opponent: Entreprenörsskolan
Abstract
The increasing dependence on digital infrastructure leaves individuals, societies and even nations vulnerable in the case of a cyberattack. To prepare for threats and attacks, cyberattacks can be simulated in environments called cyber ranges. CYBER RANGE AND TRAINING ENVIRONMENT (CRATE), Sweden’s cyber range, is an example of such an environment. This environment is sophisticated and complex, but challenges remain for the operatives in how to interpret the multitude of information items that are produced during a simulation. An emerging field of study is the study of situational awareness in the cyber domain, which describes how an operative can render an accurate mental picture, which enables for quick assessment and decision-making in a situation where a multitude of data or information items are involved. An integral part of situational awareness is effective visualization. Visualization can form the linkage in the human-computer interaction and has been demonstrated in other industries and fields to facilitate situational awareness. However, the linkage between situational awareness and visualization in the unique context of a cyber range was a new topic of study. This thesis aim was to provide insight and advance the knowledge of visualization for situational awareness in the unique context of the cyber range CRATE. Conclusively, in the development of a visualization software, the abstraction levels and time frame of the information items collected should be considered. Each information item is of different relevance depending on both the operative’s role and in which time frame through which the information is analyzed. A visualization technique that recognizes the abstraction level and the time frame increases the situational awareness for the operative conducting the simulation because it renders both an estimation of critical core processes, current events that are unfolding and enables for the future projection of events.