Using behavioural observation and game technology to support critical infrastructure security

Critical infrastructures provide essential services to our everyday lives. Even a minor failure on any of these systems could result in severe consequences. Therefore, their protection, to ensure correct functioning at all times, is crucial. The fact that these systems do not exist in isolation but rather are closely interconnected with other critical and non-critical systems leads us to take a system-of-systems approach to their security, taking into account the context they exist in and relationships with other systems. In this paper, a combination of behavioural observation and game technology to enhance critical infrastructure security is presented. A simulation is used to construct critical infrastructure data, and threats to the simulation are identified by modelling system behaviour and identifying changes in patterns of activity. Once threats are identified, our Critical Infrastructure Security Manager (CISM) displays these alerts, together with output from other security devices, to the user using a game-based interface, and requires some feedback to act upon them. The use of a game-based visualisation allows a better understanding of the system and its current state and, as a result, it enables better informed security decisions.