When faced with an enormous amount of data, in our case, Cyber Security related data, it is easy to miss the real points.

Current available systems are very good at pinpointing single or even common occurrences of for instance intrusion attempts, DDOS-attacks etc., but usually fail to give the overview to those in need, in other words they do not provide a Cyber Security situational awareness, but only a fragmented, difficult to disseminate, picture for the system administrators, and rarely a good overview neither for the user nor for later management reporting.

Our task is to select the data to be shown, collections of what has importance, the specific data or data sets to have emphasis, and to represent it in a way, so that it will convey the situational awareness immediately.

Given a lot of data, one thing is to show as much relevant data as possible, which is a great task by itself, but at the same time with a stern focus to bring the most important parts of that dataset to the attention of the user, typically a system administrator. For instance: a long list of intrusion attempts, pinpointing a single attack that should be followed up. In this context, visuals can help, if done properly.

When designing a system where data is to be understood fast, the visuals should more or less jump into the eyes of the reader and speak directly to the alarm system of the person itself. This is often done by emphasis on the colour red, but could also be enhanced by using metaphors from our spoken language.

The importance of using different metaphors has been an evolving subject, at least since Lakoff and Johnson published their Metaphors we live by in 1980, and the correct usage should not be underestimated in the propagation of any kind of situational awareness.

In written language regarding Cyber Security, we often use terms from warlike scenarios: attacks, defence, intrusion attempts, spyware, to name a few. When visualising this, it has traditionally not been shown visually as anything but yellow, perhaps red buttons or spots, which may not bring the alert to mind, as a better crafted visual metaphor. When developing the visual interfaces for the CS-Aware project, it should be on our mind.

For our purposes, we hence need to make new ways of visualising the cybersecurity issues in order to create the Situational Awareness, while considering investigating and using metaphors for situations of danger and situations of calm in our visuals.

Kim Gammelgaard