User-Centered Design to Enhance IoT Cybersecurity Awareness of Non-Experts in Smart Buildings

Smart buildings, building automation and operational management have increasingly begun to incorporate Internet of Things (IoT) technology. Therefore, they have become susceptible to common cyber attacks targetting IoT devices. However, there is still a lack of an effective way of monitoring the cybersecurity situation of smart devices, IoT sensors and networks. During the operational lifecycle it may also not be easy for non-experts to discern cybersecurity issues from malfunctioning or physical safety. Therefore, we propose visualization prototypes that provide both safety and cybersecurity status of IoT devices for non-expert users in smart buildings. By utilising a user-centered design method, the visualization dashboards are developed based on requirements of two user roles - House managers and Residents. The user test results have shown the capabilities and effectiveness of leveraging dashboards to increase cybersecurity awareness in smart buildings.Peer reviewe

Robust estimation of bacterial cell count from optical density

Optical density (OD) is widely used to estimate the density of cells in liquid culture, but cannot be compared between instruments without a standardized calibration protocol and is challenging to relate to actual cell count. We address this with an interlaboratory study comparing three simple, low-cost, and highly accessible OD calibration protocols across 244 laboratories, applied to eight strains of constitutive GFP-expressing E. coli. Based on our results, we recommend calibrating OD to estimated cell count using serial dilution of silica microspheres, which produces highly precise calibration (95.5% of residuals <1.2-fold), is easily assessed for quality control, also assesses instrument effective linear range, and can be combined with fluorescence calibration to obtain units of Molecules of Equivalent Fluorescein (MEFL) per cell, allowing direct comparison and data fusion with flow cytometry measurements: in our study, fluorescence per cell measurements showed only a 1.07-fold mean difference between plate reader and flow cytometry data

Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations

Remote pilotage constitutes a novel type of service aiming at reduction of operational costs and safety improvement. However, the increased inter-connectivity of remote pilotage renders it vulnerable to cyberattacks. In this paper, we investigate a novel approach to cybersecurity risk analysis, which integrates System-Theoretic Process Analysis method, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) method, SysML, MITRE ATT&CK, and ranking method. To integrate the methods, we apply a series of relevant adjustments and amendments. As a result, we are able to investigate multiple facets of cyber risk, identify the most critical issues and propose relevant risk control measures. For the remote pilotage, the most important STRIDE attacks involve Spoofing, Tampering, and Denial of Service attacks, whilst the most critical MITRE ATT&CK attack techniques are the use of default credentials, the exploitation of public-facing applications, and replicationthrough removable media, if general hacker profile is considered for the attack