Improving Detection Capabilities in OT Environments Through Multisource Data Sensors


  • Jussi Simola University of Jyväskylä
  • Arttu Takala University of Jyväskylä
  • Riku Lehkonen University of Jyväskylä
  • Tapio Frantti University of Jyväskylä
  • Reijo Savola University of Jyväskylä



operational technology, testbed, security operations center, threat detection, situational awareness


This research focuses on implementing cyber threat detection in OT environments by combining data from IT and OT sensors and logs to enhance SOC's situational awareness. OT environment is challenging to monitor and includes various sensors. We deal with the key concepts and differences of the industrial operating environment, which create challenges compared to the traditional IT environment. This is important because the policies defined at the European level for the NIS2 regulation will affect all member countries. Hostile actors cause security challenges highlighting the importance of critical infrastructure protection. Cyber security solutions have often solely focused on IT threats, but similar investments have yet to be made in response to the challenges of the OT environment. The security solutions of OT operators rely heavily on solutions from the IT side. Here, we delve into whether it is possible to find threats in the IT/OT ecosystem by combining data from the IT and OT sides. All threats are not found by monitoring data separately from IT or OT sources but we identified hidden threats by monitoring and comparing IT and OT data. This paper shows the importance of detecting OT threats. The study proposes how the detection of cyber threat capabilities should be developed.

Author Biographies

Jussi Simola, University of Jyväskylä

Jussi Simola is a postdoctoral researcher at the University of Jyväskylä, and his current research focuses on developing the cybersecurity governance model of operational technology for industry stakeholders. He has worked as a cybersecurity specialist at Laurea University of Applied Sciences and participated in developing a joint early warning system for the EU member countries.

Arttu Takala, University of Jyväskylä

Arttu Takala is a D.Sc. student who holds the degree MSc. from the Faculty of Information Technology, University of Jyväskylä, as well as a BSc. in Information Technology, Jyväskylä University of Applied Science. He is a certified IT teacher, competent to teach at all levels of education. At the University of Jyväskylä, Arttu has worked as a cybersecurity teacher/researcher since 2017 and is currently working as a project researcher. Previously, Arttu worked in software development, among other firms, Nokia and Tieto. His research interest is in technical cyber security.

Riku Lehkonen, University of Jyväskylä

Riku Lehkonen is currently serving as a Research Assistant at the University of Finland, working on the CSG project. He holds a Bachelor’s Degree in Information Technology and is in the process of completing his Master's Degree in Information Technology. He has a special interest and experience in internal network security-oriented detection, focusing on detecting backdoor and covert channel communication.

Tapio Frantti, University of Jyväskylä

Tapio Frantti holds degrees of MSc, LicTech and Dr. Tech. from the Department of Automation and Information Technology, University of Oulu. He is also an Adjunct Professor in the University of Oulu. Currently, he works as a cybersecurity professor at the University of Jyväskylä. He also works in FRE company doing security, communication and control engineering consultation. He has been on the field about 30 years and he has published +100 scientific and technical papers in journals, magazines, books and international conferences. He has also authored several patents.

Reijo Savola, University of Jyväskylä

Mr. Reijo Savola is currently working as a Project Manager in cybersecurity at the University of Jyväskylä, Faculty of Information Technology, Finland. He has experience in cyber security systems engineering, risk analysis and risk-driven methods, software engineering, telecommunications, and digital signal processing. Earlier, he worked as Principal Scientist, cybersecurity at VTT Technical Research Centre of Finland. He received the degree of M.Sc. in Electrical Engineering from the University of Oulu, Finland, in 1992 and the degree of Licentiate of Technology in Computer Science from the Tampere University of Technology, Finland, in 1995. In addition to research experience, he has seven years of industrial experience in the telecommunications sector, having worked as a software engineering and digital signal processing projects for Elektrobit Group Plc. in Oulu, Finland and in Redmond, WA, United States. Mr. Savola acts as the Chairman of the Finnish Mirror Group for ISO/IEC JTC1/SC27 standardization (Information security, cybersecurity and privacy protection) and CEO of the Northern European Cybersecurity Cluster (NECC).