Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis

Solange Beliën; Tamar Noort; Jochem Tenders; Maarten Vooijs; Wissal Mestour; Jan Treur; Peter H.M.P. Roelofsma

doi:10.1007/978-3-032-11521-8_4

Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis

Solange Beliën, Tamar Noort, Jochem Tenders, Maarten Vooijs, Wissal Mestour, Jan Treur^*, Peter H.M.P. Roelofsma

^*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

As industrial control systems become increasingly digitized, zero-day vulnerabilities in Human-Machine Interfaces (HMIs) pose critical threats to critical infrastructure, potentially enabling nation-state actors to cause physical damage while evading detection. This research analyses a significant gap in cyber risk management by developing a comprehensive modelling framework to understand how sophisticated cyber-physical attacks progress from initial compromise to catastrophic system failure. Using the Stuxnet worm as a foundational case study, this paper investigates how zero-day vulnerabilities in HMIs can be exploited to carry out advanced cyber-physical attacks. An adaptive network model is employed to simulate the progression of such an attack, from initial HMI compromise to physical system sabotage, while remaining undetected by operators. Crucial causal dependencies were identified, with their influence strengths and adaptive activation thresholds among the components modeled. A What-If analysis assesses how changes in system parameters affect the timing and likelihood of critical damage, incorporating probabilistic risk evaluation based on ISO 27005 standards. The findings provide actionable insights for cyber risk management professionals, enabling more effective threat assessment, improved network segmentation strategies, and enhanced detection capabilities for organizations operating critical infrastructure vulnerable to state-sponsored cyberattacks.

Original language	English
Title of host publication	Intelligent Sustainable Systems - Selected Papers of WorldS4 2025
Editors	Nagar Atulya K., Jat Dharm Singh, Mishra Durgesh Kumar, Amit Joshi
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	32-41
Number of pages	10
ISBN (Print)	9783032115201
DOIs	https://doi.org/10.1007/978-3-032-11521-8_4
Publication status	Published - 2026
Event	9th World Conference on Smart Trends in Systems Security and Sustainability, WorldS4 2025 - London, United Kingdom Duration: 19 Aug 2025 → 21 Aug 2025

Publication series

Name	Lecture Notes in Networks and Systems
Volume	1729 LNNS
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	9th World Conference on Smart Trends in Systems Security and Sustainability, WorldS4 2025
Country/Territory	United Kingdom
City	London
Period	19/08/25 → 21/08/25

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

Keywords

Cyber-Physical Attacks
Day Vulnerabilities
Human
Machine Interfaces (HMIs)
Zero

Access to Document

10.1007/978-3-032-11521-8_4

Persistent URL (handle)

Persistent link

Cite this

Beliën, S., Noort, T., Tenders, J., Vooijs, M., Mestour, W., Treur, J., & Roelofsma, P. H. M. P. (2026). Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis. In N. Atulya K., J. Dharm Singh, M. Durgesh Kumar, & A. Joshi (Eds.), Intelligent Sustainable Systems - Selected Papers of WorldS4 2025 (pp. 32-41). (Lecture Notes in Networks and Systems; Vol. 1729 LNNS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-11521-8_4

Beliën, Solange ; Noort, Tamar ; Tenders, Jochem et al. / Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS) : an Adaptive Dynamical Systems Analysis. Intelligent Sustainable Systems - Selected Papers of WorldS4 2025. editor / Nagar Atulya K. ; Jat Dharm Singh ; Mishra Durgesh Kumar ; Amit Joshi. Springer Science and Business Media Deutschland GmbH, 2026. pp. 32-41 (Lecture Notes in Networks and Systems).

@inproceedings{a37a8345330f49d680c446c80f7b3d97,

title = "Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis",

abstract = "As industrial control systems become increasingly digitized, zero-day vulnerabilities in Human-Machine Interfaces (HMIs) pose critical threats to critical infrastructure, potentially enabling nation-state actors to cause physical damage while evading detection. This research analyses a significant gap in cyber risk management by developing a comprehensive modelling framework to understand how sophisticated cyber-physical attacks progress from initial compromise to catastrophic system failure. Using the Stuxnet worm as a foundational case study, this paper investigates how zero-day vulnerabilities in HMIs can be exploited to carry out advanced cyber-physical attacks. An adaptive network model is employed to simulate the progression of such an attack, from initial HMI compromise to physical system sabotage, while remaining undetected by operators. Crucial causal dependencies were identified, with their influence strengths and adaptive activation thresholds among the components modeled. A What-If analysis assesses how changes in system parameters affect the timing and likelihood of critical damage, incorporating probabilistic risk evaluation based on ISO 27005 standards. The findings provide actionable insights for cyber risk management professionals, enabling more effective threat assessment, improved network segmentation strategies, and enhanced detection capabilities for organizations operating critical infrastructure vulnerable to state-sponsored cyberattacks.",

keywords = "Cyber-Physical Attacks, Day Vulnerabilities, Human, Machine Interfaces (HMIs), Zero",

author = "Solange Beli{\"e}n and Tamar Noort and Jochem Tenders and Maarten Vooijs and Wissal Mestour and Jan Treur and Roelofsma, \{Peter H.M.P.\}",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 9th World Conference on Smart Trends in Systems Security and Sustainability, WorldS4 2025 ; Conference date: 19-08-2025 Through 21-08-2025",

year = "2026",

doi = "10.1007/978-3-032-11521-8\_4",

language = "English",

isbn = "9783032115201",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "32--41",

editor = "\{Atulya K.\}, Nagar and \{Dharm Singh\}, Jat and \{Durgesh Kumar\}, Mishra and Amit Joshi",

booktitle = "Intelligent Sustainable Systems - Selected Papers of WorldS4 2025",

address = "Germany",

}

Beliën, S, Noort, T, Tenders, J, Vooijs, M, Mestour, W, Treur, J & Roelofsma, PHMP 2026, Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis. in N Atulya K., J Dharm Singh, M Durgesh Kumar & A Joshi (eds), Intelligent Sustainable Systems - Selected Papers of WorldS4 2025. Lecture Notes in Networks and Systems, vol. 1729 LNNS, Springer Science and Business Media Deutschland GmbH, pp. 32-41, 9th World Conference on Smart Trends in Systems Security and Sustainability, WorldS4 2025, London, United Kingdom, 19/08/25. https://doi.org/10.1007/978-3-032-11521-8_4

Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis. / Beliën, Solange; Noort, Tamar; Tenders, Jochem et al.
Intelligent Sustainable Systems - Selected Papers of WorldS4 2025. ed. / Nagar Atulya K.; Jat Dharm Singh; Mishra Durgesh Kumar; Amit Joshi. Springer Science and Business Media Deutschland GmbH, 2026. p. 32-41 (Lecture Notes in Networks and Systems; Vol. 1729 LNNS).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS)

T2 - 9th World Conference on Smart Trends in Systems Security and Sustainability, WorldS4 2025

AU - Beliën, Solange

AU - Noort, Tamar

AU - Tenders, Jochem

AU - Vooijs, Maarten

AU - Mestour, Wissal

AU - Treur, Jan

AU - Roelofsma, Peter H.M.P.

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - As industrial control systems become increasingly digitized, zero-day vulnerabilities in Human-Machine Interfaces (HMIs) pose critical threats to critical infrastructure, potentially enabling nation-state actors to cause physical damage while evading detection. This research analyses a significant gap in cyber risk management by developing a comprehensive modelling framework to understand how sophisticated cyber-physical attacks progress from initial compromise to catastrophic system failure. Using the Stuxnet worm as a foundational case study, this paper investigates how zero-day vulnerabilities in HMIs can be exploited to carry out advanced cyber-physical attacks. An adaptive network model is employed to simulate the progression of such an attack, from initial HMI compromise to physical system sabotage, while remaining undetected by operators. Crucial causal dependencies were identified, with their influence strengths and adaptive activation thresholds among the components modeled. A What-If analysis assesses how changes in system parameters affect the timing and likelihood of critical damage, incorporating probabilistic risk evaluation based on ISO 27005 standards. The findings provide actionable insights for cyber risk management professionals, enabling more effective threat assessment, improved network segmentation strategies, and enhanced detection capabilities for organizations operating critical infrastructure vulnerable to state-sponsored cyberattacks.

AB - As industrial control systems become increasingly digitized, zero-day vulnerabilities in Human-Machine Interfaces (HMIs) pose critical threats to critical infrastructure, potentially enabling nation-state actors to cause physical damage while evading detection. This research analyses a significant gap in cyber risk management by developing a comprehensive modelling framework to understand how sophisticated cyber-physical attacks progress from initial compromise to catastrophic system failure. Using the Stuxnet worm as a foundational case study, this paper investigates how zero-day vulnerabilities in HMIs can be exploited to carry out advanced cyber-physical attacks. An adaptive network model is employed to simulate the progression of such an attack, from initial HMI compromise to physical system sabotage, while remaining undetected by operators. Crucial causal dependencies were identified, with their influence strengths and adaptive activation thresholds among the components modeled. A What-If analysis assesses how changes in system parameters affect the timing and likelihood of critical damage, incorporating probabilistic risk evaluation based on ISO 27005 standards. The findings provide actionable insights for cyber risk management professionals, enabling more effective threat assessment, improved network segmentation strategies, and enhanced detection capabilities for organizations operating critical infrastructure vulnerable to state-sponsored cyberattacks.

KW - Cyber-Physical Attacks

KW - Day Vulnerabilities

KW - Human

KW - Machine Interfaces (HMIs)

KW - Zero

UR - https://www.scopus.com/pages/publications/105028156615

UR - https://www.scopus.com/inward/citedby.url?scp=105028156615&partnerID=8YFLogxK

U2 - 10.1007/978-3-032-11521-8_4

DO - 10.1007/978-3-032-11521-8_4

M3 - Conference contribution

AN - SCOPUS:105028156615

SN - 9783032115201

T3 - Lecture Notes in Networks and Systems

SP - 32

EP - 41

BT - Intelligent Sustainable Systems - Selected Papers of WorldS4 2025

A2 - Atulya K., Nagar

A2 - Dharm Singh, Jat

A2 - Durgesh Kumar, Mishra

A2 - Joshi, Amit

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 19 August 2025 through 21 August 2025

ER -

Beliën S, Noort T, Tenders J, Vooijs M, Mestour W, Treur J et al. Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis. In Atulya K. N, Dharm Singh J, Durgesh Kumar M, Joshi A, editors, Intelligent Sustainable Systems - Selected Papers of WorldS4 2025. Springer Science and Business Media Deutschland GmbH. 2026. p. 32-41. (Lecture Notes in Networks and Systems). doi: 10.1007/978-3-032-11521-8_4

Managing Cybersecurity Risks of Human-Machine Interfaces (HMIS): an Adaptive Dynamical Systems Analysis

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this