Upcoming PICS Seminars 2021
Date: 16 June 2021, 11:00-12:00 (Note the day and time!) Where: Zoom
Title: Creating a Framework for Security in Radio-Based ICT Systems
Speaker: Research proposal/planning seminar of Marcus Dansarie (Marcus is a joint PhD-student between HiS and FHS.)
Discussion Leader: Professor Yacine Atif
Abstract: Past research concerning the security of ICT systems has
primarily considered physical networks. However, there exists a large
class of ICT systems that are primarily radio-based. Since they use
radio waves for communication, all radio-based ICT systems share a
common physical layer that is accessible to anyone within range. This
brings with it many security challenges in addition to those present
in all ICT systems. Furthermore, many specialized radio-based ICT
systems were originally designed and built before the emergence of
modern cybersecurity and have come to evolve from simple radio systems
into full-fledged digital communications networks. Historically, the
need for specialized radio equipment has set a relatively high bar for
entry into studying the security of these systems. The bar has become
significantly lower as software defined radio (SDR) technology has
developed in the past decade. Researchers have found vulnerabilities
in radio-based ICT systems used in, among others, the civil aviation,
shipping, rail transport, public security, and military sectors.
Despite vulnerabilities in a broad range of radio-based ICT systems,
there appears to be no research into common causes of the deficiencies
or why the organizations that use them seem to do very little to
improve security. The aim of the proposed project is to improve the
understanding of security in radio-based systems. Ultimately, the goal
is to develop a framework that can aid in helping organizations
improve the security of their radio-based ICT systems.
Past PICS Seminars 2021
Date: 25 February 2021, 13:00-14:00 Where: Zoom
Title: CHANGING USERS CYBER SECURITY BEHAVIOUR: The development of a method for end-user cybersecurity training
Speaker: Research proposal/planning seminar of Joakim Kävrestad. Discussion Leader: Joeri van Laere
Abstract: The world is becoming ever more digitalised, and we now rely on digital services in our work, as well as in your private lives. As a consequence, the need for cybersecurity is also increasing and is now a necessity for organizations and individuals alike. Insecure user behaviour is one of the major reasons for cybersecurity incidents and the need for assisting users towards security behaviour imperative. The most common suggestion for how to assist users to behave more securely is through training. There are, however, several different approaches for cybersecurity training available, and they have been available for quite some time suggesting that current practices does not work. This research proposal suggests continued research into the domain of cybersecurity training. The aim of the proposed project is to use a design science approach to develop and evaluate a method for cybersecurity training, it will thereby contribute to improving cybersecurity behaviour of end-users.
Date: 25 March 2021, 13:00-14:00 Where: Zoom
Title: Using external IT services from the aspects of technology, suitability, legality, and total defense
Speaker: Daniel Melin, a Cloud and Datacenter strategist at the Swedish Tax Agency (Skatteverket)
Brief bio: Daniel Melin works at the Swedish Tax Agency with strategies regarding cloud computing, datacenters and governmental IT. Daniel has previously worked as a procurement officer at Kammarkollegiet and as a IT consultant.
Abstract: Daniel will describe the problem facing authorities wanting to use external IT services from the aspects of technology, suitability, legality, and total defense. SLIDES
Date: 29 April 2021, 13:00-13:45 Where: Zoom
Title: Data – a strategic resource in a smart city
Speaker: Dan Folkesson, CDO Intraservice, City of Gothenburg
Abstract: Dan will talk about why data is the single biggest enabler in a smart city. He will give examples of digital initiatives in the City of Gothenburg and how these help the city to be a smart and sustainable city.
Brief bio: Dan Folkesson is Chief Digital Officer at Intraservice in the City of Gothenburg. His focus is on empowering business development through new smart digital solutions, so the city can be sustainable and open to the world.
Previously he held various leading IT positions in the private sector at Länsförsäkringar, the largest Insurance and Banking company in Sweden. SLIDES
Date: 6 May 2021, 13:00-14:00 Where: Zoom
Title: Cybersecurity in research and innovation
Talk 1: The Swedish innovation node for cybersecurity - purpose and status (Martin Bergling, Node Coordinator)
Talk 2: Cybersecurity at RISE (Shahid Raza, Director, RISE Cybersecurity)
Brief bios: Shahid Raza is the Director of Cybersecurity unit at RISE, where he has been working since 2008. Shahid is also an Associate Professor (Docent) in Uppsala University Sweden. Shahid’s research interests include but are not limited to security and privacy in IoT, secure interconnection of clouds and IoT, and threat intelligence at the edge of IoT.
Martin Bergling is currently leading the work of building a Swedish innovation node specializing in cyber security. Martin has worked with IT and information security in various roles and industries since 1988. A special interest is quantitative risk analysis.
Abstract: The Swedish innovation node for cybersecurity
The innovation node is a result of the Swedish government's planning in 2015. It was then observed that the cyber security industry was diversified and that there was a need for collaboration platforms between different parties in Sweden, both in business and in the public sector.
Today, the node has 70 members and new members are added every week. A website has been established - cybernode.se - where detailed information about the node's activities is provided on the member pages. One of these is the "security profiling" with the help of which a competence database will be built up.
Four working groups are established: “Security needs”, Security in IoT, Risk Analysis Methods, and Security in 5G. A node organization with a steering group and reference group is working, and during 2021-22 more working groups are planned, e.g. in AI, SCADA, security arcitecture and privacy. Other issues concern the industry's lack of competence, a Nordic security network and work to influence policy and regulations in the area. SLIDES
Abstract: Cybersecurity at RISE
RISE Research Institute of Sweden is a Swedish Government research institute established as a merger of Swedish ICT (SICS, Acreo, Interactive Institute, Viktoria), Innventia, SP, and part of Swerea. RISE has around 3000 employees and it controls or is a part of ~60% of Swedish test and demo facilities. RISE Cybersecurity is among the largest cybersecurity research groups in Sweden consisting of 21 technical cybersecurity experts. This talk will cover our cybersecurity research and development activities. It will highlight new national and EU cybersecurity initiatives including RISE Cyber Range, a state-of-the-art cybersecurity test and demo arena in Kista.
Date: Wednesday, 26 May 2021, 13:00-14:00 Where: Zoom
Title: Regional Security: Reality, Challenges and Requirements (presented in Swedish)
Speaker: Robert Sörqvist - Security Operations Center (SOC), Västra Götalands Regionen
Abstract: Presentation VGR-VGR IT- Säkerhet SOC. SLIDES
Past PICS Seminars 2020
Date: 18 February 2020, 11.00-12.00 Place: University of Skövde Room: Portalen, Utsikten
Title: The concept of privacy related to personal information
Speaker: Oskar MacGregor, Senior Lecturer of Cognitive Neuroscience, School of Bioscience, University of Skövde
Abstract: Although the historical development of the concept of privacy has never been altogether straightforward, conceptual work within information technology has sought to sidestep some of these issues by limiting their application of privacy to the domain of personal information. In this seminar, I briefly explain why such a limitation does not resolve the majority of the conceptual issues, as even though the move does suffice to establish the type of information privacy is thought to be about, it does nothing to indicate either how to demarcate relevant from irrelevant personal information, nor does it establish specifically when privacy does or does not hold in relation to such personal information. Any feasible definition of privacy will need to take these constraints into account, in order to be deployable in applied contexts.
Past PICS Seminars 2019
Date: 17 January 2019, 11.00-12:00 Place: Högskolan i Skövde Room: Portalen (P401)
Title: When we talk about privacy, what are we really talking about?
Speaker: PhD Oskar MacGregor, School of Bioscience, Högskolan Skövde
Abstract: Recent developments in areas such as data analysis, in combination with the staggering ubiquity of different forms of smart technology, have engendered renewed interest in individual privacy, in particular its ethical and legal dimensions. The concept of privacy itself is , however, deeply contested, in both philosophical (conceptual) and legal (applied) domains. This is partly due to the contingent specifics of its historical development, and partly due to the concept's emotional force. In this talk, I give an overview of these issues, in order to begin sketching an answer to the question: "When we talk about privacy, what are we really talking about?"
Date: 13 March 2019, 14.15-16.00 Place: Högskolan i Skövde Room: Portalen, Utsikten (P501)
Title: Dynamic Vulnerability Analysis in Cyberphysical Systems
Speaker: Yuning Jiang, PhD student
Abstract: The growth and the complexity scale of Cyber-Physical Systems (CPSs) are ever-evolving due to the fast expansion of networked applications in smart-x systems, which are overseeing critical infrastructures such as the smart-grid. These smart networked systems use a network of embedded sensors, platforms and actuators to perceive and affect a physical process that typically requires guaranteed quality-of-service performances provided by safety-critical applications. The confluence of sensors, platforms and networks is also nourishing the expansion of the emerging Internet of Things (IoT) area. However, these developments lead to increased surfaces that are vulnerable to cyberattacks.Since the capability of attackers and the trust in networked-components are subject to substantial variability, a dynamic-vulnerability assessment is advocated in this study, in contrast to traditional static-approaches.
Recent advances in data analytics prompt dynamic data-driven vulnerability assessments, whereby data contained and produced by CPS cyber-components include hidden traces of vulnerability fingerprints. However, the imprecise nature of vulnerability assessment and the huge volume of scanned data call for computational intelligence techniques to analyse such data. We first investigate computational models to capture semantic properties related to vulnerability concepts revolving around CPS components. This study reveals salient metrics and related measurements used to quantify CPS component vulnerabilities. We show the potential of applying fuzzy-logic techniques to diagnose vulnerability, and infer objective vulnerability scores. Then, we examine computational methods to extract meaning from text by mining online public-repositories of published vulnerabilities and discovering potential vulnerability-matches in a given CPS infrastructure. Graph-mining techniques are also explored to identify critical-assets of CPS infrastructure to weigh vulnerabilities, considering topological structures and functional features.
In this proposal, we explore the state of the art and highlight the drawbacks of current research approaches in CPS vulnerability assessment area, based on which, we build our research questions with the purpose to piece together solution elements for the stated problem. In doing so, computational intelligence techniques such as fuzzy-logic and machine-learning, are investigated in order (a) to reduce existing security management gaps induced by ad-hoc and subjective vulnerability auditing processes, (b) to narrow further the risk window induced by discoverable vulnerabilities, and (c) to increase the level of automation in vulnerability analysis, at various levels of the CPS architecture.
Date: 12 April 2019, 11.00-12.00 Place: Högskolan i Skövde Room: Portalen, Insikten
Title: The New Swedish Security law - a modern protection for us in a global world that is connected?
Speaker: Carl-Magnus Brandt, CISM, Actea
Abstract: The threat landscape and stability in our region has changed dramatically, what happens when the threat actors move from physical borders into the digital domain?
What has changed from the previous security law and why is this a new era? How can we face this new challenge?
Why is it important for you as a student in information security to be aware of this shift in power?
Date: 9 May 2019, 11.00-12.00 Place: Högskolan i Skövde Room: Portalen, Insikten
Title: Resilience to Cyber Attacks
Speaker: Sten F Andler, University of Skövde
Abstract: We present definitions and aspects of resilience as it relates to cyber attacks and other incidents in critical infrastructures that support vital societal services. The discussion is mainly based on a CIRI webinar on "Cyber Risk Scoring and Mitigation for Resilient Cyber Infrastructure", which was also presented at the 2019 CIRI Symposium on Resilience of Critical Infrastructures. From the same symposium we will also discuss measure business/economic resilience to disasters. We end by exploring resilience as a countermeasure to attacks exemplified by applications in mobile computing, in warfare, and in wireless networking.
Date: 5 December 2019, 13.00-14.00 Place: Högskolan i Skövde Room: Portalen, Utsikten
Title: The roles in the world of cyber criminals
Speaker: Fredrik Johansson, Check Point
Abstract: In this seminar, Fredrik will present how criminal organizations have built up their cybercrime operations with several suppliers. As part of their work, Check Point has mapped a number of criminal organizations and presents the results of this presentation.
Past PICS Seminars 2018
Date: 18 January 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P101)
Title: Applied Mathematics Seminar, Coding theory theme, Part 3: Self-dual codes
Speaker: Yohannes Tadesse, Högskolan i Skövde
Abstract: This is a continuation of the seminar series on code theory and this time we consider self-dual codes. The focus will mainly be construction/classification of self-dual codes and their relations with algebraic objects like groups and invariant rings. Concrete examples of the Hamming codes and the Golay codes, and some applications will be presented.
Date: 19 January 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Threat Modeling and Resilience of Critical Infrastructures
Speakers: Yasine Atif, Manfred Jeusfeld, Jianguo Ding, Högskolan i Skövde
Abstract: The smart grid is the current trend to upgrade the ageing energy infrastructure leading to a further distribution of the energy market. However, alongside the expected enhancement in efficiency and reliability, the induced cyber-connectivity prompted by Supervisory Control And Data Acquisition (SCADA) systems that monitor critical infrastructures, expose the grid’s cyberphysical systems to potential cyberattacks. The inherent third-party devices in those cyberphysical systems have a significant dependency on digital communications, which raise concerns over a growing risk from cyberattacks. Conventional security approaches are limited by the scale of the grid and the velocity of data reporting dynamic energy flows. ELVIRA is a project supported by the European Fund on Internal Security (ISF) at University of Skövde, which aims at modelling the grid-infrastructure networks and developing a corresponding testbed facility for testing critical infrastructures’ resilience to cyberthreats. Situation-awareness, vulnerability assessments, and cascading-effects analysis due to cyber-threats are some of the core work-packages in ELVIRA project. In this seminar, we show a conceptual modelling approach to power-grid infrastructures, then discuss cyberthreat modelling for power-grid resilience, and finally reveal a cyberthreat-intelligence based design of the proposed testbed facility that use distributed agents for real-time simulation of cyberphysical-systems security.
Date: 1 February 2018, 10:15-11:45 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Vulnerabilities and Countermeasures in Smart Grids
Speaker: Sten F Andler, Högskolan i Skövde
Abstract: We present two KTH papers on 1) a study of software vulnerabilities and weaknesses of cyber components in smart grids, and 2) an analysis of the effectiveness of attack countermeasures in such a system. The focus of both papers is on embedded devices in power substations and generation plants, typically controlled by a SCADA system (for Supervisory Control And Data Acquisition). The vulnerabilities study is on actual systems with intelligent components from major manufacturers. The study uses publicly available data on the types of systems and identified vulnerabilities and weaknesses from publicly available databases and the manufacturer’s websites. The study summarizes the types and severity of common vulnerabilities and shows that they mostly result from a small number of fairly simple weaknesses. It is also apparent that not all manufacturers are keen on disclosing their vulnerabilities and weaknesses. The analysis of countermeasures, on the other hand, constructs abstract models of typical electric power systems, based on publicly available information as well as expert elicitation and certain assumptions. The models are used to evaluate the overall cyber security posture and the effectiveness of protection strategies, using attack graph evaluation (securiCAD). In summary, the most effective measures are network securement (including passwords) and network segmentation (firewalls). Frequent patching is prohibitively expensive and running intrusion detection systems is not usually possible on the heterogeneous hardware. Our own approach in Elvira proposes to perform such intrusion analysis on a common operational picture, separate from the operational system, obtained by extracting data from the operational system itself.
Date: 7 February 2018, 10:15-11:30 Place: Högskolan i Skövde Room: Portalen (P101)
Title: Applied Mathematics Seminar, Coding theory theme, Part 4: Post-quantum cryptography with error-correcting codes
Speaker: Stefan Karlsson and Klara Stokes, Högskolan i Skövde
Abstract: In 1994 Shor showed that the integer factorization problem can be solved in polynomial time on a quantum computer. As a consequence, cryptographic public-key protocols relying on the integer factorization or the discrete logarithm problems, like the popular RSA and elliptic curve cryptography, are unsecure against attacks using quantum computers. Post-quantum cryptography is the research area studying cryptographic protocols that remain secure against such attacks. Code-based cryptography has arisen as a strong candidate for post-quantum cryptography. In this talk we explain how code-based cryptography works, we give a short historical background and a short current state-of-the art.
Date: 1 March 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Information Security Management - what is it and why do we need it?
Speaker: Rose-Mharie Åhlfeldt, Högskolan i Skövde
Abstract: Information is an important tool in any organization. The consequence of losing critical information can be devastating to both organizations and individuals. The organization's information security requirements are based on internal business requirements, but also external requirements from stakeholders, legal and contractual requirements as well as industry requirements. In order to protect information in a proper way, organizations need to work systematically with information security. Information Security Management (ISM) is a systematic process of effectively coping with information security threats and risks in organizations. One way to work systematically with information security is therefore to implement an Information Security Management System (ISMS).
Date: 19 April 2018, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P407)
Title: Cyber Deterrence
Speaker: Gazmend Huskaj.
Abstract: Cyber deterrence is a strategy employed to deter attackers from conducting cyber-attacks in the first place. However, several issues exist when implementing cyber deterrence. The findings show (1) non-existence of the deterrence strategy (2) no doctrine or decision competence to retaliate to an adversary, (3) the armed forces have no authority to retaliate when Swedish sovereignty in Cyberspace is threatened, (4) no norms or regulations exist concerning retaliation, (5) no clear governance on using offensive cyber capabilities, and finally, (6) no credibility in its cyber deterrence posture regarding how much Sweden is willing to sacrifice to protect its electoral system, which is a Swedish national interest. Therefore, this research investigates how cyber deterrence can practically be implemented in Swedish cyber security policy.
Date: 6 December 2018, 10:30-12:00 Place: Högskolan i Skövde Room: G207
Title: A Socio-Technical Modeling Approach to Secure Digital Transformation
Speaker: Prof Stewart Kowalski, NTNU, Norway
Abstract: We use a number of different types of models every day in their day-to-day work to protect their organization's information assets. For compliance work we often us a check-list model i.e. a table with a list of requirements with checks and evidence indicating if they are fully compliant, partially compliant, or even non complaint to the requirements. For capital expenditures on new security equipment we use the return on security investment model which is expressed as ROSI= (ALE * mitigation ratio Cost Security Solution/Cost of Security Solution). These models are suitable for solving a number of security problems.
However, these models can be problematic when formulating a secure digital transformation strategy that needs to be reviewed and communicated not only internally in an organization but also with digital partners and customers. To help support with the formulation and communication of a secure digital transformation strategy, Professor Stewart Kowalski presented a socio-technical modeling approach. The presentation covered three areas: history, theory and practice of socio-technical modeling.
Past PICS Seminars 2017
Date: 24 February 2017Place: Högskolan i Skövde Room: G110
Title: Data privacy: an introduction
Speaker: Vicenç Torra and Klara Stokes, Högskolan i Skövde
Abstract: The Swedish government wants Sweden to be best in the world to take advantage of the possibilities of digitalization. Digitalization implies many advantages, but there are also problems. One important problem is the privacy of the citizen, the individual and the user of the system. Industry 4.0, pervasive computing, IoT, and big data, in general, all share the privacy concern. The consciousness of this problem has grown as the data driven services have become more and more important in our society. Recently, new laws and regulations were adopted, which implies great responsibilities for anyone who treat personal data, in business or in research. Data privacy studies and develops methods and tools for avoiding the disclosure of sensitive information about individuals from data. There are three communities working on technical solutions for data privacy. They are the Privacy preserving data mining (PPDM), the privacy enhancing technologies (PETs) and the statistical disclosure control (SDC) community. This talk will have two parts, one elementary introduction and a continuation. In the first part we introduce the area of data privacy and its applications. In the second part we will describe some of the privacy problems, and make a classification of tools for data privacy. Then, we will focus on database privacy, outlining the type of research problems we consider. In particular, we will mention privacy models and disclosure risk assessment methods, information loss measures, and data protection methods (also known as masking methods).
Date: 20 November 2017, 13:15-14:30 Place: Högskolan i Skövde Room: Portalen (Vänern/Vättern)
Title: Applied Mathematics Seminar, Error-correcting codes and applications
Speaker: Stefan Karlsson and Klara Stokes, Högskolan i Skövde
Abstract: In the transmission of information, errors occur. By coding the information before transmission using an error-correcting code, it is possible to correct such errors and to recover the sent information. Error-correcting codes are used in various applications like data storage, data transmission, data compression, and cryptography. This seminar is divided in two parts. The first part is an elementary introduction to linear error-correcting codes, with many simple examples. In the second part we will see examples of how error-correcting codes are used in some applications. SLIDES (PART 2)
Date: 15 December 2017, 11:00-12:00 Place: Högskolan i Skövde Room: Portalen (P101)
Title: Applied Mathematics Seminar, Coding theory theme, Part 2: Different types of codes
Speaker: Yohannes Tadesse, Högskolan i Skövde
Abstract: This is part of the Applied Mathematics Seminar series which deals with Coding theory. The speakers in the previous seminar talked about linear codes and some applications. As a continuation, in this seminar I will talk about some aspects of cyclic codes and Goppa codes and, if time allows, algebraic geometry codes. The talk is aimed at anyone with/out any background in the subject. So everyone is welcome!
Date: 11 December 2017, 09:00-10:00 Place: Högskolan i Skövde Room: Portalen (P502)
Title: Recent developments on integral privacy
Speaker: Navoda Senavirathne, Högskolan i Skövde
Abstract: Data privacy studies methods and tools to avoid the disclosure of sensitive information. Quite a few data privacy models have been introduced in the literature. They define when a data set can be considered protected and/or offer degrees of privacy. The definition of privacy models is a first step towards the definition of data protection mechanisms that are compliant with these models. Examples of privacy models include re-identification, k-anonymity, and differential privacy. Nowadays there exists a plethora of data protection methods for each of these models. Different data protection methods compete on the type of data to be considered (e.g., databases, streaming data), the quality of the protected data (e.g., low information loss), the level of privacy achieved. In a recent paper, we introduced the concept of integral privacy, which is based on the databases that are updated frequently. The definition of integral privacy is based on the idea that models inferred from a dataset should not allow disclosure on the training data or on how data has been updated (records deleted, records modified, etc.). In this talk, we will present the privacy model and our last results in this area.