Name: Trond Vatten (Ph.D)

Email: trond.vatten@ntnu.no

Task 3.18 5G and beyond as an element of critical services

Overview of work:
Our digitized, modern society relies on data communication in almost every aspect of daily life. Even critical infrastructures such as hospitals, emergency services, energy systems, and financial institutions depend on communication networks. Network failures happen frequently and often disrupt communication between critical sectors such as hospitals and first responders, which can lead to severe consequences. How can we ensure that these networks function seamlessly under all circumstances? The new network era not only increases speed and capacity but also introduces highly dynamic and flexible networks powered by virtualization and softwarization. Softwarization allows tailoring networks to the specific needs of individual sectors. For instance, stakeholders can have their own optimized and specialized network rather than sharing the same capacity with all other users. However, this added flexibility also brings complexity and new vulnerabilities, requiring innovative solutions to ensure continuous operation. My research tackles these challenges from two angles: 1. Assess the threats introduced by softwarized flexible networks. 2. Leverage this softwarization to create resilient network solutions. On the one hand, we want to harness the positive potential of softwarization. On the other hand, we must be mindful of the added threat surface it introduces. In more detail, I utilize virtual network functions (VNFs) to optimize resource efficiency (reducing costs for operators) while still meeting the stakeholders’ demands and maintaining availability and performance, even during outages. We have already started a fruitful discussion on the topics with NC-Spectrum. If you are interested in something similar or have suggestions or questions about the work, I would be happy to connect!

Name: Camille Sivelle (Ph.D)

Email: camille.sivelle@ntnu.no

Task 3.13, Secure, human-centered XR experiences in critical sectors

Overview of work:
Extended Reality (XR) is increasingly used in Norwegian critical sectors. Virtual Reality (VR) can provide safer and cheaper training opportunities before performing critical operations in various sectors (healthcare, energy production, emergency response…). Augmented reality (AR) is also adopted, for example through hologram-like technology to help visualize data in 3-D (for industrial installations like pipelines or for anatomical data).
While XR has the potential to make critical sectors safer and more efficient, it also raises novel cybersecurity and privacy risks: just to function, XR devices rely on sensors collecting large amounts of data about the user, their movement, and their surroundings. Researchers have shown that by analyzing just a few minutes of movement data from a VR headset and the associated hand controllers, they were able to accurately identify its user. Moreover, many of the XR devices used in critical sectors are provided by companies with a history of data breaches. The security mechanisms we use on our phones and computers are not always as usable and secure in XR. For example, passwords typed on a virtual keyboard in VR can easily be inferred through side-channel attacks or from observing the user’s movement. Moreover, new types of attacks exploiting the immersive nature of XR put the user’s physical safety at risk.
How can we mitigate these risks while maintaining a high level of immersivity? After analyzing the different use cases for XR in the Norwegian critical sectors and the associated security and privacy requirements, we will study new ways to make these XR experiences more secure. We will also empirically evaluate their efficiency and their impact on the overall user experience.

Name: Ming-Chang Lee (Researcher)

Email: ming-chang.lee@ntnu

Task 3.19 Sustainable collective time series anomaly detection for critical cyber-physical systems

Overview of work:
A real-time collective anomaly detection approach in critical Cyber-Physical Systems (CPSs) has become more important than ever since this approach can promptly detect anomalies (including unexpected events, system malfunction, and malicious attacks) within collective time series and allow CPS personnel to take necessary countermeasures for minimizing the potential damage. Collective anomaly detection refers to the process of identifying anomalous data points across a group or collection of time series, rather than examining each time series in isolation. Such a detection system should consider the global context of all time series. However, the challenges include how to capture the dynamic correlation between different time series over time to facilitate effective anomaly detection, and how to ensure sustainable anomaly detection without consuming extensive computing resources or require human intervention. In this project, we would like to address the above challenges by proposing a real-time sustainable collective anomaly detection system for critical CPSs based on a divide-and-conquer strategy, parallel processing, and the majority rule.

Name: Vahiny Gnanasekaran (Ph.D)

Email: vahiny.gnanasekaran@ntnu.no

Ikke-teknisk aspekter (menneskelige og organisatoriske) i industrielle kontrollsystemer innen cybersikkerhet

Overview of work:
Cyberattacks have caused multiple security incidents within the industrial sector in recent years. However, in recent years, Operational Technology (OT) systems have benefited from digitization, but this increases the likelihood of security incidents disrupting the operation or production of industrial facilities. In other words, a cyber-attack might cause physical harm or damage. Such severe security incidents demand cooperation between cybersecurity and safety employees to secure production safety during incident response.

The PhD work investigates the interactions between different emergency and incident response roles in security-safety incident response. It further addresses particular roles, such as Security Operations Centre monitoring IT and OT systems, Computer Security Incident Response Teams, and emergency teams, using the Norwegian oil and gas industry as an empirical foundation. The work is part of the project Cybersecurity Barrier Management funded by the Norwegian Research Council, collaborating closely with the Norwegian oil and gas industry and SINTEF. Vahiny also has a 25% position at SINTEF Digital besides her PhD research, working on related research projects.

Name: Kristian Kannelønning (Industrial Ph.D)

Email: Kristian.kannelonning@ntnu.no 

Improving Cybersecurity for Industry

Overview of work:

The research focuses on improving cybersecurity for the industry, also known as Operational Technology, OT. The objective of the PhD is to provide results that could benefit academia but also be of practical use for OT professionals and practitioners. The work thus far has included discovering how cybersecurity behavior is assessed, with the most prominent finding being that subjective measurements are often used in research. This measurement method has some weaknesses regarding biased responses, and it is essential to include some objective measurements when assessing human behavior in a cybersecurity context. This finding was tested in a survey of 113 respondents who were all affiliated with the Norwegian industry. The results are favorable compared to similar studies, showing that personnel employed in the Norwegian Industry act according to their self-assessments. The good results are attributed to the high level of training received by the participants within their respective organizations. However, for organizations to become more cybersecure, more tangible results should be provided to practitioners. Therefore, a quantitative study measuring the use of cybersecurity controls and mitigating actions used by organizations to avoid cyber threats has been conducted. The results show that the Norwegian Industry should increase specific cybersecurity training for OT employees. What to improve and focus on is challenging, especially since OT cybersecurity is still in its infancy for many organizations. Using international cybersecurity standards could be a source of knowledge for organizations. The research does, however, show that international standards are not used to an extensive degree within the Norwegian Industry. The voluminous size and lack of practical advice have been identified as barriers to usage. Through qualitative research, findings show that areas for improvement for OT organizations are the setup of how cybersecurity is governed. Cybersecurity should include both IT and OT personnel, a change that should lead to improved communications internally. With gains in internal communications employees should have an improved understanding of why selected security controls is implemented and rules enforced, something that should reduce the number of workarounds present in today’s OT cybersecurity landscape.