Phd Course: Securing critical information infrastructures (2016)

Course reponsible

The course is a joint effort between Chalmers, KTH and LiU. Please direct your questions to Magnus Almgren at Chalmers.(magnus.almgren <at>

Course-specific prerequisites

The course contains technical parts, including the exercises and the academic papers on the reading list. We will assume a background in computer science and engineering.


The course gives a research overview to cybersecurity for securing critical infrastructures (CI), here referred to Information and Control Systems (ICS), including the special needs of such environments when compared to more regular enterprise networked Environments.

Learning outcomes

After completing the course the student shall have acquired the following knowledge goals. The student shall:

  • describe the general setup of ICS
  • have an improved understanding of information security as it relates to  securing critical infrastructures and be able to account for the consequences of insecurity in such environments
  • be capable of making a security analysis of an ICS and understand the tradeoff between the properties of the CIA model
  • suggest ways to improve security by common available tools
  • have improved his or her skill in technical writing
  • be able to reason on the ethical and social aspects of computer security


The course is centered around two parts: seminar sessions to discuss academic papers and a two-day exercise to gain hands-on experience in protecting critical infrastructures under attack.

For the seminar part, the students will choose a number of papers from a topic important for cybersecurity research in  securing critical infrastructures, such as any of the following.

  • Creation of data for complex environments
  • Detection of attacks
  • Overview of Supervisory Control And Data Acquisition (SCADA) and ICS systems
  • Risk analysis as applied to ICS
  • Privacy and Confidentiality for CI


The literature list will be presented during the first seminar session.


Choice of three academic papers with a corresponding quiz and presentation. A written report relating the research to the student’s own research and active participation in the peer review process. Participation in the hands-on exercise. The recommended scope of the course is 7.5 credits.

A certificate of passing the course will be provided by the course examiners (Magnus Almgren and Simin Nadjm-Tehrani), and the accounting of credits in your studies is subject to regulation at your own university (normally approval by the advisor).

Every student must attend the hands-on session and 80% of the seminars
(exceptions can be granted, compensated by additional writing assignments)


a) Hands-on Training (SWITS 2016)

The course will start with an exercise together with the RICS research project and FOI in Linköping in connection to SWITS 2016. The exercise will take place in Linköping June 7 from 10.30 to June 8, 2016. During two days, the students will get hands-on experience in running a typical critical infrastructure under attack. More specifically, the exercise is centered on the production of medicine. Orders are placed continuously and the team is scored based on how well they can produce the medicines, even though the systems may be under attack. During the exercise, the students (blue team) will have the option to use either Windows 7 or Kali Linux. The students will use the following tools to protect their system from attacks: network intrusion detection systems, firewalls, wireshark, zenmap, etc.

b) Research seminars (Fall 2016)

The second part of the course consists of a series of seminar sessions centered around specific topics relevant to cybersecurity for critical infrastructures. These seminars will take place during the fall 2016.

  1. Each student must choose a topic relevant for security research in critical infrastructures. Within this topic, the student should suggest three recent papers, where one should be (if possible) an overview of the area or reflecting the state-of-the-art for the corresponding topic for regular environments. The papers should be chosen from reputable venues, such as
  • ACM Conference on Computer and Communications Security (CCS)
  • Security & Privacy Symposium (S&P)
  • USENIX Security Symposium
  • Network and Distributed System Security (NDSS) Symposium, or
  • a domain-specific conference of relevance.

These papers are to be read by all students for the session.

  1. The topic owner should in addition
    1. create a presentation, giving a short overview of the topic, a discussion of the individual papers, and present in-depth an interesting security problem / solution from the papers. The topic owner is expected to read more than the three papers for the session to be able to create an interesting discussion.
    2. also create a short quiz to go with the papers. This is going to be used in each seminar to check if the papers were actually read by all participants.
    3. write a short paper (~4 pages) relating to the topic (e.g. a literature review, how it integrates into the student’s own research, open research questions, etc.)
  2. Each student will, in addition to reading the three papers for each topic, also participate in a peer review of the short papers.

Each step above need to be approved by the instructors of the course.