27-28 May 2024

Work by the partner universities will be presented in the SWITS seminar organised for PhD students in the cybersecurity area, this year in Lund.

10 April 2024

One of the six round table discussions at the Cybercampus-Cybernode collaboration event on 10th April will be moderated by Simin Nadjm-Tehrani. The topic of the discussion is the incentives for resilient critical infrastructures and their importance for the innovation ecosystem.

20 March 2024

Researchers in RICS organised a workshop at KTH for PhD students involved in the project to get feedback and ideas for collaboration.

20 April 2023

Work from RICS will be presented at an event organised by CyberNode Sweden, within the working group AI and Security.

26 January 2022

RICS will be presented in session 2B at the Cybernode Collaboration conference at Kista, and discuss the outcomes with a poster.

19 December 2022

PhD Thesis defence at Linköping university will take place with experts from US/Singapore, Netherlands, Sweden, and Czeck republic discussing anomaly detection in SCADA networks.

30 November – 2 Dec 2022

The 27th Nordic Conference on Secure IT Systems (Nordsec) will be organised at Reykjavik University, Iceland. Early registration date is 2nd November.

30 May 2022

A joint RICS-Cybernode workshop will take place in Linköping. For more information contact Simin Nadjm-Tehrani.

23-24 November 2020

The 25th Nordic Conference on Secure IT Systems (Nordsec) held in Linköping as a virtual event requiring registration. The proceedings for the conference is available as a volume of Lecture Notes in Computer Science.

11 September 2020

RICS-el: A hackable network near you!

A seminar to be held virtually.

Registration details:

I ett samarbete mellan MSB:s forskningsprogram RICS och FOI har vi utvecklat ett fiktivt elnätsbolag, kallat RICS-el, i syfte att möjliggöra forskning och experimenterande inom cybersäkerhet i industriella styrsystem. I korthet är RICS-el en förenklad, men fortfarande realistisk, systeminfrastruktur med så väl kontorsmiljö (IT) som styrsystemsmiljö (OT) som styr och övervakar ett simulerat elnät, allting implementerat i träningsplattformen CRATE.

Välkommen till ett seminarium om RICS-el!

När? 11 september 9.00-12.00

Var? I cybern. Zoom-länk skickas vid anmälan.


9.00-9.15 Välkomna och något ord om forskningsprogrammet RICS.

9.15-11.30 RICS-el, presentation och demo

11.30-12.00 Framtida användning. Diskussion tillsammans med deltagare.

Anmälan: Skicka ett email senast 9/9 till Mathias Ekstedt (KTH) på adressen: mekstedt snablat-a kth.se

23-25 September 2019

The 14th International Conference on Critical Information Infrastructures Security (CRITIS) held in Linköping.

19-20 June 2019

The 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) held in Göteborg.

6 March 2019

The first RICS seminar of 2019 on Wednesday 6th March 13:15–14:15.

The speaker is Simona Bernardi (University of Zaragoza)

Location:  Donald Knuth, Dept. of Computer & Information Science, Linköping University.


Survivability is a primary requirement for critical infrastructures, that must be able to provide essential services with an adequate Quality of Service even when they are compromised by intentional or  accidental threats.
In this talk I present two works aimed at enhancing the survivability  of critical infrastructures.  Both the works consider the SmatGrids domain but with a different perspective and purpose. The first work focuses on the elicitation and specification of survivability requirements of a SmartGrid and proposes a model-driven approach for their verification. The second is a work-in progress on detection of integrity attacks on the Advanced Metering Infrastructure of a SmartGrid, that is based on the application of process mining and time-evolving graphs.

23 October 2018

The second RICS Seminar of this year is organised in conjunction with CS3 STHLM.

The speaker is Kevin Jones, Airbus Group Innovations, UK.

More information and speaker profile: CS3

Location: Nalen, Regeringsgatan 74, Stockholm.

September- October 2018

Open lectures in the course on Ethical Hacking

As part of KTH’s course in Ethical Hacking four guest lectures are open to the general public:

September 4, 15:15-17:00, Anne-Marie Eklund-Löwinder, CISO IIS, The Keys to the Internet

September 11, 15:15-17:00, Jonas Lejon, Senior Cyber Security Specialist, Swedish Armed Forces, How to become a Bonafide White Hat Hacker

September 25, 15:15-17:00, Nasser Nowdehi, Vehicular Communication Security Researcher, Volvo, How to Hack a Car: Attacks and Defenses for Connected Vehicles

October 9, 15:15-17:00, Joakim Grundwall, CTO, MSAB, Breaking the Security of Modern Smartphones

Location:  Room B2, Brinellvägen 23, KTH Campus Vallhallavägen, Stockholm.

19 September 2018

Dr. Aruna Prem Bianzino, researcher at Telefonica Digital Espana (Eleven Paths) will give a talk on:

Browser Extensions, Development practices, unwanted behaviors and how to anticipate them

Time: 10:15

Location:  Linköping University, Campus Valla, E Building,  Alan Turing.

Browser Extensions: Development practices, unwanted behaviors and how to anticipate them Browsers represent the main tool to access web content. Browser extensions increase the functionalities of browsers, offering any kind of non-standard solutions and applications to the end user, resulting in a really popular practice, accessing many resources, and bringing with them security risks. We analyze the ecosystem of the browser extensions, and develop a solution to automatically highlight eventual unwanted behavior, which is eluding the current pre-market analysis. This solution allows also to increase the transparency and user awareness and control over the used extensions and their resource usage and access policy.

17 September 2018

A seminar hosted by Young AFCEA will be held featuring Anne-Marie Eklund Löwinder and the CIO of the Swedish Armed Forces, Fredrik Robertsson. More information is available here.

The seminar is in Swedish.

Location: Malvinas (formerly Osquldas) väg 10, Stockholm.

14 September 2018

RICS stakeholders may be interested in the following seminar by Hans-Peter Schwefel that takes place at Chalmers.

Time: 10.00 – 12.00.

Location: Analysen, EDIT Building, Chalmers.

Abstract: There is an increasing number of digital data sources that is available in the context of electricity distribution grids. These include in particular smart meters at customer sites or smart inverters that connect storage or distributed generation, but the information from such sources has not yet been harnessed for planning and operation of electricity distribution grids. This talk introduces the approach to leverage measurement data from smart meters and smart inverters in low-voltage (LV) grids. The solution correlates these data with information from existing data subsystems at the distribution system operator, in order to enable novel LV grid observability applications for voltage quality, grid operation efficiency, and LV grid outage diagnosis. Since the approach uses data from heterogeneous measurement systems, challenges regarding the data quality and its impact on the subsequent data analytics applications are discussed in the second part of the talk.

The talk is based on the ongoing Horizon 2020 project Net2DG, see www.net2dg.eu

19 June 2018

RICS Spring seminar “Towards next generation collaborative network defense” by Dr. Emmanouil Vasilomanolakis from Technical University of Darmstadt.

Time: Public seminar,  13.15 – 14.15, and follow on discussions 14.15 – 1500.

Location: Linköping University, Campus Valla, E Building,  Alan Turing.

Cyber-attacks have nowadays become more frightening than ever before. The growing dependency of our society on networked systems aggravates these threats; from interconnected corporate networks and industrial control systems to smart households, the attack surface for the adversaries is increasing. I argue that network security requires, besides traditional methods, more out of the box and (pro)active research. In this talk, I will discuss the three main pillars of my current and future research, namely: i) offensive security, ii) attacker deception, and iii) collaborative intrusion detection. In particular, the first part of the talk will focus on offensive security (e.g., taking the perspective of an adversary to anticipate new attacks) and attacker deception (e.g., honeypots) and will examine the motivation, the challenges and possible next steps for this line of research. The second part of the talk will be emphasizing on collaborative intrusion detection and will combine a discussion of research challenges along with lessons learned from a number of projects that I have been involved to date.

14 March 2018

A seminar by Xavier Bellekens from Abertay University at Chalmers.

Time: 13.00- 14.00

Location: EDIT 3364

Graphics Processing Units (GPUs) and their application for high speed pattern matching intrusion detection systems

Abstract: Pattern matching is an important task in a plethora of different fields, but is also a resource consuming problem. Due to the ever-growing volume of data to be processed and increasing link speeds, the number of patterns to be matched has risen significantly.  Panda Labs estimates that, as of 2016, 350.000 new threats are discovered every day. In this presentation I will explore the parallel capabilities of modern Graphics Processing Units (GPUs) and their applications for high speed pattern matching Intrusion Detection Systems, as well as discuss a highly efficient version of parallel Failure-Less Aho-Corasick.

Bio: Xavier Bellekens received the Bachelor Degree from Henallux in Belgium; the Masters degree in Ethical Hacking and Computer Security from the University of Abertay Dundee and the Ph.D. in Electronic and Electrical Engineering from the University of Strathclyde in Glasgow in 2010, 2012 and 2016 respectively. He is currently a Lecturer in Security and Privacy in the department of Cyber Security at Abertay University.  He is the cyber-security thematic leader for the IEEE UK and Ireland and the general chair of the IEEE Cyber Science Collocated conferences. He is also a regular contributor on the radio and newspapers both in Belgium and the UK on cyber-security issues. His current research interests include machine learning for cyber-security, autonomous distributed networks, the Internet of Things and massively parallel algorithms.

24 August 2017

RICS will host a one day tutorial and seminar on deep learning methods that will take place at Linköping University.

Location: IDA , B building, entry 29, 1 floor up, Von Neumann.

Patrick Glauner (from University of Luxembourg) will have a presentation divided  in three parts.

  1. An introduction to deep learning (11.00-12.00)

This part is a joint seminar with the SaS division at IDA and can be skipped by people who already have some background in the area, or just be attended by people who want a basic orientation.

2. Advanced tutorial on deep learning (13.15-15.00)

This part is a continuation from the morning session but uses a deeper analysis of the methods.

3. Application of machine learning to electricity theft (15.15-17.00)

This is a talk decoupled from the previous ones and describes an application of machine learning (not deep learning).

Here is the abstracts for the different parts:

(1) and  (2): Title: Deep Learning on Big Data Sets in the Cloud with Apache Spark and Google TensorFlow

Patrick Glauner and Radu State, Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg

Abstract: Machine learning is the branch of artificial intelligence giving computers the ability to learn patterns from data without being explicitly programmed. Deep Learning is a set of cutting-edge machine learning algorithms that are inspired by how the human brain works. It allows to selflearn feature hierarchies from the data rather than modeling hand-crafted features. It has proven to significantly improve performance in challenging data analytics problems. In this tutorial, we will first provide an introduction to the theoretical foundations of neural networks and Deep Learning. Second, we will demonstrate how to use Deep Learning for character recognition in a cloud using a distributed environment for Big Data analytics. This combines Apache Spark and TensorFlow, Google’s in-house Deep Learning platform made for Big Data machine learning applications.

(3)  Title: Detecting Electricity Theft using Machine Learning

Patrick Glauner and Radu State, Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg

Abstract: Detection of non-technical losses (NTL) which include electricity theft, faulty meters or billing errors has attracted attention from researchers in electrical engineering and computer science. NTLs cause significant harm to the economy, as in some countries they may range up to 40% of the total electricity distributed. The predominant research direction is employing artificial intelligence (AI) to solve this problem. Promising approaches have been reported falling into two categories: expert systems incorporating hand-crafted expert knowledge or machine learning which learns fraudulent consumption patterns from examples without being explicitly programmed. In order to detect NTL, inspections of customers are carried out based on predictions. However, carrying out inspections is costly, as it requires physical presence of technicians. In this talk, we will present our research progress in predicting NTL more accurately. We will also outline future challenges of our research and how we intend to address them.

Bio: Patrick Glauner is a PhD student at the University of Luxembourg working on the detection of electricity theft through machine learning. He graduated as valedictorian from Karlsruhe University of Applied Sciences with a BSc in computer science and obtained his MSc in machine learning from Imperial College London. He was a CERN Fellow, worked at SAP and is an alumnus of the German National Academic Foundation (Studienstiftung des deutschen Volkes). He is also adjunct lecturer of artificial intelligence at Karlsruhe University of Applied Sciences. His current interests include anomaly detection, big data, computer vision, deep learning and time series.

7-9 June 2017

RICS researchers will participate and present in the national SWITS seminar for researchers on information security, which will be held in collaboration with the COINS network in Norway this year.

30th May – 1 June 2017

The Spring term thesis presentations will include topics related to RICS research.

At Linköping, B Building, Donald Knuth, the following presentations will take place 30th May:

11-12 Evaluating the performance of a fault-tolerant system that implements replicaton and load balancing

13-14 Functional and security testing of a mobile system

If interested to attend, email Simin.Nadjm-Tehrani @ liu.se

At Chalmers EDIT building, Johanneberg the following presentations will be made on 1st June:

0930-10 Welcome and coffee

10–11 Fuzzing the S7 protocol

11-12 A network-based Intrusion Detection System for Industrial Control Systems

12-13 Lunch

If interested to attend, email Magnus.Almgren  @ Chalmers.se

17-18 May 2017

To further increase the awareness of the need for cyber security, RICS researcher will participate in Elkraft 2017 with a poster. The event brings together industry, researchers and students to discuss and plan the future grid in Sweden.

22 February 2017

RICS holds a joint workshop with the second MSB-financed Project CERCES at MSB premises. The stakeholders in our reference Group and the invitees are welcome! Here is a link to the program.

2 November 2016

A seminar by Gunnar Björkman (with decades of experience at ABB)  will be held on the topic of SCADA systems for electrical grids – their use and their design.

Time: 13:15-14:15

Location:  Linköping University, Campus Valla, B Building, 1 floor up, between entry 29 and 27, B corridor, Von Neumann.

Abstract: A short presentation of modern SCADA systems for electrical grids starting with a background why they are needed and how they have developed from isolated stand-alone systems to integrated solutions with office applications. Basic SCADA applications including process communication/RTUs and Human Machine interfaces will be included. Advanced applications for grid security and optimization will be discussed. The presentation will focus on usage and user benefits of SCADA systems but some basic design issues like process communication principles, real-time databases, performance and availability will be described. The intention is to have an open discussion during the presentation.

27 October 2016

Simin Nadjm-Tehrani will present work from the RICS research centre at 4SICS Stockholm.

9-10 June 2016

The annual SWITS Conference held by the Swedish network of information security researchers financed by MSB was hosted by Linköping University this year. The program included several presentations by PhD students from Swedish universities and invited talks by Ivan Buetler (CompasSecurity) and Peter Ryan (University of Luxembourg).

12-13 April 2016

Annual EBITS meeting for energy sector companies discussing security concerns was held in Linköping with  around 50 participants. Preliminary program and some slides from the talks can be accessed.

7th April 2016 

RICS organises a seminar by Yulia Cherdantseva from Cardiff University on the topic of risk assessment.

Time: 13:15-14:15

Location:  Linköping University, Campus Valla, B Building, 1 floor up, between entry 29 and 27, B corridor, Von Neumann.

Abstract: Recently, in the framework of SCADA Cyber Security Lifecycle (SCADA-CSL) programme funded by the Airbus Group Endeavr Wales we have conducted a review of cyber security risk assessment methods for Supervisory Control and Data Acquisition (SCADA) systems . The review is presented here. This paper is currently the most downloaded article at Computers & Security.

In this talk I will cover the results of our review as well as the review methodology and research challenges identified. For the review, we selected and in-detail examined twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We analysed the methods in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggested an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. Most importantly, we outlined five research challenges facing risk assessment in SCADA systems and pointed out the approaches that might be taken.

16th December 2015 at 15-17

The RICS research centre organizes two seminars back-to-back by Ketil Stølen, a world authority on risk assessment for IT systems.

The first talk targets a broader audience (practitioners, and researchers not specialised in risk analysis) and the second talk targets researchers with interest in IT security risk research. The abstract of the talks are presented here.

Location: Linköping University, Campus Valla, Room Donald Knuth, B Bldg entry 29, one floor up, B corridor.

Talk 1, 15.15-16.00 ————

Cyber-risk management — What are the real challenges?

These days the EU, government bodies, standards and regulations make heavy use of buzzwords prefixed by “cyber”. Unfortunately, the same bodies are very unclear wrt what these terms actually mean as well as their practical implications. This talk represents an attempt to sort out this mess. I will characterize to what extent cybersecurity and cyber-risk represents something new and identify what I see as the real challenges in this context. I will discuss challenges such as measurement, uncertainty, risk aggregation and black-Swans.

The talk is based on a new book on cyber risk management.

Talk 2, 16.15-17.00 ———–

Uncertainty, Subjectivity, Trust and Risk: How It All Fits Together

Trust management involves the identification and analysis of trust relations.

However, adequately managing trust requires all the relevant aspects of trust to be addressed. Moreover, which aspects to address depend on the perspective of the trust management. In this talk we relate the notion of trust to the notions of uncertainty, subjectivity and risk, and we explain how these aspects should be addressed and reasoned about from three different perspectives.