"It has only been a few weeks since I last visited Simula to talk about money. Now I am back, and also this time I will talk about funding", said the Minister of Research and Higher Education, Iselin Nybø, when visited Simula on Thursday.
She announced that Simula has now been granted 75 MNOK out of the 196 MNOK the Research Council has at its disposal to channel into research projects within the field of IT security.
"Well done, Simula, and congratulations to you all. This is no less than impressive! We are talking about large sums of money, but neither good luck nor coincidence explain why you again and again are granted funding."
The Minister emphasized that the funding is a result of all the great work being done at Simula, and the competence and skills both the Research Council and the Government know lie within the organization.
"We know you are capable of achieving results with your research".
Nybø also said that the selected projects dealwith extremely important issues we need more knowledge about.
"So the funding you have been granted is not only important to Simula, it is equally valuable to our country. We are dependent on you and that you provide new knowledge of how to deal with IT security", she said and revealed simultaneously that out of the 11 projects the Research Council has selected to grant, Simula has a leading role in four of them. These are the GAIA-project, the SecureIT-project, the SMARTMED-project, and the TSAR-project.
"We have high expectations of you. I have no doubt that your projects will use the grants wisely and be able to come up with results that eventually will benefit Norway as a whole", she continued.
Kyrre Lekve, deputymanaging director at Simula, was very happy about the news Nybø brought.
"We are extremely excited. Our skilled researchers have worked on IT-security challenges for a long time, and this head start is now paying off. The money allows us to expand our research activity in this important field, and hopefully our work will result in scientific findings that the decision makers will be able to use in their work", he said.
The four Simula-projects with funding from the Research Council:
25 MNOK from theResearch Council
"The key challenge we are addressing is how to understand digital value chains. Today’s online services are no longer hosted in one place or served by a single company. Achieving this task is very difficult and almost impossible when we do not know where the data streams go, how they are determined, or how vulnerable they are. This lack of knowledge undermines the modern state’s ability to ensure the cyber security for its citizens," saidAhmed Elmokashfi, senior research scientist at Simula Metroplitan Center for Digital Engineering.
Elmokashfi is one of the key figures in the GAIA-project, a collaboration between SimulaMet, Norwegian Institute of International Affairs (NUPI), and many other institutions and organizations.The goal of the project is to map Internet connectivity onto the physical world.
"We want to correlate Internet connectivity with political, commercial and cultural realities and assess vulnerability of critical infrastructures to cyber attacks. We hope to find some framework stateholders can use to navigate in the world – in order to figure out how vulnerable they are in cyber security."
The GAIA-project is also unique because it promotes a multidisciplinary approach to studying potential impacts of national autonomy and the interplay with national security. "Existing research tends to focus on either the technical aspects or the social science perspectives on cyber security. There are few studies that actively work across the disciplines to better understand societal challenges propelled by digitalization. That is essential in order to succeed," Elmokashfi and Niels Nagelhus Schia, senior researcher at NUPI, agree.
"Until now we have been working separately. The technological researchers have approached one side, social scientists another. But I believe it is important to understand how cyber security as understood at the social/political level correlates with the technical level", claims Niels Nagelhus Schia, senior researcher and head of NUPI's Centre for Cyber Security Studies.
He further statedthat the very globalized digital technology leads to interesting questions of how this influences the relations between nations.
"Does the digitalized world order lead to more interdependence between states or does it lead to a higher degree of mistrust in international politics? And furthermore, who holds power in the digital society? How is power balanced when the political and economic strength of some private companies becomes as big as the US and China? How can states enhance the security of their digital critical infrastructure through international arenas? There are so many unanswered questions tied to this, and we believe this project will help us find out more about digital globalization – and to what extent digital autonomy affects democratic processes or national autonomy."
24 MNOK from the Research Council
"I was very happy to learn that the project was accepted," said Leon Moonen, chief research scientist at Simula."This particular IKTPLUSS call provided exactly the right context and constraints to make a research endeavor of this size feasible and I deeply appreciate that the reviewers and RCN agreed to fund the proposed work."
His project, Secure IT, is about reducing security vulnerabilities in software development by providing software engineers with intelligent automated software security assessment technology.The idea behind the project is to make software more robust while being developed, mostly by detecting if and how it deviates from what is normally done in similar systems.
"The easiest way of explaining it is to use a metaphor. When you write a program, you are writing a recipe for the computer, not unlike writing a recipe for, for example, making bread. Our project aims at learning common patterns of secure softwaredevelopment, similar to how many recipes for bread have a common pattern. Now imagine you are writing a new recipe for bread and forget a step, such as letting it rise, or taking it out of the oven, the results of your baking would be bad. Our project aims to develop intelligent support systems that would help a developer recognize when they have forgotten an important step in the development of secure software systems, by alerting them how their program is different from what is usually done."
Moonen explains that there are some solutions on the market today that recognize manually written security patterns, but that these are relatively simplistic, and thereis a lack of automated detection of more complicated patterns. The SecureIT projectaimsto do something about this by using machine learning and data mining to automatically learn patterns of good behavior shared by existing software systems, and then use these patterns to detect deviations.
"One of the nice things of this approach is that we can build up the knowledge about these patterns over time, gradually adding patterns as we learn more, which will then help to detect an increasing amount of security vulnerabilities during software development."
17 MNOK from the Research Council, coordinated by the University of Oslo
"Blockchain technology is a topic I have been researching in my private time for a while. I have been writing own software in C from the Bitcoin platform for example to mine Bitcoins", said Chad Jarvis, senior research engineer at Simula."Roman Vitenberg, the project leader, is one of the best people in Norway to work with in this area. Therefore, I was super excited to find out that we had won the grant for this project because this gives me an opportunity do to research and work with experts in a field that I'm personally very interested in."
The primary goal of the SMARTMED-project is to improve the security and privacy of sharing medical records using blockchain technology and smart contracts. Blockchain technology uses an immutable ledger to provide accountability, which can greatly improve security.
"Security violation of medical records is an increasing problem which we think blockchain technology can alleviate. The smart contracts are used to manage the consent and privacy of patients´ medical records. For various reasons, such as the GDPR, privacy has become more demanding."
Jarvis explains that the secondary goal of the SMARTMED-project is to build competence in blockchain technology and smart contracts in Norway.
"Roman Vitenberg is the first professor to teach a course in blockchain technology in Norway and we have good contacts with experts in these topics at ETH in Switzerland and Cornell in the USA which we will collaborate with."
The project will start in the first quarter of 2019.
10 MNOK from Forskningsrådet
"Cyber-attacks are becoming a significant concern in public transport services today, which creates a huge demand for an innovative technology that can help prevent attacks", saidDusica Marijan, senior research scientist at Simula.
She and Simula colleague Arnaud Gotlieb are the main people behind the Tsar-project, a project that deals with AI-driven testing of false data injection attacks against transport infrastructures. The project aims to develop a technology that will improve the detection of one type of digital vulnerability in transportation infrastructures, namely false data injection attacks (FDIA).
"Our main goal is to create an AI-based technology which will improve the safety in public transportation systems. We are very pleased to be granted funding to work on this topic. This will allow us to hire researchers and buy the equipment we need to get started. We will most likely start the research in April next year,"she states.
Marijan and Gotlieb, with their collaborators Statsat AS, NCA (Kystverket), Professor Legeard from the French University of Bourgogne Franche-Comté and Smartesting, and Professor Wotawa from the Graz University of Technology, will be focusing on three different application areas: Vessel traffic services in marine transport, air traffic control, and vehicular ad-hoc networks (connected cars).
"The project is expected to enhance the capabilities of current traffic management systems with AI-driven FDIA generation and detection technology, building the ground for more secure self-driving vessels, aircrafts, and cars."