Skip to content

Projects

Ongoing Projects

  • Project name: Centre for Intelligent Electricity Distribution (CINELDI).
  • Funding: Research Council of Norway (257626), 2016-2024.
  • My role: Project Team Member.
  • Responsibilities: Leading the contributions by SINTEF, department of Sustainable Communication Technologies. Working on methods and tools for cybersecurity risk assessment in the future distribution system. Carrying out industrial case studies with project partners.
  • Project name: New Medical Cybersecurity Assessment and Design Solutions (NEMECYS).
  • Funding: Horizon Europe Framework Programme (101094323), 2023-2025.
  • My role: Task Leader and member of the NEMECYS Exploitation Committee representing SINTEF.
  • Responsibilities: Leading two tasks related to the project objective on developing risk benefit schemes for connected medical devices. The first task aims to identify key indicators impacting various risks, including cybersecurity, privacy, ethical concerns, and patient clinical benefits (e.g., potential treatment impediments). This involves identifying device vulnerabilities, threats, and risk treatments to mitigate these risks. The second task’s goal is to integrate the concepts and tools from the risk assessment work package to create decision-support tools that aid in making balanced decisions, considering both patient benefits and cybersecurity risks.
  • Project name: Cyber Security Risk Assessment in Virtualized Airspace Scenarios and Stakeholders’ Awareness of Building Resilient ATM (SEC-AIRSPACE).
  • Funding: SESAR 3 Joint Undertaking, Co-funded by the European Union (101114635), 2023-2026.
  • My role: Task Leader.
  • Responsibilities: Leading one task on integrated dynamic risk assessment of Air Traffic Management (ATM) systems. This involves creating cyber-risk models specific to the ATM domain, designed to encapsulate various elements anticipated in future ATM scenarios. This includes relevant threat scenarios, vulnerabilities, unwanted incidents, and assets requiring cybersecurity protection. As part of this task, I am also identifying key risk indicators that will serve to measure the cybersecurity risks captured by these models. Once developed, these cyber-risk models, along with the identified risk indicators, will be schematically translated into risk assessment algorithms. This translation is aimed at facilitating dynamic risk assessment, enhancing our ability to respond proactively to emerging cyber threats in the ATM domain.
  • Project name: Healthy Working Environments for all Ages: An Evidence-Driven Framework (WAge).
  • Funding: Horizon Europe Framework Programme (101137207), 2023-2027.
  • My role: Project Team Member.
  • Responsibilities: I am working in the work package Data Sovereignty. The objective of this work package is to develop a privacy-preserving data collection, storage, and sharing protocol, as well as to integrate International Data Space Association’s solutions into the project to enable secure and trustworthy exchange of data between trusted partners, ensuring data sovereignty.

Completed Projects

  • Project name: Aggregated risk assessment and management (AGRA).
  • Funding: Research Council of Norway (236657), 2014-2018.
  • My role: Project Team Member.
  • Responsibilities: Worked on risk-based decision support model for offshore installations and banking, as well as model-based risk-driven security testing. Carried out industrial case studies with project partners.
  • Project name: AI-supported Security Risk Assessment (AISRA).
  • Funding: SINTEF project funded by the basic funding through Research Council of Norway, 2020.
  • My role: Project Manager.
  • Responsibilities: Led the project. The objective of this project was to (1) build knowledge and expertise within AI-supported security risk assessment, (2) obtain the state of the art within AI-supported security risk assessment, and (3) obtain the market’s perspective on AI-supported security risk assessment.
  • Project name: Democratizing a Cyber Security Toolkit for SMEs and MEs (CyberKit4SME).
  • Funding: EU Horizon 2020 Research and Innovation programme (883188), 2020-2023.
  • My role: Project Manager.
  • Responsibilities: Leading the contributions by SINTEF. Task leader. Developed a Human and Organizational Risk Modelling framework (HORM). The framework supports SMEs to identify high-level cyber-risks caused by human and organizational risk factors. The framework is validated in the project together with SMEs from four different sectors: finance, health care, energy, and transport. The HORM framework is one of many tools provided by CyberKit4SME.
  • Project name: Cyber Security Network of Competence Centres for Europe (CyberSec4Europe).
  • Funding: EU Horizon 2020 Research and Innovation programme (830929), 2019-2022.
  • My role: Project Manager.
  • Responsibilities: Led the contributions by SINTEF. We did research on Secure Development Lifecycle (SDL), demonstrated proactive security risk assessment in SDL, addressed challenges related to unreliable risk estimates, and developed and demonstrated secure communication within maritime transport.
  • Project name: Civil Cyber Range Platform for a Novel Approach to Cybersecurity Threats Simulation and Professional Training (CYBERWISER.eu).
  • Funding: EU Horizon 2020 Research and Innovation programme (786668), 2018-2021.
  • My role: Project Manager.
  • Responsibilities: Led the contributions by SINTEF. Work package and task leader. The objectives of our tasks were to develop cyber-risk models and training material for the cyber range. With respect to cyber-risk models, we developed risk models and corresponding machine-readable risk assessment algorithms that enabled real-time assessment of cyber risks, threats and vulnerabilities on the target systems simulated on the CYBERWISER.eu cyber range. The risk models and corresponding risk assessment algorithms were also used on the cyber range to train and evaluate the cybersecurity skills of participants. With respect to training material, we developed 22 cybersecurity courses focusing on awareness of common cybersecurity risks, context establishment of a cyber-risk assessment, cyber-risk identification, analysis, evaluation, treatment, and hands-on complex cyber-range exercises (SQL injection, cross-site scripting, etc.).
  • Project name: Effort-dependent technologies for multi-domain risk-based security testing (DIAMONDS).
  • Funding: Research Council of Norway (201579/S10), 2010-2015.
  • My role: Project Team Member. PhD fellow.
  • Responsibilities: Worked on model-based risk-driven security testing, and test-based security risk assessment. Carried out industrial case studies with project partners. DIAMONDS was also the project in which I carried out my PhD work “CORAL: A Model-Based Approach to Risk-Driven Security Testing“.
  • Project name: Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems (ENACT).
  • Funding: EU Horizon 2020 Research and Innovation programme (780351), 2018-2020.
  • My role: Project Team Member.
  • Responsibilities: Worked on developing a method and tool support for risk-driven planning of trustworthy smart IoT systems within DevOps.
  • Project name: Enabling the European Business Graph for Innovative Data Products and Services (euBusinessGraph).
  • Funding: EU Horizon 2020 Research and Innovation programme (732003), 2017-2019.
  • My role: Project Team Member.
  • Responsibilities: Developed a minimum viable product (MVP) providing a federated search engine collecting data from corporate registries such as the Brønnøysund Register Centre and other similar partners in the project. The MVP merged search results from different data providers to provide an enriched and more complete description of a corporate. I used Ruby on Rails to develop the MVP.
  • Project name: PrivacyAssessment@SmartCity.
  • Funding: SINTEF project funded by the basic funding through Research Council of Norway, 2016-2017.
  • My role: Project Team Member.
  • Responsibilities: Worked on identifying and managing privacy risks in smart city solutions, as well as assessing privacy risks in real-time.
  • Project name: Compositional Risk Assessment and Security Testing of Networked Systems (RASEN).
  • Funding: EU Seventh Framework Programme FP7 (316853), 2012-2015.
  • My role: Project Team Member.
  • Responsibilities: Worked on cyber-risk assessment, model-based testing, and compositional risk assessment.
  • Project name: Wide-Impact cyber SEcurity Risk framework (WISER).
  • Funding: EU Horizon 2020 Research and Innovation programme (653321), 2015-2017.
  • My role: Project Manager.
  • Responsibilities: Led the contributions by SINTEF. Work package and task leader. The objectives of our tasks were to develop the cyber-risk modelling support offered by the WISER framework, as well as developing a set of cyber-risk patterns ready for instantiation. The cyber-risk modelling support consisted of a modelling language, guidelines, and tools to create cyber-risk models capturing threats and vulnerabilities, risk levels, and treatments/mitigations. We also identified and described best practices related to cyber-risk assessment and involved early assessment pilots in the project.