About the position

We have a vacancy for a PhD position in Information Security at Department of Information Security and Communication Technology (IIK), affiliated with the Critical Infrastructure Security and Resilience group (CISaR).

The research will focus on platforms for assessment and training on cybersecurity for critical infrastructures.

The position is funded and aligned with the project CybWin (Cybersecurity Platform for Assessment and Training for Critical Infrastructures – Legacy to Digital Twin), the focus of which is the development of a platform that enables modelling and simulation of real-world critical infrastructures.

The position reports to head of departement.

Job description

The research will focus on platforms for assessment and training on cybersecurity for critical infrastructures.

The platform to be developed is envisaged to integrate methods and tools for vulnerability assessment, RAMS (reliability, availability, maintainability, safety) assessment, attack simulation, incident prediction and response, situational awareness and training.

Further objectives of the project are to develop:

• a knowledge base of cyber-attacks on CIs and their applicability to the Norwegian CIs.
• a System of Systems understanding of CIs, their interdependences, failure modes and threats.
• a high fidelity simulation approach for cybersecurity- and RAMS- incident prediction and response.
• an approach for improving human perception and decision making during incident response.
• a testbed with real, simulated and emulated components of real-world CI for assessments and training.

The specific focus of this position is on investigating the Industrial Control Systems (ICS) landscape for Critical Infrastructures, and on developing simulation and modeling mechanisms for cybersecurity incidence prediction and response, maintaining the necessary fidelity, granularity and synchronization with the target systems. Furthermore, research activities will focus on human aspects, such as identification and training on critical competences. The successful candidate will work in close collaboration with a Post-Doctoral researcher also dedicated to this project, and with existing personnel of the CISaR group. 

The successful candidate will work on advancing the state of the art by developing novel mechanisms for modelling the threat landscape of CI, with initial focus on assessing risks of selected sectors in order to identify potential attack actors, motives, scenarios and attack vectors. In the sequel, research activities will focus on the modelling of selected ICS and their interdependencies, utilising the PURDUE model and formal modelling languages such as SysML and AADL. Based on these results system specific models will be developed for risk and incident response, suitable for supporting security teams in assessing the risk and impact on the overall system of a cyber-attack, and to select best response actions. Such models should provide the required granularity that allows for systematic security assessments, and improve the ability to evaluate the effectiveness of intrusion detection, mitigation systems and the operators’ ability to predict and detect that a system has been compromised. Digital twins are of special interest in respect to this task, especially leveraging technologies such as 3D modelling, VR and AR. Finally, the successful candidate will focus on identifying essential human competencies for cybersecurity of critical infrastructures, and on developing strategies and scenarios for cybersecurity and incidence response training.

Qualification requirements

The PhD-position's main objective is to qualify for work in research positions. The qualification requirement is completion of a master’s degree or second degree (equivalent to 120 credits) with a strong academic background in information/cyber security, and good understanding of industrial control systems, SCADA, and Systems of Systems security, or equivalent education with a grade of B or better in terms of NTNU’s grading scale. Applicants with no letter grades from previous studies must have an equally good academic foundation. Applicants who are unable to meet these criteria may be considered only if they can document that they are particularly suitable candidates for education leading to a PhD degree.

The appointment is to be made in accordance with the regulations in force concerning State Employees and Civil Servants and National Guidelines for appointment as PhD, postdoctor and research assistant.

Other qualifications

Excellent written and oral communication skills. Applicants who neither are native English speakers nor from Scandinavia, must provide evidence of English language proficiency by means of one of the following tests: TOEFL, Academic IELTS and Cambridge CAE or CPE. Minimum scores need to be:

• TOEFL: 600 (paper-based test), 92 (Internet-based test)
• IELTS: 6.5, with no section lower than 5.5 (only Academic IELTS test accepted)
• CAE/CPE: grade B or A.

Fluency in Norwegian is desirable and will be considered positively.

• Knowledge of the PURDUE model and formal modelling languages such as SysML and AADL.
• Knowledge and background in programming, as well as simulation tools such as MATLAB and Labview (Testimonials, certificates and experience must be documented and included in the application).  

Personal characteristics

The successful candidate should be capable of working independently, and with a problem solving mindset. Furthermore, the successful candidate should be keen on learning and working in teams in a structured manner, and take initiatives for personal and team growth. Additionally, he/she should also enjoy doing interdisciplinary research. In the evaluation of which candidate is best qualified, emphasis will be placed on education, experience and personal suitability, in terms of the qualification requirements specified in the advertisement.

In the evaluation of which candidate is best qualified, emphasis will be placed on education, experience and personal suitability, as well as motivation, in terms of the qualification requirements specified in the advertisement

We offer

• Exciting and stimulating tasks in a strong international academic environment
• An open and inclusive work environment with dedicated colleagues
• an open and inclusive work environment with dedicated colleagues
• favourable terms in the Norwegian Public Service Pension Fund
• employee benefits

Salary and conditions

PhD candidates are remunerated in code 1017, and are normally remunerated at gross from NOK 449 400 per annum before tax. From the salary, 2% is deducted as a contribution to the Norwegian Public Service Pension Fund.

The period of employment is 3 years. Appointment to a PhD position requires admission to the PhD programme in Information Security. As a PhD candidate, you undertake to participate in an organized PhD programme during the employment period. A condition of appointment is that you are in fact qualified for admission to the PhD programme within three months.

Appointment takes place on the terms that apply to State employees at any time, and after the appointment you must assume that there may be changes in the area of work.

General information

Working at NTNU

A good work environment is characterized by diversity. We encourage qualified candidates to apply, regardless of their gender, functional capacity or cultural background. Under the Freedom of Information Act (offentleglova), information about the applicant may be made public even if the applicant has requested not to have their name entered on the list of applicants.

Questions about the position can be directed to Professor Sokratis Katsikas, phone number: +47 91138581 or Dr. Vasileios Gkioulos, phone number: +47 61135162.

About the application:

Publications and other academic works that the applicant would like to be considered in the evaluation must accompany the application. Joint works will be considered. If it is difficult to identify the individual applicant's contribution to joint works, the applicant must include a brief description of his or her contribution.

Please submit your application electronically via jobbnorge.no including: 

• A cover letter describing your suitability for the position, including knowledge and background specifically in ICS, CPS, SCADA, programming, as well as simulation tools such as MATLAB and Labview,
• Diplomas and certificates
• Your CV
• Contact details of two references 
• Please refer to the application number XXX when applying.

Applicants invited for interview must include certified copies of transcripts and reference letters. Please refer to the application number 2018/45666 when applying.

Application deadline: 31.01.2019

NTNU - knowledge for a better world

The Norwegian University of Science and Technology (NTNU) creates knowledge for a better world and solutions that can change everyday life.

Department of Information Security and Communication Technology

Research is vital to the security of our society. We teach and conduct research in cyber security, information security, communications networks and networked services. Our areas of expertise include biometrics, cyber defence, cryptography, digital forensics, security in e-health and welfare technology, intelligent transportation systems and malware. The Department of Information Security and Communication Technology is one of seven departments in the Faculty of Information Technology and Electrical Engineering .

Deadline 31.01.2019
Employer NTNU - Norwegian University of Science and Technology
Municipality Gjøvik
Scope Fulltime
Duration Temporary
Place of service Campus Gjøvik