The Frostbyte lab is the joint cybersecurity lab of the security researchers and teachers at University of Iceland and Reykjavik University. It is co-funded by the Icelandic government and the EU/ECCC. The official opening to experts is on Friday, 7 February 2025, and to the general public on Saturday, 8 February 2025, 11:00-16:00, in Harpa at the IT fair UT messan. Both University of Iceland and Reykjavik University have at the exhibition day for the public a booth on the 2nd floor of Harpa where you can learn more about the lab. The lab is open to interested parties for their cybersecurity research: please contact people at Frostbyte lab if you have a cybersecurity use case. For example, we offer to do a security scan if your organisation that has computers facing the internet.

From the lab opening to experts on 7.2.2025.

From the lab opening to the general public on 8.2.2025.

Gagnabær ("Datatown") digital twin that visualises cyber attacks in Iceland: each time our server gets attacked, a light goes off.

Presentation slides

To play them:

1. Open link in browser;
2. Slides should automatically advance every 20 seconds (possible to adjust that value via the delayms parameter of the URL) -- if they do not advance: reload page via F5 key;
3. Switch to fullscreen mode:
• In Chrome: F5 (=reload to start), followed by F11 (=fullscreen);
• In Firefox: do not use F11 key (would stop auto advance), but rather 'hamburger' menu and there, in the Zoom entry line on the very right, click the fullscreen icon.

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

While Eneloop batteries are the best NiMH AA and AAA batteries that you can get, they have only 1.2 V and some devices need in fact the full 1.5 V of a normal AA battery (e.g. 3.3 V logic that assumes 2 x 1.5 V AA batteries). Li-ion batteries can disguise as 1.5 V AA batteries by using a voltage regulator that step down the Li-ion voltage to 1.5 V. Newer variants have even a USB charging port built in, so that you can charge them without a NiMH charger, but just with any USB power source.

Such Li-ion-based AA batteries typically have two disadvantages:

• The keep the 1.5 V as long as possible and when they are empty, they simply shut down: a device that assumes a normal 1.5 AA battery uses however the voltage drop that a AA 1.5 V battery has when it gets drained to display in advance whether the battery needs to be replaced. This will not work with the Li-ion-based batteries.
• The Li-ion-based batteries can be deep discharged: while they have a protection circuit that switches them off, they recover after some time and the protection circuit enabled the battery again which drains them further and so on.

According to tests (in German), the Keeppower P1450TC (ca. 6.45 EUR with USB C charging port) seems currently to be the only exception that does not have that disadvantage. (However, it starts to drop the voltage somewhat too early so that devices that really need 1.5 V switch off far too early. Would be interesting to see whether future brings even better alternatives).

Have Ghostscript installed, and then

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/ebook -dNOPAUSE -dQUIET -dBATCH -sOutputFile=compressed_output.pdf input.pdf

The possible -dPDFSETTINGS are:

• /screen selects low-resolution output similar to the Acrobat Distiller "Screen Optimized" setting.
• /ebook selects medium-resolution output similar to the Acrobat Distiller "eBook" setting.
• /printer selects output similar to the Acrobat Distiller "Print Optimized" setting.
• /prepress selects output similar to Acrobat Distiller "Prepress Optimized" setting.
• /default selects output intended to be useful across a wide variety of uses, possibly at the expense of a larger output file.

The web-based service https://smallpdf.com/ works also well, but is of course not suitable for privacy-sensitive documents.

Marcel Aach defended yesterday successfully his PhD thesis on Parallel and Scalable Hyperparameter Optimization for Distributed Deep Learning Methods on High-Performance Computing Systems.

Marcel's research was rooted in the CoE RAISE project. This PhD is an example of the collaboration between the Faculty of Industrial Engineering, Mechanical Engineering and Computer Science and Jülich Supercomputing Centre (JSC).

Publishers, such as IEEE, typically allow to publish pre-prints on your home page or even arXiv.

But they want to have their copyright information added ("prominently displayed") before you upload a paper to arXiv, namely according to section 8.1.9 of their IEEE Publication Services and Products Board Operations Manual 2024:

“© 20xx IEEE. Personal use of this material is permitted. Permission
from IEEE must be obtained for all other uses, in any current or future
media, including reprinting/republishing this material for advertising or
promotional purposes, creating new collective works, for resale or
redistribution to servers or lists, or reuse of any copyrighted
component of this work in other works.”

What you need to do for IEEE:

In the LaTeX source, add (for an 2025 IEEE publication):

\usepackage{tikz}

\newcommand\copyrighttext{%
  \footnotesize \textcopyright 2025 IEEE. Personal use of this material is permitted.
  Permission from IEEE must be obtained for all other uses, in any current or future
  media, including reprinting/republishing this material for advertising or promotional
  purposes, creating new collective works, for resale or redistribution to servers or
  lists, or reuse of any copyrighted component of this work in other works.}
\newcommand\copyrightnotice{%
\begin{tikzpicture}[remember picture,overlay]
\node[anchor=south,yshift=10pt] at (current page.south) 
  {\fbox{\parbox{\dimexpr\textwidth-\fboxsep-\fboxrule\relax}{\copyrighttext}}};
\end{tikzpicture}%
}

and change \maketitle to

\maketitle
\copyrightnotice

As license in the arXiv web forms, use to arXiv org perpetual, non-exclusive license if IEEE owns in fact the copyright.

In addition to the official arXiv documentation, you can find also further documentation with screenshots of the submission process.

Zip the LaTeX sources and upload these to arXiv. Note that arXiv cannot handle filenames containing spaces.

https://ieeevis.org/year/2024/info/open-practices/arxiv-first-time-user

Do not forget to add later publisher's DOI

Once you have the DOI of the official publicatipn, the publisher want you to add this DOI to your arXiv submission metadata: In arXiv, use the Journal Ref field or to be more precise, the Journal version DOI: field for this in the arXiv web UI. Even this minor update might also take the usual 1-2 days at arXiv.

University of Iceland, Defend Iceland, Eyvör National Cybersecurity Coordination Centre Iceland (NCC-IS) will have a booth at the public visitor day at at UT messan 2025, the largest IT fair in Iceland. The visitor day is Saturday, 8 February 2025, 11:00-16:00, in Harpa.

We will showcase our cybersecurity lab, i.e. a computer server environment that allows to create virtualised environments to practise cybersecurity activities.

Furthermore, we will have a LEGO model of critical infrastructure in Iceland that show visually when services (that could be a service of a critical infrastructure) get hacked.

In addition, you can try to beat an AI in classification of remote sensing images.

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

ICANN is organising a series of presentations on Internet Security that is hosted at ISCNIC on Thursday, 6th of February 2025, 13:00-16:30:
Details and registration.

Thomas Welsh from the Computer Science department of University of Iceland will be giving a talk there on Threat analysis in cyber-physical systems via topology modelling.

Note: Registration is closed because the maximum number of attendees has been reached. Also note that because of the red weather alert, this event starts 1 hour later, i.e. at 14:00.

This talk is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

The Icelandic government was asking for suggestions how to save money. I submitted together with some colleagues a proposal to use open-source software instead of Microsoft services (submission number 3797 at Samráðsgátt.

The Icelandic text is as follows:

Við fögnum framtaki um að leita til almennings eftir tillögum að sparnaði í ríkisrekstri. Í þessu bréfi bendum við á kostnað sem fylgir því að nota þjónustu Microsoft í stað ódýrari valkosta.

Síðan 2018 hefur íslenska ríkið alfarið nýtt sér þjónustu Microsoft (tölvupóstur, Teams o.s.frv.) sem hefur tvo ókosti:

1. Þessi þjónusta er dýr og með því að festa sig við þjónustu Microsoft verður íslenska ríkið sífellt háðara þjónustu Microsoft sem hefur með tímanum þrengt að öðrum hugbúnaðarframleiðendum (aukið einsleitni) og skapað Microsoft eins konar tæknilegt hreðjatak: Microsoft getur stýrt verði sem greiða þarf fyrir þessar þjónustur og Ríkisendurskoðun hefur nú þegar í samhengi við innleiðingu Microsoft bent á að „væntingar um beinan fjárhagslegan ávinning stóðust ekki“
[ https://www.rikisend.is/reskjol/files/Skyrslur/2023-samningur-rikisins-vid-microsoft.pdf ]

Í þessu samhengi má einnig nefna að Microsoft hefur nú þegar innleitt verðhækkanir í Eyjaálfu og hluta Asíu (Singapúr, Malasíu, Taívan og Tælandi).
[ https://ia.acs.org.au/article/2025/aussies-push-back-against-microsoft-365-price-hikes.html (á ensku) ]

2. Stafrænu fullveldi íslenska ríkisins er ógnað. Þjónustan sem Microsoft býður upp á er hýst utan Íslands og er því tengd um sæstrengi. Sæstrengir geta slitnað (annaðhvort óvart sem slys eða viljandi sem hluti af blönduðum hernaði) og í því tilviki gætu stjórnvöld og allar opinberar stofnanir sem nota Microsoft þjónustur ekki átt tölvupóstsamskipti eða önnur samskipti sem fara fram gegnum þjónustur Microsoft (t.d. myndsímtöl og spjallþræði á Teams) og myndu missa aðgang að skjölum sem geymd eru í Microsoft-skýinu. Annað atriði sem mikilvægt er að hafa í huga tengt stafrænu fullveldi Íslands er að Microsoft er bandarískt fyrirtæki og ekki er hægt að útiloka að bandarísk yfirvöld þvingi Microsoft til að veita þeim aðgang að viðkvæmum samskiptum og skrám íslenska ríkisins. Þekkt er að erlendar leyniþjónustur á borð við Bandarísku þjóðaröryggisstofnunina (NSA) og Samskiptamiðstöð breskra stjórnvalda (GCHQ) skanna alþjóðleg tölvupóstsamskipti. Til að tryggja þjóðaröryggi þurfa innviðir - þekking, tæknikunnátta og búnaður - að vera til staðar hér á landi svo reka megi stafrænar þjónustur á borð við samskiptakerfi. Eftir því sem meira er úthýst, líkt og raunin er með þjónustusamning við Microsoft, þeim mun minni þekking og kunnátta byggist upp hér innanlands.

Við leggjum því til að íslenska ríkið noti frekar opna valkosti í samræmi við stefnu um notkun opins hugbúnaðar.
[ https://www.forsaetisraduneyti.is/media/verkefnisstjorn-radstefna-rafraen-framtid/Frjals_og_opinn_hugbunadur_-_Stefna_stjornvalda.pdf ]
[ https://www.stjornarradid.is/media/innanrikisraduneyti-media/media/Skyrslur/adgerdaaaetlun_fyrir_innleidingu_frjals_og_opins_hugbunadar_lokaskil.pdf ]

Dæmi um slíka nálgun er frumkvæði þýskra stjórnvalda að stafrænu fullveldi: ZenDis (Zentrum Digitale Souveränität):
[ https://interoperable-europe.ec.europa.eu/collection/open-source-observatory-osor/news/centre-digital-sovereignty (á ensku) ]
[ https://zendis.de/ (á þýsku) ]

Zendis hefur þróað OpenDesk sem er opinn hugbúnaður ætlaður stjórnvöldum og stofnunum sem kemur í staðinn fyrir þá Microsoft þjónustu sem nú er notuð af stjórnvöldum.
[ https://opendesk.eu/en/ (á ensku) ]

Jafnvel þó mögulega vakni áhyggjur um að slík sjálfhýst þjónusta sé ekki eins örugg og þjónustan sem er í boði hjá Microsoft, þá verður að taka fram að netöryggiseftirlitsráð Bandaríkjanna hefur gefið út skýrslu um skýjaöryggi Microsoft þar sem fram kom að hópur sem tengist stjórnvöldum í Alþýðulýðveldinu Kína hefur brotist inn í Microsoft skýjakerfið og fengið aðgang að tölvupósti stjórnvalda, þannig að notkun Microsoft þjónustu gæti verið enn óöruggari en þjónusta sem hýst er á Íslandi.
[ https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf (á ensku) ]

Þó að hægt sé að nota opinn hugbúnað sér að kostnaðarlausu þyrfti íslenska ríkið vissulega að greiða tölvunarfræðingum og öðru starfsfólki tengdu upplýsingatækni fyrir umsjón og rekstur hugbúnaðarins. Þetta leiðir til kostnaðar, en búast má við að hann sé lægri* en það sem Microsoft rukkar (vegna þess að Microsoft er hagnaðarmiðað fyrirtæki). Auk þess væri kostnaðurinn í formi launa sem greidd eru til fólks á Íslandi, þ.e.a.s. peningarnir með sköttum haldast á Íslandi. Annar kostur er að þekking og færni skapast til að reka og þróa flókin tölvukerfi á Íslandi.

*Þetta sést til dæmis af reynslu við að reka Reiknistofnun Háskóla Íslands á sínum tíma. Kostnaður jókst við að taka í notkun Microsoft þjónustur.

Anna Helga Jónsdóttir, prófessor í tölfræði við Háskóla Íslands
Ásta Guðrún Helgadóttir, rannsakandi í netöryggi við Háskóla Íslands
Benjamin Hennig, prófessor í landfræði við Háskóla Íslands
Bjarnheiður Kristinsdóttir, lektor í stærðfræði og stærðfræðimenntun við Háskóla Íslands
Esa Hyytiä, prófessor í tölvunarfræði við Háskóla Íslands
Freyja Hreinsdóttir, prófessor í stærðfræði og stærðfræðimenntun við Háskóla Íslands
Helmut Neukirchen, prófessor í tölvunarfræði og hugbúnaðarverkfræði við Háskóla Íslands
Kristján Jónasson, prófessor í stærðfræði við Háskóla Íslands
Matthias Book, prófessor í tölvunarfræði og hugbúnaðarverkfræði við Háskóla Íslands
Orri Vésteinsson, prófessor í fornleifafræði við Háskóla Íslands
Sigrún Helga Lund, prófessor í tölfræði við Háskóla Íslands
Sigurður Örn Stefánsson, prófessor í stærðfræði við Háskóla Íslands
Thomas Welsh, lektor í tölvunarfræði og hugbúnaðarverkfræði við Háskóla Íslands
Valentina Giangreco M Puletti, prófessor í stærðfræði við Háskóla Íslands
Viðar Guðmundsson, prófessor í eðlisfræði við Háskóla Íslands

P.S.: After submitting this text I got aware that the city of Munich, Germany, even offers an Open Source Sabbatical: Professionally qualified programmers can participate in open sourceprojects for a limited time and improve them.

ICANN (the organisation that, e.g., decided that there is an .is top-level domain) will offer a technical training on DNSSEC that is hosted by the Computer Science department of University of Iceland.

DNSSEC uses cryptography to guarantee that not everyone can fake an answer to a request to resolve, e.g. island.is, to an IP address – but only the authoritative owner of that domain will be able to that.

This training is for everyone who now or in future is in charge of a domain and wants to use DNSSEC to secure the address resolution of that domain -- or for those who just want to learn about how the Domain Name System, (DNS) works.

To quote one of our MSc students in Cybersecurity who participated at such a training event last year:
“It was really interesting to see everything that goes into securing the DNS. Really good training with talented experts! Highly recommend going!”

Topics

Introduction / DNS Recap

• Zone Files, Resource Records and roles
• Reverse DNS 
• DNS Resolution Process and debugging
• TSIG and ACL

DNSSEC

• Signing
• Validation
• Non-existence
• Key management
• Chain of Trust
• Policy Considerations
• Setting up validation in a Recursive Server
• Signing Zones (Authoritative Servers)
• DNSSEC operations and maintenance
• Tools: Troubleshooting and Monitoring
• Overview of DANE, TLS and DNSSEC

Labs

• DNS/DNSSEC debugging 
• Zone creation and configuration: primary and secondaries
• Zone signing: manualand automatic  signing
• Establish and confirm chain of trust
• DNSSEC validation (recursive resolver)

Trainer: Ulrich Wisser, ICANN Technical Engagement Manager, Europe

For the labs, you need to bring your own laptop. ICANN will provide you with virtual machines

Dates and Location

Tuesday and Wednesday, 4th and 5th of February 2025, 9:00-17:00, Askja building, University of Iceland

Registration

Limited space available for students (as it is also open for industry people): first-come-first-served.

https://www.icann.org/en/engagement-calendar/details/dnssec-training-at-iceland-university-2025-02-04

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

After a successful first round of Cybersecurity grants for Icelandic SME companies, Rannís
Icelandic Smaller and Middle-size Enterprises (SMEs) can now for a second time apply for cybersecurity-related funding. The call topics are the same as last time:

• strengthening cybersecurity culture and awareness,
• efficient education, research and development,
• secure digital services and innovation,
• stronger law enforcement, defense and national security,
• effective response to incidents, and
• strong infrastructure, technology and legal framework.

This funding is in the context of the ECCC/EU co-funded project Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS). See also the official web page of Eyvör NCC-IS.