On Saturday, 27. September 2024, 12:00-17:00, there is Vísindavaka 2025, the Icelandic family-friendly-during-daytime edition of European Researchers' Night 2026 at Laugardalshöll.

The Computer Science department of University of Iceland will have booths there, showcasing our research. Watch out for updates and visit our booth.

Gagnabær ("Datatown") digital twin that visualises cyber attacks in Iceland. (Photo from Vísindavaka 2024)

Real-time object detection: AI trained on a supercomputer, but running locally in the browser of your smartphone. (Photo from 2022)

Our booths at the previous European Researchers' Nights:

• European Researchers' Night 2024 / Vísindavaka 2024
• European Researchers' Night 2023 / Vísindavaka 2023
• European Researchers' Night 2022 / Vísindavaka 2022

Parts of this event are in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

Eyvör NCC-IS, the National Coordination Centre for Cybersecurity in Iceland is holding on 11 September 2025, 08:30-12:30, an event on Cybersecurity: From Grants to Impact (registration needed). Those who got grants from Eyvör NCC-IS for increasing cybersecurity will present their results.

The Icelandic minister for infrastructure and the director of the European Cybersecurity Competence Centre and Network (ECCC) will attend and the agenda is:

08:30 Coffee & Registration
09:00 Opening – Mr. Hrafnkell Gíslason, Managing Director of ECOI
09:10 Eyjólfur Ármannsson, Minister of Infrastructure
09:20 Luca Tagliaretti, Executive Director at ECCC
09:50 Hörn Valdimarsdóttir covers the Defend Iceland success story
10:00 Break
10:10 Grant Projects: Brief Presentations, first part
11:00 Break – Coffee and refreshments
11:20 Grant Projects: Brief Presentations, second part
12:05 Eyjólfur Eyfells at Rannís covers the Application Process and Eligibility
12:30 Closing

The next call for grants will be open 1. October to 1. December 2025: check out at Rannís.

Photo from after the event: Eyvör NCC-IS members together with ECCC executive director Luca Tagliaretti

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

While I am teaching to use AI coding assistant, there have been recently two studies published that give an indication that AI coding assistants do actually decrease productivity:

• Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity
• Where's the Shovelware? Why AI Coding Claims Don't Add Up

One aspect is that developers learn over time about the project that they are working on whereas LLMs have been trained once and will always start from scratch in a project where they are used as coding assistants.

We presented an update on our cybersecurity activities to industry and students at the 21st Icelandic HPC Community Workshop August 28, 2025.

We covered there the joint MSc. programme in cybersecurity, our research, and the Digital Europe Programme projects Eyvör NCC-IS, the National Coordination Centre for Cybersecurity in Iceland and Defend Iceland, including the European network of NCCs and the European Cybersecurity Competence Centre (ECCC).

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

On 11th of July 2025, participants of the Children's university (Háskóli unga fólksins) visited the Computer Science department. We did there a mini tabletop exercise on critical infrastructure in Iceland and after that authentication was discussed, e.g.:

• do not use the same password everywhere (if your password got stolen it will by tried at all kinds of services, so if you use the same password everywhere, all services can be accessed using your identity,
• use two factor authentication: even if your password got stolen, an attacker would still need the second authentication factor, e.g., would need to steal your phone that contains some authentication app as second factor in addition to your password.

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

The cybersecurity collaboration of University of Iceland and Reykjavik University will open their Frostbyte cybersecurity laboratory and students will present results from their cybersecurity projects.

When: 23 May 2025, 9:00-13:45

Where: Reykjavik University – Lecture room Mars M122

Registration needed (to qualify for food), see also https://www.frostbyte.is/news/

This event is also announced on the RU webpage and on the UoI webpage in Icelandic and English.

Group photo of participants

Best Student Presentation award winners. From left to right: Prof. Helmut Neukirchen, Student Presentation award winner Birgir Sigurðsson (both University of Iceland), Student Presentation award winners Marteinn Lundi Kjartansson and Emilía Maidland from Reykjavík University.

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

While the deadline for our M.Sc. programmes in Tölvunarfræði/Computer Science, Hugbúnaðarverkfræði/Software Engineering, and Reikniverkfræði/Computational Engineering have passed, you can still enroll into or B.Sc. programmes.

So, if you wanted to enroll into one of our M.Sc. programmes, but missed the deadlines: just enroll into a related B.Sc. programme (e.g. Iðnaðarverkfræði/Industrial Engineering) which allows you to take courses, including the M.Sc. courses of the M.Sc. programme that you were aiming for. In some cases, you need to talk to the teachers of these courses to get admitted as a non-B.Sc. student (but this should not be a problem if you can show that you have already the B.Sc. degree that is assumed for that course). You can then still change next year into your desired M.Sc. programmes and get your M.Sc. courses that you already took accounted.

The coalition agreement of the new Government that is forming aims at more digital surveillance (e.g. data retention in telecommunication, face and number plate recognition). While this is not good for privacy, at least IT security gets legal certainty:

In the Germany, there is the problem that IT security researchers who report vulnerabilities to companies (Responsible Disclosure) are sometimes sued by these companies based on a German legislation that was supposed to make breaking into IT systems a crime. I signed a petition of IT security researchers to change that legislation in order to prevent that Responsible Disclosure can be made a crime. The hope was that the currently forming government will change legislation and indeed:

The new coalition agreement covers cybersecurity at some places in an abstract manner and also includes the above legislative change:

Cyberstrafrecht, Deepfakes, Strafbarkeit Plattformbetreiber und Hackerparagraph
Wir reformieren das Cyberstrafrecht und schließen Strafbarkeitslücken, zum Beispiel bei bildbasierter sexualisierter Gewalt. Dabei erfassen wir auch Deep Fakes und schließen Lücken bei deren Zugänglichmachung gegenüber Dritten. Wir verschärfen die Sanktionsmöglichkeiten gegenüber Plattformen, insbesondere bei systemischen Mängeln bei der Entfernung strafbarer Inhalte. Wir werden im Computerstrafrecht Rechtssicherheit für IT-Sicherheitsforschung schaffen, wobei wir Missbrauchsmöglichkeiten verhindern.

Research trip/Vísindaferð is a visit to learn about companies (also as future employers) and to learn about the science behind the products that they develop. Often, these are organised by student associations as a social event.

This time, our student association Nörd visited not a company, but their teachers at the Computer Science department to learn about the research done there -- to get an idea of topics that they could do later as M.Sc. students.

I presented the following short slide deck on Software Engineering research area and the Cybersecurity M.Sc. specialisations.

Video showing the installation of a buoy: due the results of a student's M.Sc. thesis, the location can be obtained with centimeter precision and even without mobile phone coverage: an internet connection at the shore can be relayed via LoRaWAN several dozens of kilometers. Note that the linked video goes into archiving mode if it has not been viewed for two years.

The above video shows the results of the M.Sc. thesis Design and Implementation of a Buoy Positioning and Monitoring System Using Differential GNSS and LoRaWAN.

Earlier this year, I have suggested together with other colleagues to the Icelandic government to use open-source software in order to save money. While we mentioned there already the opportunity to gain digital sovereignty, this has become even more important with the new administration in the U.S., i.e. being dependent on Microsoft or any other US software provider can be dangerous, because a "kill switch" could lead to making US software stop working and loosing access to your data that is stored in the cloud of an US company. Note that also European companies that use internally US-services are affected, e.g. while Spotify is Swedish, it uses both the Google and Amazon cloud for delivering their services. (And of course, this is not just about US services, but also about US operating systems, i.e. Microsoft Windows, Apple OS and iOS, and also the Google service in Android which might be a motivation to use Android without any Google services. Also everything with a firmware, e.g. a WiFi router or the BIOS of a computer, might either already have or get via firmware update a kill switch. While people got already sensitive concerning hardware from China, this could apply also to hardware that is developed elsewhere.)

The Dutch parliament just approved a series of motions calling on the Dutch government to reduce dependence on U.S. software companies.

Also, if you check the accesses to the web page of european-alternatives.eu you see that the interest European alternatives for digital service and products is rapidly increasing since mid of January 2025, i.e. when the new US administration came into office.

Currently, the Icelandic government is drafting a bill on the future IT system for the Icelandic administration:

• A draft of a new bill has been made. While the 9 articles of the bill itself are very abstract (but give the finance minister more power on deciding centrally on the IT system), the justification that follows towards the end is more interesting to read.
• The first reading was held at the parliament. While Microsoft has been mentioned a couple of times, also Open-Source was mentioned once.

The question is whether a system like Stafrænt Ísland ("Digital Iceland") is created where Icelandic companies win tenders offered by the state and then develop software for the island.is portal (that can be used to access digital government services) (and the developed software is even made available as open-source) or whether one gigantic Microsoft solution is introduced.

In fact, other states are already working on digital sovereignty, for example the German Zentrum Digitale Souveränität, or short: ZenDis, that is working on OpenDesk which is an open-source solution intended for governments and other public institutions as alternative to Microsoft services that are currently used. The German Army just signed a seven year framework contract with ZenDis to introduce OpenDesk.

Therefore, it would be exciting to see the Icelandic government offering tenders for integrating such software into the Icelandic government IT landscape and have then Iceland teams win these tenders. By this, digital sovereignty is achieved and Icelandic tax money stays in Iceland instead of feeding the big US tech companies and expertise is created and stays in Iceland.

I did not find that draft bill number 141 in the comment system of the parliament (umsagnagátt), but the above justification refers to comments that have been made earlier.

Update 10 Apr 2025:

Seem that I missed the window for comments: On 27.03.2025, a request for comments was issued and the deadline was til 06.04.2025. stakeholders have been asked for comments and comments came in right now.

P.S.: The Mozilla subsidiary Thunderbird has just announced that they will be offering Thundermail and Thunderbird-pro services" as an alternative too Google's GMail and Microsoft's Office365. Note that while the Thundermail web mail service is probably hosted in some cloud related to an US provider, the underlying software is supposed to become open-source so that you can host this on you own hardware. (This is anyway based on Stalwart that already provides such an open-source solution. In contrast to Mailcow it might be more commercial. A technical comparison can be found on reddit.

Update 19 May 2025:
Microsoft blocked the email account of Chief Prosecutor of the International Court of Justice after Trump's sanctions.. So, all the concerns became already reality.