After successful two rounds of Cybersecurity grants for Icelandic SME companies, Icelandic Smaller and Middle-size Enterprises (SMEs) can now for a third time apply for cybersecurity-related funding. The call topics are the same as last time:

• strengthening cybersecurity culture and awareness,
• efficient education, research and development,
• secure digital services and innovation,
• stronger law enforcement, defense and national security,
• effective response to incidents, and
• strong infrastructure, technology and legal framework.

There is a meeting organised by Rannís:

17. November 2025, 9:00-10:15 at Arion Banki, Borgartúni 19, room Þingvellir.

This funding is in the context of the ECCC/EU co-funded project Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS). See also the official web page of Eyvör NCC-IS.

We have two research papers accepted: one at the 3rd International Conference on Foundation and Large Language Models (FLLM2025) and one at the 12th IEEE International Conference on Social Networks Analysis, Management and Security (SNAMS-2025) -- both conferences are co-located, saving CO2 footprint as only one presenter needs to fly to Vienna in order to present both papers.

• Adetayo Adebimpe, Helmut Neukirchen, Thomas Welsh
  SBASH: a Framework for Designing and Evaluating RAG vs. Prompt-Tuned LLM Honeypots.
  The 3rd International Conference on Foundation and Large Language Models (FLLM2025), IEEE, to appear 2025.
  Download Postprint DOI: 10.48550/arXiv.2510.21459
• Thomas Welsh, Kristófer Finnsson, Brynjólfur Stefánsson, Helmut Neukirchen
  Towards Socio-Technical Topology-Aware Adaptive Threat Detection in Software Supply Chains.
  The 12 International Conference on Social Networks Analysis, Management and Security (SNAMS 2025), IEEE, to appear 2025.
  Download Postprint DOI: 10.48550/arXiv.2510.21452

This research is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

I found a nice visualisation of the most common 4-digit PIN numbers, based on 3.4 million PIN numbers from several data breaches: The 20 most common numbers make up 27% of the commonly used PIN numbers, i.e. from those 3.4 million PIN numbers used by people, more than a quarter were from this set of 20 PINs.

	PIN	Freq
#1	1234	10.713%
#2	1111	6.016%
#3	0000	1.881%
#4	1212	1.197%
#5	7777	0.745%
#6	1004	0.616%
#7	2000	0.613%
#8	4444	0.526%
#9	2222	0.516%
#10	6969	0.512%
#11	9999	0.451%
#12	3333	0.419%
#13	5555	0.395%
#14	6666	0.391%
#15	1122	0.366%
#16	1313	0.304%
#17	8888	0.303%
#18	4321	0.293%
#19	2001	0.290%
#20	1010	0.285%

A more detailed analysis is also provided, e.g. dates are also likely, either years or MMDD / DDMM (Month, Day / Day, Month).

Rule of thumb: what comes into your mind as easy to remember (e.g. birth dates) is what also comes into the mind of others -- and might therefore be tried by someone guessing your PIN code. So: do not use these!

After successful two rounds of Cybersecurity grants for Icelandic SME companies, Icelandic Smaller and Middle-size Enterprises (SMEs) can now for a third time apply for cybersecurity-related funding. The call topics are the same as last time:

• strengthening cybersecurity culture and awareness,
• efficient education, research and development,
• secure digital services and innovation,
• stronger law enforcement, defense and national security,
• effective response to incidents, and
• strong infrastructure, technology and legal framework.

This funding is in the context of the ECCC/EU co-funded project Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS). See also the official web page of Eyvör NCC-IS.

On Saturday, 27. September 2024, 12:00-17:00, there was Vísindavaka 2025, the Icelandic family-friendly-during-daytime edition of European Researchers' Night 2026 at Laugardalshöll in Reykjavik.

The Computer Science department of University of Iceland had a couple of booths there, showcasing our activities in a way accessible for the general public.

Gagnabær ("Datatown") digital twin that visualises cyber attacks in Iceland. A LEGO model of Iceland representing critical infrastructure that is subject to attacks. Each time, a service on our Internet-connected computer is attacked via the Internet from anywhere in the world, a light goes off. So when all Iceland turns dark in our Lego model, then you know that all of our services are currently being attacked at the same time. We use just a dummy sample server, but in fact, it could be your computer or a power plant that is attacked. This relates to ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

AI trained on a supercomputer, but running locally in the browser of your smartphone.

The European Digital Innovation Hub Iceland (EDIH-IS) and the EuroCC co-funded National Competence Center (NCC) Icelandic High-Performance Computing (IHPC) provide give a glimpse into artificial intelligence by using a neural network that runs purely in your browser without any connection to a super computer. Simply use the camera of your smartphone (or laptop) to detect objects in real-time -- just open the following web page and allow your browser to use the camera: https://uice.is The used approach is a Single Shot Detector (SSD) (the percentage shows how sure the neural network is about the classification) using the Mobilenet neural network architecture. The dataset used for training is COCO (Common Objects in Context), i.e. only objects of the labeled object classes contained in COCO will get detected. The Javascript code that is running in your browser uses Tensorflow Lite and its Object Detection API and model zoo.

Another application of object detection (combined with object tracking): the organisers of the European Researcher's Night asked me to count the number of visitors by having a camera at the entrance that counts people entering and exiting. This was not showcased at a booth, but ran GDPR compliant (counting was done in real time and no video was recorded) in the background. As the camera was low resolution, the software had however some issues and was more reliable in counting people exiting than entering. Anecdotal evidence suggest, that children were not counted as these were simply too few pixels to be detected. It remains to be found out whether a higher resolution camera would improve the situation.

Beat the AI! A remote sensing demonstration that relates also to work done in EDIH-IS and IHPC where neural networks are used to classify land cover from satellite images, (Photo from Vísindavaka 2022)

In addition, we will have a booth on quantum computing -- this relates to our quantum encryption education activities as part of ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS), but also to EDIH-IS and IHPC as quantum computing might be the future of supercomputing.

Our booths at the previous European Researchers' Nights:

• European Researchers' Night 2024 / Vísindavaka 2024
• European Researchers' Night 2023 / Vísindavaka 2023
• European Researchers' Night 2022 / Vísindavaka 2022
• No 2020 nor 2021 European Researchers' Nights due to COVID pandemic
• European Researchers' Night 2019 / Vísindavaka 2019

Parts of this event are in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

Eyvör NCC-IS, the National Coordination Centre for Cybersecurity in Iceland is holding on 11 September 2025, 08:30-12:30, an event on Cybersecurity: From Grants to Impact (registration needed). Those who got grants from Eyvör NCC-IS for increasing cybersecurity will present their results.

The Icelandic minister for infrastructure and the director of the European Cybersecurity Competence Centre and Network (ECCC) will attend and the agenda is:

08:30 Coffee & Registration
09:00 Opening – Mr. Hrafnkell Gíslason, Managing Director of ECOI
09:10 Eyjólfur Ármannsson, Minister of Infrastructure
09:20 Luca Tagliaretti, Executive Director at ECCC
09:50 Hörn Valdimarsdóttir covers the Defend Iceland success story
10:00 Break
10:10 Grant Projects: Brief Presentations, first part
11:00 Break – Coffee and refreshments
11:20 Grant Projects: Brief Presentations, second part
12:05 Eyjólfur Eyfells at Rannís covers the Application Process and Eligibility
12:30 Closing

The next call for grants will be open 1. October to 1. December 2025: check out at Rannís.

Photo from after the event: Eyvör NCC-IS members together with ECCC executive director Luca Tagliaretti

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

We presented an update on our cybersecurity activities to industry and students at the 21st Icelandic HPC Community Workshop August 28, 2025.

We covered there the joint MSc. programme in cybersecurity, our research, and the Digital Europe Programme projects Eyvör NCC-IS, the National Coordination Centre for Cybersecurity in Iceland and Defend Iceland, including the European network of NCCs and the European Cybersecurity Competence Centre (ECCC).

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

On 11th of July 2025, participants of the Children's university (Háskóli unga fólksins) visited the Computer Science department. We did there a mini tabletop exercise on critical infrastructure in Iceland and after that authentication was discussed, e.g.:

• do not use the same password everywhere (if your password got stolen it will by tried at all kinds of services, so if you use the same password everywhere, all services can be accessed using your identity,
• use two factor authentication: even if your password got stolen, an attacker would still need the second authentication factor, e.g., would need to steal your phone that contains some authentication app as second factor in addition to your password.

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

The cybersecurity collaboration of University of Iceland and Reykjavik University will open their Frostbyte cybersecurity laboratory and students will present results from their cybersecurity projects. Also, the European Cybersecurity Competence Centre (ECCC) will be introduced as well as the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

Where: Reykjavik University – Lecture room Mars M122

Registration needed (to qualify for food), see also https://www.frostbyte.is/news/

This event is also announced on the RU webpage and on the UoI webpage in Icelandic and English.

Group photo of participants

Best Student Presentation award winners. From left to right: Prof. Helmut Neukirchen, Student Presentation award winner Birgir Sigurðsson (both University of Iceland), Student Presentation award winners Marteinn Lundi Kjartansson and Emilía Maidland from Reykjavík University.

This event is in the context of our cybersecurity activities and the ECCC/EU co-funded projects ICEDEF – Defend Iceland and Eyvör – the National Cybersecurity Coordination Centre of Iceland (NCC-IS).

The coalition agreement of the new Government that is forming aims at more digital surveillance (e.g. data retention in telecommunication, face and number plate recognition). While this is not good for privacy, at least IT security gets legal certainty:

In the Germany, there is the problem that IT security researchers who report vulnerabilities to companies (Responsible Disclosure) are sometimes sued by these companies based on a German legislation that was supposed to make breaking into IT systems a crime. I signed a petition of IT security researchers to change that legislation in order to prevent that Responsible Disclosure can be made a crime. The hope was that the currently forming government will change legislation and indeed:

The new coalition agreement covers cybersecurity at some places in an abstract manner and also includes the above legislative change:

Cyberstrafrecht, Deepfakes, Strafbarkeit Plattformbetreiber und Hackerparagraph
Wir reformieren das Cyberstrafrecht und schließen Strafbarkeitslücken, zum Beispiel bei bildbasierter sexualisierter Gewalt. Dabei erfassen wir auch Deep Fakes und schließen Lücken bei deren Zugänglichmachung gegenüber Dritten. Wir verschärfen die Sanktionsmöglichkeiten gegenüber Plattformen, insbesondere bei systemischen Mängeln bei der Entfernung strafbarer Inhalte. Wir werden im Computerstrafrecht Rechtssicherheit für IT-Sicherheitsforschung schaffen, wobei wir Missbrauchsmöglichkeiten verhindern.