The cybersecurity projects Eyvör NCC-IS and ICEDEF partnered with the Icelandic HPC Community Workshop event series.

At the 13th Icelandic HPC Community Workshop we have a couple of cybersecurity talks:

• Geir Olav Dyrkolbotn (NTNU): Strengthening the Defence of Norway through knowledge
• Skeggi Thormar (Upwind): eBPF and Cyber Security
• Tom Welsh (University of Iceland): Adaptive Inspection of Industry 4.0 Supply Chains for Fraud Detection

December 13, 2023 5:00 PM, Gróska, Bjargargötu 1, 102 Reykjavik – Entrance A, 1st Floor, Room Fenjamýri

See the agenda for more details.

Update: The position is not vacant anymore.

Field of Work:

The department of Computer Science in the School of Engineering and Natural Sciences at the University of Iceland seeks applicants for a post-doctoral researcher in the area of Secure Software Engineering and Vulnerability Reporting Programmes to work as part of the Digital Europe Programme project Defend Iceland ICEDEF.

The position is initially funded for 2 years with possibility of extension.

The ICEDEF project involves the creation of a national vulnerability reporting web portal and associated services for paying bounties to ethical hackers for discovering these vulnerabilities. Once vulnerabilities are reported there are challenges in effectively integrating (and verifying the effectiveness) of the fixes into the software development life cycle. Technical challenges include poor observability of the software supply chain and an inability to affect it due to change, intellectual property, proprietary development pipelines, 3rd party libraries and infrastructure, etc. Social challenges are related to the impact of identified vulnerabilities on business continuity and clearly translating the results and impact to industry partners and stakeholders.

The responsibilities of the role are envisioned to include:

Developing and implementing a research project in vulnerability reporting programs.
Education of secure development practices and software vulnerabilities to stakeholders.
Assisting in the organisation of security events such as hackathons and workshops.
Contributing to the maintenance of cybersecurity research infrastructure.
Supervising research assistants.

Qualification requirements:

PhD in Computer Science, Software Engineering or related to Cybersecurity more broadly.
Proficiency in English.
Strong communication skills and the ability to work both individually and in groups.

Beneficial:

A strong publication history in high-quality software engineering and/or security journals and conferences. (e.g. IEEE and ACM).
Experience in developing, delivering, and innovating in cybersecurity and software engineering education.
Experience in server administration including virtualisation and cloud tools.
Application:

Interested parties should, in the first instance, send a CV and covering letter explaining their motivation for applying and their research interests in software engineering and/or cybersecurity via e-mail to Dr. Tom Welsh (tomwelsh@hi.is) and Dr. Helmut Neukirchen (helmut@hi.is).

For an informal discussion regarding research topics, responsibilities, or Iceland in general prior to this please feel free to contact Tom or Helmut as above.

Work Environment:

The University of Iceland is a flourishing community of knowledge in the heart of Reykjavik. A modern, diversified, and rapidly developing state university, it offers opportunities for study and research in over 400 programmes spanning most fields of science and scholarship.
https://english.hi.is/

The University of Iceland's School of Engineering and Natural Sciences employs about 390 people in teaching and research. The School offers an exciting working environment where about a quarter of all employees and graduate students are international. The School has about 2000 students, with about 800 students in the Faculty of Industrial Engineering, Mechanical Engineering and Computer Science.
https://english.hi.is/school_of_engineering_and_natural_sciences

The Department of Computer Science is located in the University Science Park's new "House of Ideas" together with a vibrant community of startup and tech companies of all sizes.

Iceland participates in many cooperative European programmes, such as Horizon Europe and the Digital Europe Programme. The country consistently ranks at or close to the top of the Human Development Index, Global Gender Gap Index, LGBT Equality Index and Global Peace Index. For more information on living and working in Reykjavik, see https://www.reykjaviksciencecity.is/ and https://english.hi.is/international_staff_services

While we had the the Icelandic National Coordination Centre (NCC-IS) for Cybersecurity established already in 2022, it got now even stronger by benefiting since October 2023 from a two year co-funding via the Digital Europe Programme. We even gave it an Icelandic name: Eyvör – National Cybersecurity Coordination Centre of Iceland. Eyvör NCC-IS will raise awareness and foster education in Iceland in the field of cybersecurity.

For more info, see also my research page on Eyvör NCC-IS.

Another project has started in November 2023 with three year co-funding via the Digital Europe Programme: ICEDEF – Defend Iceland. The ICEDEF project involves the creation of a national vulnerability reporting web portal and associated services for paying bounties to ethical hackers for discovering these vulnerabilities. (Our research shows that vulnerability reporting needs to be improved in Iceland.) The Icelandic Defend Iceland web page gives an idea how that could look like (do not get confused by that fact that on some screenshots depicted on that web page, still the old working title Hack Iceland is used).

Once vulnerabilities are reported there are challenges in effectively integrating (and verifying the effectiveness) of the fixes into the software development life cycle and University of Iceland will take care of this together and educate stakeholders about secure development practices and software vulnerabilities, e.g. via security events such as hackathons and workshops.

For more info, see also my research page on ICEDEF.

Vacancy: We are hiring a postdoc for ICEDEF: please contact me or our new cybersecurity professor Tom Welsh.

On Saturday, 30. September 2023, 13:00-18:00, there was Vísindavaka 2023, the Icelandic family-friendly-during-daytime edition of European Researchers' Night 2023 at Laugardalshöll.

With 6500 visitors, we had even more guests than last year. The Computer Science department of University of Iceland had a booth there, showcasing some of their research:

• Cybersecurity: Eyvör/NCC-IS, the National Coordination Centre Iceland for Cybersecurity will start 1st of October with full force using co-funding from the European commission. The Computer Science department of University of Iceland is part of it and we will show three pieces to raise awareness:
• Has my user info (in the worst case: my password) been leaked? Look up who else owns your login data: https://haveibeenpwned.com
  Note: if your data shows up there to have been leaked, then this is not your fault, but the fault of the website that was storing your data in an insecure manner and you should change your password at that website (also check whether the password has been leaked or only, e.g., your email adress). However, it is your fault if you use the same password for multiple websites: should your password leak from one website, criminals will try that password on other websites and will have success if you use the same password there. Use different passwords for different services. Even better: use multifactor authentication, i.e. not just a password that can be easily leaked, but in addition something that can be less easily stolen, such as your phone: an authenticator app running on it, an SMS sent to your phone number, or the Icelandic digital ID on your SIM card.
• An online quiz on how good you are at identifying phishing emails, i.e. emails trying to trick you into providing information, e.g. passwords: https://cybersecuritymonth.eu/quiz (Note: solutions not provided online -- you need to visit us to get hints where you were wrong and where you were right!)
• A flyer for kids: Hvernig á að vera öruggur á netinu
• CoE RAISE (Centre of Excellence for Research on AI- and Simulation-Based Engineering at Exascale) gives a glimpse into artificial intelligence by using a neural network that runs purely in your browser without any connection to a super computer. Simply use the camera of your smartphone (or laptop) to detect objects in real-time -- just open the following web page and allow your browser to use the camera: https://nvndr.csb.app/
  
  (Allow some seconds, up to a minute, for loading the trained model and initialisation.)
• Interaction design with sketches on a huge touch screen:
• A 3D scanner that scans the shape of your ear: used in CoE RAISE in order to find with AI out how the shape of your ear influences how you hear from different directions.
  
• A remote sensing demonstration that relates also to work done in CoE RAISE where neural networks are used to classify land cover from satellite images: Compete against a neural network to classify land cover!
  
• Quantum computing: a new piece to show, therefore no photos yet -- you really need to come and see!

See you at Laugardalshöll!

As the typical advertisement for a PhD student position has some statement like "salary according to wages contract", an applicant does not know what this means in practise for the salary to expect.

Currently, the union responsible for PhD students at University of Iceland is Félag háskólakennara / Association of University Teachers. They made a contract with University of Iceland. For the latest version, check for Stofnanasamningur Fh og HÍ. In the version from 5. March 2021, you find in Section 4.3 that PhD students (doktorsnemar) get salary level 030. The first two digits are the y axis in the salary table and the last digit is the x axis.

There are two salary tables, one for academic staff, i.e. those who have a PhD ("A 696") and another one for administrative staff ("S 695") -- note that these cryptic numbers are sometimes used a pre-fix in front of the salary level, e.g. "695 030". As PhD students have not yet a PhD degree, rather the non-academic, i.e. the administrative staff salary table applies, so you need to look at Launatafla stjórnsýslu.

The most recent salary table is from 1. April 2023. Take care to have in that spreadsheet the tab "Mánaðarlaun" opened to get the monthly salary. There, you will find that salary level 030 gives you 462 586 kr. per month (as of 1. April 2023.). This is before taxes, so feeding this into a tax calculator gives 361 867 kr. after taxes (as of the tax system valid at time of writing, i.e. 2023).

P.S.: As postdoc (Icelandic term: nýdoktor), the academic salary table applies and you have at least salary level 061 (which is 662 090 kr. in the salary table at time of writing). But for academic staff, in fact an evaluation system applies where the salary depends on the amount of publications that you accumulated over your life. Each publication gives points (for details do a web search for "Evaluation System for Public Higher Education Institutions") and the Table 2.3 in the Stofnanasamningur Fh og HÍ shows a mapping of points to salary levels. While if your PhD is 5 years or longer ago, your are not called a postdoctoral fellow anymore, but a research specialist, but this alone does not increase your salary level.

To the best of my knowledge, we had just the first M.Sc. thesis in cybersecurity defended at the Computer Science department of the University of Iceland. (There were earlier cybersecurity-related theses, e.g., at the school of Social Sciences.)

The topic was: The state of cybersecurity vulnerability reporting in Iceland.

Read the thesis PDF or watch the defense on YouTube:

Friday, 25.8.2023, 15:00, room Ada, in Gróska, 3rd floor is an information meeting on the new joint cybersecurity master's programme.

You can find more info here: https://uni.hi.is/helmut/cybersecurity/

The HYUNDAI/KIA/GENESIS models have a "hidden" engineering mode that can be used to, e.g., find out manufacturing date or software versions (you can also reset settings -- which you probably want to avoid).

Entering engineering mode seems to differ from region to region and also from head unit firmware version, here are the instructions for European models up to (Dec 2022) 221223 versions:

1. Switch from air condition panel to navigation and radio panel
2. Switch radio on (probably to FM)
3. Turn the volume dial to 7
4. Press the other dial (marked "FILE")
5. Turn the volume dial to 3
6. Press the other dial (marked "FILE")
7. Turn the volume dial to 1
8. Press the other dial (marked "FILE")
9. Now, some number buttons are displayed to enter a secret number code
10. The number code varies from head unit (AKA center display) version to version. For the Nov 2022 (221129) and Dec 2022 (221223) versions, the number code is: 1950 0624

This info can be found, e.g., on YouTube:

For European models up to Dec 2022 (221223) versions:

I have yet to try how it works for the Jun 2023 (230601) version that does not seem to use the volume dial method anymore, but some very specific touch locations (and then, then number code 19450815)

For example, using the versions displayed in Engineering Mode, you can see that service action SA533 "VCU Software Upgrade for i-Pedal Operation" did update the VCU version from, e.g., 5.10 to 5.12, but none of the other ECUs firmwares get updated.

Using an OBD port adapter and the Car Scanner app for Android, you can even get further information use the Car Scanner feature for an ECU dump (ECU information from the main screen) which contains version numbers as well. After the ICCU software update, I should be able to see the version numbers changing. Update: after the Service Campaign SC271 ICCU update, I have exactly the version number of before and after as shown in this video (except that I have a 3 days younger ECU manufacturing date (HEX): 20210906). But I later read that the ICCU update does not really solve the ICCU issues, but mainly improves reporting the issue, so that the owner has more time before the car stops moving because of the dead ICCU; but at least also that software improvements will improve calibration values and preventing fuse from going burned.

Reykjavik University and University of Iceland have each an open position for a professor in cybersecurity.

The advertisement of the position at University of Iceland can be found at Euraxess, at University of Iceland, and here below:

Assistant Professor in Cyber Security

The department of Computer Science in the School of Engineering and Natural Sciences at the University of Iceland seeks applicants to fill an assistant professor position in computer science with a specialisation in cybersecurity within the Faculty of Industrial Engineering, Mechanical Engineering and Computer Science.