Cybersecurity is of national importance, which is evident from the National Cybersecurity Strategy. Norway proposed the following strategic goals to reinforce cybersecurity in society: (i) improve cybersecurity competence of society, (ii) improve societal ability to detect and handle cyber-attacks. These strategic goals can be achievable by providing state-of-the-art research environment, cybersecurity study programmes at Universities and Colleges, professional training courses to advance current cybersecurity professionals. In addition, the strategy emphasizes on public-private partnership, civilian-military collaboration, and international cooperation. To this end, RECYCIN project proposes an international partnership between Norwegian and United States institutions that are at the forefront of research and education in cybersecurity and digital society.
RECYCIN establishes and promotes a long-term strategic partnership on advancing research and education on Cybersecurity of Critical Infrastructures between the project partners: Institute for Energy Technology (IFE), Østfold University College (HiØ), Norwegian University of Science and Technology (NTNU), and Virginia Polytechnic Institute and State University (Virginia Tech). RECYCIN enables the development of cybersecurity competence through providing state-of-the-art research environments, study programmes and industrial training courses. This collaboration also facilitates incorporating state-of-the-art research results and knowledge into educational programmes and facilities, including organizational and human factors aspects of cybersecurity that are traditionally not part of cybersecurity courses.
There is a lack of cyber-physical system testbeds that are easily accessible for cybersecurity research and education especially within Norway. However, such testbeds can advance cybersecurity research and education by providing a realistic simulation platform, among other things, to evaluate cybersecurity methods, models and tools developed, and also to conduct cybersecurity training and awareness programs for future cybersecurity professionals. Therefore, as a part of this project (in 2021), we developed a cyber-physical system testbed based on Fischertechnik industry 4.0 training factory. This in turn would support research and education, among other things, by simulating different type of cyber-attacks, demonstrating their consequences, and generating cyber-attack datasets.
Furthermore, the one-size-fits-all approach currently employed in cybersecurity training and education does not cater specific and varying needs of different end-users and organisation. This makes such training and education ineffective. Therefore, as a part of this project (in 2021), we proposed an approach to elicit end-user preferences using surveys and needs of a specific organisation through interviews. This in turn would help to develop personalized and effective cybersecurity training and education in the future.
Finally, as a part of this project (in 2021), to promote collaboration between institutions and develop a network within cybersecurity, in addition to joint publications, we co-organized a Halden Human-Technology-Organization (HTO) project workshop on cybersecurity. This was organized in collaboration with Halden HTO project, CybWin project (#287808) and Rivne NPP Cyber Security project. This was a virtual workshop which had 49 participants representing 17 companies or organisations. The main focus of this workshop was on aspects related to threat landscape in Nuclear Power Plants (NPPs) and other Critical Infrastructures like power grids. The intended audience of this workshop was those working with cybersecurity related to NPPs, where this workshop provides an arena to share knowledge and also provide inputs to further research in this area. In addition, the other intended audience was students and young researchers that one day might be the candidates to take up such work.
Cybersecurity of critical infrastructure is of national interest and that to safeguard critical infrastructures requires a strong cybersecurity workforce. Norway and many other nations are facing challenges to produce enough cybersecurity professionals to meet the industry and public needs. The necessity for cybersecurity competence is stated as one of the strategic goals in the Norway's National Cybersecurity Strategy. In Norway, few educational institutes have comprehensive cybersecurity programmes or courses, and most available courses are within Information Technology (IT) cybersecurity and not on Industrial Control Systems (ICS) cybersecurity. Moreover, the courses offered in Norway are primarily focused on technological aspects of cybersecurity and have limited scope on organizational and human aspects of cybersecurity.
The RECYCIN project will assimilate the competence and enable the Norway and US partner institutions to support the development of a state-of-the-art cybersecurity academic and research infrastructure. The project will connect education with industry needs and research institutes with higher education institutions to both provide advanced research and education in cybersecurity.
The activities of RECYCIN will support the cooperation between the partners, by:
1. Establishing a roadmap for long-term partnership among the partner institutions, and promoting education, research and innovation to advance next generation cybersecurity in critical infrastructure.
2. Sharing and co-developing undergraduate and graduate course on cybersecurity of critical infrastructure.
3. Sharing and co-developing professional training materials.
4. Developing mobility stays to cross pollinate cybersecurity expertise across the partner institutions. An objective of such exchanges of researchers is to support the development of study courses within cybersecurity at HIØ, NTNU and Virginia Tech.