SSF film on Uppsala research in cyber security
As society becomes more digitalised, the need for protection against intrusion and disruption in various control systems is increasing. André Teixeira at Uppsala University is researching methods to improve the security of industrial control systems - meet him in a film about Future Research Leaders by the Swedish Foundation for Strategic Research (SSF).
Today, our electricity grid is controlled by computers and is vulnerable to cyber attacks. This can result in damage, power outages and have serious consequences for systems that control energy production, the transport sector and industry. Researcher André Teixeira at the Department of Information Technology is working on intelligent autonomous decision-making systems that are secure and resilient to cyber threats.
“The goal is to develop methods and tools that help engineers think about the security of their systems and build more secure systems before an attack occurs.”
A couple of years ago, André Teixeira was named one of SSF's SSF Future Research Leaders. In the foundation's new film, he demonstrates an attack where incorrect measurements are sent from sensors to a computer, without being detected and neutralised. There are many different ways an attacker can access a control system, including blocking communication, introducing delays in signals or sending false signals. The attacker can also change their behaviour and adapt to the defender's actions.
“To secure systems, researchers need to think like potential attackers. This means creating models that represent how an attacker would act. Then they switch to the 'defender's hat' and analyse how the system is affected by attacks.”
Ideas from computer security and control engineering
Time is also a critical factor in control systems. We expect information to be delivered on time and techniques such as encryption can increase the delay. This also leads to system performance issues. To solve this, André Teixeira and his research team are combining ideas from computer security with control technology, and developing new methods to detect and prevent attacks.
“The new methods can also be used during the design phase when we create a prototype of a system or a model of the system. We can then use them to assess security or identify areas of the system that need extra protection.”