DATE: 06/12/2024 | 9:00 AM CET
MODE: Hybrid (in person or online)
PHYSICAL LOCATION: University of Oslo (Department of Informatics)
EVENT DESCRIPTION
The SYNAPSE 1st Training Event is an immersive learning experience designed to deepen participants’ understanding of the cybersecurity challenges in today’s energy systems. Hosted by the University of Oslo and accesible both in-person and online, this event is part of a broader European initiative to enhance cybersecurity resilience within critical infrastructure.
Participants will explore the main vulnerabilities within industrial control systems, learning practical approaches to fortify security protocols. This training will cover secure architecture principles, te deployment of intrusion detection systems, and the utilization of automated cybersecurity playbooks. A special focus will be placed on the CACAO security playbooks framework, demonstrating how standardized, interoperable playbooks enhance response efficiency and organizational collaboration. The event also includes a workshop on hardware-accelerated deep learning, featuring hands-on training with the FINN framework to create FPGA-based neural network models for real-time threat detection.
By combining theoretical insights with applied practice, the training empowers attendees to develop and implement robust cybersecurity measures for critical systems. Through a blend of lectures and technical workshops on the above topics, participants will gain invaluable skills for designing and testing security measures within controlled environments, making it an essential training opportunity for students and recent graduates, industry professionals, academics and researchers, and policymakers (interested on the application of standards).
WHAT TO EXPECT
- In this event, Framatome will showcase some of the main vulnerabilities and weaknesses in industrial control systems. Practical knowledge on how to implement robust cybersecurity measures will also be presented. Discussions will include the application of secure architecture principles, emphasizing intrusion detection systems and the integration of cybersecurity measures with existing security protocols. The training will help in developing skills for designing experimental setups for security measures, enabling participants to test and refine security solutions in a controlled environment before full-scale deployment.
- Cybersecurity Playbooks: This training will delve into the importance of playbooks in cybersecurity operations as a means to provide reusable, repeatable, and updatable processes that can effectively speed up threat detection and response, and compliance. As playbooks are deemed a fundamental component to enabling and optimizing your path to security orchestration and automation, we will break down the emerging CACO security playbooks standard focusing on interoperability and the exchange of playbooks across organizations – a paradigm that has already proven its benefits in the realm of cyber threat intelligence. Participants will learn how to create, document, and implement playbooks to improve incident response efficiency and collaboration across organizational boundaries and technological solutions. Key topics include:
the importance of playbooks and standard operating procedures for cybersecurity
understanding the cacao security playbooks framework
developing and exchanging playbooks, including threat intelligence driven playbooks
developing effective cybersecurity playbooks
automating playbook execution (where applicable)
- Hardware-Accelerated Deep Learning IDS: Discover the fundamentals of training a quantized neural network (QNN) model for Intrusion Detection Systems (IDS). Learn how to leverage the FINN framework to design an efficient FPGA hardware accelerator with a streaming dataflow architecture. This approach aims to optimize performance, reduce latency, and enable real-time threat detection in network security applications.
agenda
09:00 – 09:15 Registration & Welcome Coffe
Event Organizers
09:15 – 10:15 Principles of Secure Architecture in Industrial Systems
FRAMATOME
10:15 – 10:30 Coffee Break
10:30 – 12:30 On the use of playbooks in cybersecurity operations and the CACAO standard
University of Oslo
12:30 – 13:30 Lunch Break
13:30 – 14:30 Training session on designing and executing CACAO security playbooks using CACAO Roaster and SOARCA
University of Oslo
14:30 – 14:45 Coffee Break
14:45 – 15:45 Training Session on Hardware-Accelerated Deep Learning IDS
DIENEKES
15:45 – 16:00 Closing Remarks & Feedback Collection
Event Organizers
presenters and trainers
Romarick Yatagha - researcher
Mr. Yatagha is a PhD researcher and cybersecurity specialist with extensive experience in machine learning applications for cybersecurity in industrial control systems and resource-constrained environments. His research interests are anomaly detection, threat intelligence, and secure cloud infrastructure, and he has published in ACM and IEEE conferences. Mr. Yatagha specializes in designing and evaluating advanced defenses against covert timing attacks, adversarial ML, and IoT vulnerabilities bridging theoretical insights with hands-on solutions.
EVEN EILERTSEN - PHD RESEARCH FELLOW
Even is a PhD researcher at the University of Oslo (UiO), specializing in cybersecurity and AI. With a background in the industry as a SOC analyst, security consultant, and enterprise security specialist, Even brings practical expertise to his research. His current work focuses on leveraging Large Language Models (LLMs) to enhance security automation, bridging the gap between cutting-edge AI advancements and real-world security challenges.
MATEUSZ ZYCH - RESEARCHER IN CYBERSECURITY
Mateusz Zych is a CybErsecurity Researcher at the University of Oslo, currently pursuing his PhD in the intersection of CybEr Threat Intelligence (CTI), knowledge representation, and automation, with a strong focus on interoperability. Mateusz actively contributes to the OASIS standard development organization, where he works on advancing industry standards such as Collaborative Automated Course of Action Operations (CACAO), the Threat Actor Context Ontology (TAC), and the STIX & TAXII (CTI). He is also deeply engaged in European cybersecurity efforts, participating in ad-hoc working groups led by the European Union Agency for Cybersecurity (ENISA), particularly on Security Operations Centers and the task force for CybErsecurity Playbooks. Mateusz has played an important role in several high-impact European and national research projects, including H2020, Horizon Europe, and Connecting Europe Facility initiatives. Beyond his research, he actively co-organizes and contributes to international conferences and workshops, fostering collaboration and innovation in the cybersecurity community.
VASILEIOS MAVROEIDIS - ASSOCIATE PROFESSOR
Vasileios Mavroeidis is a Professor of Cybersecurity at University of Oslo, where his research focuses on advancing security automation and threat-informed and collaborative defense. He leverages artificial intelligence to enhance critical aspects of his work, including the representation, reasoning, and exchange of cyber threat intelligence. Vasileios has published numerous scientific papers contributing to the field and has participated in EU research and innovation initiatives enhancing the cybersecurity capacity of critical infrastructure operators, national authorities, and Computer Security Incident Response Teams (CSIRTs). He is also a member of the ENISA (European Union Agency for Cybersecurity) ad hoc working groups on CybEr Threat Landscapes and Security Operations Centers. Vasileios also contributes to standardization efforts by co-chairing the FIRST Automatíon special interest group and the OASIS Threat Actor Context (TAC) and Collaborative Automated Course of Action Operations (CACAO) standardization committees. Other contributions in standardization include Structured Threat Information eXpression (STIX), Open Command and Control (OpenC2), and the globally utilized Traffic Light Protocol version 2. In 2022, OASIS recognized Vasileios with the Distinguished Contributor designation for his work in cybersecurity standardization and open-source projects. In 2023 and 2024, he served on the OASIS board of directors.
ioannis morianos - r&d engineer, research associate
Mr. Ioannis Morianos (male), is a Department of Electrical and Computer Engineering, Technical University of Crete, graduate. He joined the Microprocessor and Hardware Labs as an undergraduate student to elaborate his diploma thesis and now he is an MSc student in the same lab. He is a Research Associate at the DIENEKES SI and his main research interests lie in the fields of hardware acceleration on reconfigurable platforms, embedded systems, and hardware mapping on security/authorization and Machine Learning algorithms.
venue
The training will be held at the Department of Informatics, University of Oslo. Participants who have registered to participate in person will receive further instructions via email.
about synapse
SYNAPSE is a European project that brings together 14 entities from different countries (Spain, Italy, Greece, Germany, Cyprus, Ireland, Norway, Switzerland) to provide an integrated cybersecurity risk management and resilience platform. This platform, attractive for many critical infrastructures, must integrate all those mechanisms that allow addressing the three essential pillars of SYNAPSE: Situational awareness (Pillar-I), incident response (Pillar-II) and preparedness (Pillar-III). To achieve this, multiple technologies, techniques, tools and methodologies are widely considered to drive and foster these 3 pillars, and in some way promote dynamic risk management, proactive detection, monitoring and tracking of attacks, and response against potential threats, offering guarantees of business continuity at all times.