Adjunct professors series: Mats Näslund
DIGITALISATION ADJUNCT PROFESSORS
The KTH Digitalisation Platform regularly presents adjunct professors in the field of digitalisation, this time Mats Näslund at KTH/FRA.
In which department at FRA are you working and where are you an adjunct professor at KTH?
"I work at the Cyber department at FRA. A major responsibility of Cyber is to provide cyber defense of Sweden and our most valuable IT/information assets against the most serious threats. This implies an ability to protect highly critical infrastructure against state-sponsored attacks. To this end, FRA can deliver what you could label as ”consulting”: performing security analysis of IT systems," Mats Näslund says and continues:
"These services used to be available only to government agencies and state-owned companies, but since last summer, we can assist the private sector too. We can also run security services, i.e. services like intrusion detection, malicious code protection, etc, for our customers. Another FRA-responsibility is that we are by the government appointed to provide competence in cryptology for Sweden’s national needs, and this function is also hosted by Cyber. I probably also need to mention what most people are likely to associate FRA with: the mission related to signal intelligence, serving to protect Sweden from serious external threats from hostile foreign nations, terrorist organisations, etc."
"At KTH, I am hosted by the Theoretical Computer Science group of the Computer Science Department of the EECS school. This group has deep expertise in, among other things, data protection (including cryptography), secure software, formal methods, in particular methods that are able to mathematically prove security properties of systems and protocols. As I’ll explain more in detail below, all of this is 'spot on' for FRA."
What is your research area and how does it relate to the business at FRA?
"My area is called 'Network and system security' and focuses on two main aspects: developing security solutions to satisfy specific needs of Sweden’s critical infrastructure, and, to formally verify the security properties of such solutions (new or old) by applying formal methods. An example could be verifying that a newly developed security protocol really provides the security properties one assumes."
"Since also government users more and more look at using open standards as basis for their digitalisation, it becomes very relevant to understand the extent to which these standards can (and should) be used. Use of 5G mobile technology is often brought up as an example which I personally am highly interested in. FRA has (relatively recently) also started to be active in open, international standardisation so we are highly interested in feeding back the findings from research into various standardisation bodies, e.g. fixing protocols with discovered security issues."
What do you think are the next large (research) challenges you and FRA will face in future and why? Is there an opportunity for KTH researchers that work in the digitalisation domain to help? What competences are you looking for?
"Yes, looking at the competence at KTH, I strongly believe there is. A main challenge is to be able to develop tools and methods that can be used to gain security assurance ('proofs' or other forms of 'evidence') in complex networks and systems, in particular systems that evolve rapidly."
"Let me give an example. The standards body that develop the 5G mobile network solutions meet 4-5 times per year and to each meeting there are somewhere in the neighborhood of 600-800 individual contributions, most of which propose changes to the current version of the standards. Obviously, not all of these actually make it into the standard, but quite a few do. Now, I am not saying the aim should be to verify all of these updates, the point is more to try to do better. Currently, there is hardly any verification done at all, except in some isolated cases such as very low-level cryptographic components or protocols that have already been verified in some other context."
"Another aspect is that the various manufacturers of products can 'get it wrong' when they implement the standards. There is a lot of EU discussion going on how to certify the actual products coming out of the production line. Here, I also think more 'practical', automated tools and methods would be beneficial."
What would be good ways to enhance the collaboration between KTH researchers and FRA/you?
"I think a first step is a higher bandwidth between FRA and the KTH Digitalisation Platform, just getting to know more about what KTH have done/are doing and for FRA to try elaborate on some specific problem areas. Although there is still some amount of confidentiality surrounding FRA’s business, I know there are topics that we can openly discuss."
"I should also mention that FRA is ramping up KTH-collaboration in other ways, for example we are now members of the CDIS-center and plan for an industrial PhD."
How can we approach you and FRA best?
"See above, for example some bilateral meetings/workshops to start with."
Mats Näslund's KTH profile
More adjunct professors interviews