With the expansion of cyber-physical systems (CPSs) across critical and regulated industries, systems must be continuously updated to remain resilient. At the same time, they should be extremely secure and safe to operate and use. The DevOps approach caters to business demands of more speed and smar...

The modernisation of the power grid is ongoing, and the level of digitalisation of the power grid in, say, ten years may be quite different than today. Cyber security needs will change correspondingly. In this paper we utilise a qualitative research approach to explore misuse cases related to three ...

This paper documents the results of an empirical study of cyber incident response readiness in the Norwegian petroleum industry. The study addressed the Computer Emergency Response Team (CERT) capacity among various actors in the industry in handling critical cybersecurity incidents in industrial co...

Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have ina...

The use of IoT devices in the future electricity domain (known as the smart grid) has numerous benefits, such as improved reliability of the power system, enhanced functions of SCADA (Supervisory Control and Data Acquisition), improved monitoring and management of operational power grid assets, and ...

Threat modelling is considered a key activity in secure software engineering. However, despite its documented benefits it has not (yet) been widely adopted by agile software development projects. In this paper we present results from a qualitative study of how it is performed in practice by four dif...