PhD position in Security of Industrial Control Systems at The University of Twente

Deadline: July 15th, 2012
Open to: students holding a master degree in computer science or closely related discipline and know English fluently
Remuneration: € 2042 – € 2612


As project partner of the newly starting EU FP7 cooperative research project CRISALIS, the University of Twente is searching for a suitable candidate to be involved in research activities of this project. The project already started May 2012 and suitable candidates are requested to apply immediately. Candidate selection will continue until the position is filled.
The CRISALIS project aims at providing new means to secure critical infrastructure environments from targeted attacks, carried out by resourceful and motivated individuals. The recent discovery of the Stuxnet malware shows that these threats are already a reality. Their success in infiltrating Critical Infrastructure environments is calling attention on the ineffectiveness of standard security mechanisms at detecting them. Stuxnet is believed to have been operating undetected for almost one year leveraging multiple vulnerabilities that were previously unknown, and has been discovered only as a consequence to an operational anomaly that triggered the attention of the field operators. This fact clearly shows that the recent methods to find vulnerabilities and detect ongoing or successful attacks in critical infrastructure environments are not sufficient.
CRISALIS focuses on these two aspects: detection of vulnerabilities and attacks in critical infrastructure environments. We address two different, yet interlinked, use cases that are typical for the power grid infrastructure: control systems based on SCADA protocols and the Advanced Metering Infrastructure. CRISALIS leverages the unique characteristics of critical infrastructure environments to produce novel practical mechanisms and techniques for their security assessment and protection. This is achieved by pursuing three main research objectives: (i) providing new methodologies and techniques to secure critical infrastructure systems; (ii) providing new tools to detect intrusions; (iii) developing new, more effective, techniques to analyze infected systems. Particular attention is paid to ensure the practical implementation of these techniques in real-world environments, and to minimize the impact on operations, goals which are attainable thanks to the direct involvement in the process of end users and device manufacturers who provide expertise and realistic test environments to validate the proposed methodologies.


The candidate is expected to join the ICS and SCADA-related research agenda of the DIES group and contribute to our research in areas like automated device fingerprinting of ICS/SCADA devices and security testing tools and methodologies for ICS/SCADA. The topic of the PhD thesis should also be from one of those areas. This type of research requires a candidate with a strong interest in practical system-level skills.
As an ideal candidate for this position, you;
•hold or are about to finish a master in computer science or a closely related discipline (mandatory);
•have a strong interest in research;
•have an initial record of research, documented by first publications in the field;
•have started research in and are familiar with the field of ICS and SCADA security;
•had first contact with cooperative research projects, preferably EU FP7 projects;
•have excellent communication skills, mastering both oral and written English fluently;
•are able to pursue challenging, interdisciplinary problems and deliver proof-of-concept results; and
•have strong practical security skills, including C, C++, embedded systems, intrusion, and IT forensics.
The gross salary will range from € 2.042,00 in the first year to € 2.612,00 per month in the fourth year. Additionally, the University of Twente provides excellent facilities for professional and personal development. In addition, a holiday allowance is offered (amounts to 8%) and an end-of-year bonus (amounts to 8.3%) and a number of additional benefits. The labor agreements are in accordance with the CAO-NU for Dutch universities.


If you think you fulfill at least a good number of these characteristics, apply for this position. Applications have to include:
– curriculum vitae
– a list of publications
– a list of courses you have followed (with grades)
– the names and addresses of two referees
– one or two of your research papers and/or your MSc thesis
For more information please contact Dr. Frank Kargl ([email protected]) or Dr. Damiano Bolzoni ([email protected]).
Applications have to be submitted here.

The deadline is July 15th, 2012.

The Official Website

One thought on “PhD position in Security of Industrial Control Systems at The University of Twente

  1. The real problem is his imelipd threat of pre-emptive attack against an alleged cyberattack . This is an extraordinarily dangerous doctrine.It’s also a good excuse to use if you want to just attack another country without any real threat justification like, for instance, Iran against whom the US lodging charges of being behind recent computer security incidents in the Middle East. Which, BTW, is hypocritical in the extreme given that the US and Israel started the whole cyberweapon craze with Stuxnet, Duqu and Flame.

Leave a Reply