Skip to main content
To KTH's start page

Detecting vulnerabilities in IT environments to prevent cyberattacks

Pontus Johnson.
Published Apr 02, 2025

Finding vulnerabilities in an IT system to quickly detect an ongoing cyberattack or even stop them has become increasingly important. To find these vulnerabilities and train on intrusion detection and defence, we use a simulation engine that builds a virtual environment, a so-called digital twin, where researchers can train both detection and defence.

"We see that cyber attacks and influencing operations are a growing problem in our digital society, and an attack can have devastating consequences for the whole society," says Pontus Johnson, professor at KTH.

Cyberattacks - a growing problem

Cyberattacks have become a growing problem over several decades. And in our digital world, we have entrusted large amounts of value managed by different computer systems.

In recent years, we have seen cyberattacks against central banks, critical infrastructure, large retail chains and much more. Cybersecurity has also become increasingly important in a deteriorating global security situation, where both espionage and influence operations occur and can even affect the outcome of democratic elections.

"In our digitalised world, imagining even worse scenarios than we have seen so far is easy. Consider, for example, the societal consequences of a major attack on our electric power systems or an attack on the world's nuclear weapons systems. We need to be better prepared than we are today," says Pontus Johnson.  

"We have so far been spared from major attacks, but a concerted effort is needed in the future. The simulation engine developed by KTH is of great benefit, not least because it is available as open-source code. It creates a solid foundation for innovation and further development in the field of cybersecurity"

Pontus Johnson, Professor KTH

Identifying vulnerabilities in IT environments

At KTH, research has long been conducted to identify vulnerabilities in IT environments. The work includes attack simulations and the application of reinforcement learning in simulated environments. Attack simulations provide insight into how cyber attacks develop and what consequences they can have. Pontus Johnson and his research colleagues use reinforcement learning in attack simulations to train autonomous defence agents to respond effectively to intrusions.

 Today, all major IT systems contain vulnerabilities, and attackers with the right tools can often use the Internet to infiltrate IT systems anywhere in the world. Pontus Johnson points out that Sweden has reacted later than many other countries to the risks posed by these vulnerabilities.

"We have so far been spared from major attacks, but a concerted effort is needed in the future. The simulation engine developed by KTH is of great benefit, not least because it is available as open-source code. It creates a solid foundation for innovation and further development in cybersecurity," says Pontus Johnson.

Pontus Johnson

Pontus Johnson is a Professor at the Department of Network and Systems Engineering and Director of the Centre for Cyber Defence and Information Security. His research focuses mainly on cybersecurity and analysing architectural models of computer networks by, for example, simulating cyberattacks on such networks. In 2022 and 2023, Tech Awards Sweden listed him as one of the 50 most influential people in Swedish tech.

Pontus Johnson is the deputy director of Cybercampus Sweden, which was inaugurated in February this year. It is a Swedish national initiative that conducts agile and cutting-edge research, innovation and education in cybersecurity and cyber defence beyond what is possible for a single university, institute, government agency or company.

Research to support