Fredrik Heiding is a PhD student at the Division of Network and Systems Engineering at KTH, Sweden, with Robert Lagerström as his main supervisor. His primary research focus is on cyber security, specficially on penetration testing and threat modeling of critical infrastructures, while also investigating the ethics of hacking and how to enhance cyber security in the most morally responsible way.
Cyber security is an increasing concern and with the digital explosion we are facing the attack surface is getting larger. This digitization has a central role in the vision of viable cities, where efficient energy, self-driving vehicles, and healthy citizens are core objectives. Almost all ideas addressing today’s energy problems include digital solutions. In the systems-of-systems concept, where everything is digital and connected, the threats and risks of cyber security breaches will be tremendous if we do not design secure solutions and actively test these, both on their own and in the system-of-systems they will act.
Fundamental research has been conducted on penetration testing and its role as an academic discipline. The study performed a rigorous investigation of penetration testing methods, applications, and use cases as well as investigating how penetration testing is treated and used within academia. Work has also been conducted to set up a hacking lab for pentesting ICS devices, commercial IoT products, Vehicles, and much more. More ICS devices are continuously being sought after in order to expand the lab, if you have a device you want us to pentest, feel free to contact me.
Research has also been conducted on the securing IoT devices, focusing on consumer IoT products and their susceptibility to common attacks. Another study created a Threat Modeling Ontology Framework used to improve automated threat modeling. The framework was developed with conceptual modeling and validated using three different datasets: a small scale utility lab, water utility control network, and university IT environment. The framework produced successful results such as standardizing input sources, removing duplicate name entries, and grouping application software more logically.
Other research areas that are investigated includes blockchain technologies to secure IIoT networks and studies combining ethics and morality with cyber security and hacking.
Research interests: Fredrik's main research interests are Cyber Security, Critical Infrastructure, penetration testing, IoT (Internet of Things), IIoT (Industrial Internet of Things), Threat Modeling, blockchain technologies as a tool for increased cyber security, software application architecture, IT Management, Enterprise IT Architecture and Architecture Analysis.
- Securing IoT devices using Geographic and Continuous Login Blocking: A honeypot study
- Automating threat modeling using an ontology framework
Research in progress
- Penetration testing of ICS devices and various equipment from critical infrastructures
- Analyzing penetration Testing trends and penetration testing as an academic field
- Using blockchain to secure data transfers in IIoT networks
- Analyzing cyber security trends for critical infrastructures in Northern Europe
Other mentions and medial coverage
- Featured in national television (SvT rapport) for hacking connected vehicles A series of vulnerabilities in vehicular connectivity adapters were exploited to gain access to to the vehicles and create a self propagating malware that laid the foundation for a botnet of connected vehicles.
- Best research presentation award @ Energy Dialogue 2021