Pontus Johnson

PROFESSOR

Kungliga Tekniska Högskolanhttps://www.kth.se/profile/pontusj

Works for

DIVISION OF NETWORK AND SYSTEMS ENGINEERING

Telephone

+46 8 790 68 25

Address

TEKNIKRINGEN 33

E-mail

pontusj@kth.se

Researcher ID

ORCID ID

About me

Pontus Johnson is a professor at the KTH Royal Institute of Technology in Stockholm, Sweden. His research interests mainly lie in the area of cyber security and the analysis of architectural models of computer networks – in particular simulating cyber attacks on such networks. Pontus supervises a number of PhD students and holds courses in Ethical hacking.

He is the director of the Center for Cyber Defense and Information Security at KTH, a collaboration with the Swedish Armed Forces, the National Defence Radio Establishment (FRA), the Swedish Civil Contingencies Agency (MSB), The Swedish Defence Research Agency (FOI) and the Swedish Defense University (FHS).

He is also the vice director of the national initiative Cybercampus Sweden, inaugurated February of 2024.

He received his MSc from the Lund Institute of Technology in 1997 and his PhD and Docent titles from the Royal Institute of Technology in 2002 and 2007. He was appointed professor in 2009.

Since 2013, Pontus is a member of the Swedish Royal Academy of Engineering Sciences (IVA). From 2024, he is serving on the IVA board as deputy chair. He has previously participated in various IVA projects – most notably the project on Cybersecurity and Competitiveness – chaired IVA's Division II, been a member of the medal committee, among other things.

He was a co-founder of Foreseeti, a research spin-off company developing cyber security attack simulation software, subsequently acquired by Google. Since 2023, Google offers Attack Path Simulations to its Cloud customers based on the technology developed by Pontus and his research colleagues.

In 2021, Pontus was credited with the discovery of the worlds oldest security vulnerability, in the universal Turing machine. In 2022 as well as 2023, Tech Awards Sweden listed him among the 50 most influential people in Swedish tech.

He has chaired, co-chaired, and participated as steering committee member in many international conferences and workshops and participated in program committees in over fifty such events. He has authored well over 100 scientific articles, mainly on the assessment and prediction of cyber security and other non-functional properties in software and computer networks.

Pontus spends 20% of his work time at Google. In the remaining 80%, he is a member of the Software Systems Architecture and Security (SSAS) research group within the Division of Network and Systems Engineering (NSE) at the Department of Computer Science in the School of Electrical Engineering and Computer Science (EECS) at KTH.

Ph.D. Students

If you would like to develop your expertise significantly, consider applying for a PhD student position in our group. We regularly announce new positions.

Simon Gökstorp (Main Supervisor)
Jakob Nyberg (Main Supervisor)
Nikolaos Kakouros (Main Supervisor)
Sotirios Katsikeas (Main Supervisor)
Fredrik Heiding (Assistant Supervisor)
Yeongwoo Kim (Assistant Supervisor)
Kim Hammar (Assistant Supervisor)
Margus Välja (2018) (Assistant Supervisor)
Markus Buschle (2014) (Main Supervisor)
Moustafa Chenine (2013) (Assistant Supervisor)
Ulrik Franke (2012) (Main Supervisor)
Per Narman (2012) (Assistant Supervisor)
Robert Lagerstrom (2010) (Main Supervisor)
Marten Simonsson (2008) (Main Supervisor)
Magnus Gammelgard (2007) (Assistant Supervisor)
Asa Lindstrom (2006) (Assistant Supervisor)
Erik Johansson (2005) (Assistant Supervisor)

Publications

Pontus publication are (usually) available in a link on the right-hand side of the page, and also on Google Scholar.

Vulnerabilities

Check out vulnerabilities discovered by Pontus, his colleagues and students in the Software Systems Architecture and Security (SSAS) research group.

Media Coverage

Television

Swedish TV interview live hacking demonstration.

SVT Aktuellt on cyber security (in Swedish).

Interview on the Center for Cyber Defense and Information Security.

Swedish TV interview on the vulnerabilities of smart consumer products.

Swedish TV interview on the vulnerabilities of the 5G network.

Så används AI-verktyg i hackerattacker (SVT Nyheter, Feb 2024)
Aftonbladet erbjuds köpa hemliga uppgifter – av ryska hackare (Aftonbladet, Feb 2024)
Professorn: Myndigheter bör inte prata hemligheter i en Volvo (SVT Nyheter, Juni 2023)
Professor: Vi har överskattat det ryska cybervapnet (SVT Nyheter, April 2023)
Professor i it-säkerhet: Tiktokförbud överdrivet trubbigt (SVT Agenda, Mars 2023)
Kommentar om Turk Hack Teams angrepp mot Sverige (SVT Rapport, Feb 2023)
Cybersäkerhetsexperten: Datasystemen överraskande sårbara (SVT Aktuellt, Maj 2022)
Vad är en cyberattack? (SVT Lilla Aktuellt, Maj 2022)
Intervju om cybersäkerhet (SVT Aktuellt, Oct 2021)
Forskaren om största hackerhoten: Har lyckats ta över pacemakers (SVT Aktuellt)
Folk och Försvar, Cybersäkerhet i digitaliseringens tid (SVT Forum)
Digitala lås kan hackas och styras av kunniga tjuvar – så väljer du rätt (SVT Nyheter Västmanland)
5g-auktionerna avslutade – utan Kina (SVT Rapport)

YouTube

Cyberblick: Hur ökar digitaliseringen sårbarheten i energisystemet? (Energiutblick 2021)

Radio/Podcast

News articles

En ensam kodare kan ha stoppat gigantisk cyberattack (Dagens Nyheter)

Bankerna borde oroa sig för Ryssland (Aftonbladet)

Vi har en cybersäkerhetsskuld som vi inte betalat av (SVT Nyheter)

Sverige riskerar dras in i Rysslands cyberkrig (Svenska Dagbladet)

Säkerhetsexperter: Sverige behöver ett cyberförsvarscampus (Altinget)

Storsatsning på säkerhet nödvändig för it-skydd (IVA Aktuellt)

Cyberattacker – ett växande hot mot din arbetsplats (Akavia Aspekt)

Hackergruppen utslagen av FBI: "Blev riktigt sura" (Svenska Dagbladet)

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine (The Register)

l+f: 54 Jahre unentdeckt – Mutter aller Sicherheitslücken (heise)

Svenske professorn hittade världens äldsta it-sårbarhet i Turingmaskinen (Ny Teknik)

54 jaar oud lek in Turing Machine (AG Connect)

Cyberkrigföring är en intellektuell kamp (Officerstidningen)

Här lär sig soldater hacka för att hindra cyberattacker (Universitetsläraren)

Det osynliga slagfältet (Försvarsmaktens Forum, s.21-24)

Han utbildar Sveriges första cybersoldater (Sjukhusläkaren)

Så hackade polisen kriminellas telefoner (svt.se)

Sverige vässar stridskrafterna för cyberkrig (Svenska Dagbladet)

KTH:s centrum för cyberförsvar invigs (Aktuell Säkerhet)

Nytt forskningscentrum ska förstärka Sveriges digitala försvar (Sveriges Radio)

Cybersoldater ska skydda Sverige – snart rycker första rekryterna in (Di)

KTH startar centrum för cyberförsvar (Elektroniktidningen)

Premiär för försvar (Voister)

Han hackar för säkerhet (Karriär)
Cybersoldater ska skydda samhällets system mot hackare (KTH)
KTH öppnar sin utbildning i etisk hackning – företagen också välkomna (Computer Sweden)
Ny KTH-kurs ska lära företag att tänka som hackare (Ny Teknik)
Han utbildar företagare till hackare (DI)
Vithattar blir svarta på KTH (Voister)
Nu kan du plugga till hackare på KTH (Computer Sweden)
Swedish University Offers ‘Ethical Hacking' Courses for 'Greater IT Security' (Sputnik news)

Hacking Master Thesis Projects

If you would like to do a master thesis project aimed at hacking something, don't hesitate to contact me. Previous projects have targeted control systems, electric locks, electric scooters, motor vehicle remote control units,and more.

Some students were featured in Swedish news outlets in recent years.

Attacken på det uppkopplade hemmet

SVT - Varningen: Uppkopplade bilar kan hackas och tas över