Assessment Framework For Civilian Technology Used In A Military Context

Project overview:

  • Goal: Develop a cyber security assessment framework to systematically assess the security of civilian technology for use in military applications
  • Location: Eindhoven
  • Timeframe: 6 months
  • Starting: starting in Q2 2023
  • Complexity: High
  • Team: Defense & Safety
  • Supervisor: Jim Aspers


As a student, you have:

Education:

  • MSc. level of education in relevant domain

Technical skills:

  • Experience with literature study and valuation/organization of sources;
  • Knowledge of the IT(/OT) security domain;
  • Technical embedded systems/RF communications knowledge is a big bonus (e.g. LoRa, Wi-Fi, drone security, …).


Soft skills

  • Ability to break down a large task or broad research question into smaller tasks and organize work accordingly;
  • Ability to independently derive relevant research questions to answer a customer need;
  • Good communication skills, self-organization.


The project you will be working on:

Defense and law enforcement organizations are more and more looking into the possibilities (and the risks) of using civilian technology for their missions. These use cases involve a different threat model than what the products originally were designed and secured for. Due to this, common IT security assessment frameworks, standards and methods may not directly be usable for assessing and classifying the risk that the use of such product poses for a mission.

Secura Defense and Safety is looking to model the threat landscape that a civilian product will be emerged in during a mission in a military context. Based on this, we want to develop a standardized method to approach the security assessment of such products.

This internship project is expected to consist of multiple parts:

  1. Performing a literature study on the types of civilian technology that have been used in recent years in a military context (e.g. in the Russo-Ukrainian conflict);
  2. Performing a literature study on common threats for the most prevalent product categories, based on observed (or theoretical) attacks and attack techniques;
  3. Developing a threat model;
  4. Developing an assessment methodology which is able to cover the most common threats that were identified;
  5. Test-drive the developed methodology on two distinct products.