Society is going through an increased digitization, which the World Economic Forum has estimated gives a 10% annual increase in Norway's gross domestic product (GDP). This increase in welfare also have a dark side, namely a sharp increase in cybercrime, cyber espionage and cyber attacks. One of the consequences is that public and private companies are forced to establish teams to handle attacks, for example. SOC, CERT or CSIRT. A rapid increase in the number of teams provides a large variation in quality and focus. A common method is to focus on the cause of the incident (which malware were infected, the server went down, etc.) and correct the error as soon as possible. Professional teams have long since realized that this is about much more than to prevent, detect and rectify incidents. They focus to a much greater extent on the consequences of the events have for their business critical values. This could be consequences for individuals (finances, reputation, family), the consequences for the company (sales, stock value, reputation) or social consequences (safety, economic growth, job creation). Research that combines deep technical analysis and context information about what is critical values for the individual, the organization and the community is necessary for society as a whole.
A well-functioning team in (e.g. SOC, CERT, CSIRT) focuses on controlling cyber domain for the benefit of the company. This requires a lot of expertise across multiple disciplines. The personnel must master advanced technical analysis as “malware analysis”, “computer forensics”, “network forensics” and “penetration testing”. Meanwhile, they must have knowledge of how the team's resources can best be organized and utilized to establish and maintain control over the cyber domain. This for that business or society can continue to function and evolve despite ongoing cyber crime and cyber attacks. This is what we name cyber tactics and cyber operation.
The focus of the research group is on strengthening an organization’s resilience against and ability to handle cyberattacks. The handling of cyberattacks will aim at reducing the consequences or impact of the attack on individuals, organizations or the society in addition to the underlying incident (e.g. loss of information or downtime of services). This will require research combining deep technical analysis with context information about what are valuable assets for individuals, organizations or society