Internship | Research on a knowledge graph for cybersecurity guidance

Could it be possible to verify cybersecurity compliance of a whole industry by just clicking a button? That’s the innovation this internship works towards!

Our society is becoming increasingly digitalized, and dependent on ICT infrastructures. Besides daily life, digitalization and telecommunication is also revolutionising industries in the critical sector, such as the power grids: monitoring and control of energy generation, transmission, and distribution is enhanced by industrial Internet of Things (IIoT), internet-connected capabilities to handle assets and operations flexibly and automatically. While this opens to unprecedented advantages, it also exposes industries to cyber threats like never before. In fact, cyber-attacks to industrial plants represent a real cyber-warfare weapon. The cybersecurity posture and preparedness of the energy sector has never been so crucial.

To address this, the European Union is releasing legislation (NIS 2) to bring the cyber-resiliency and security of critical industries across the EU at the same level, building a Union-wide cyber shield against cyberattacks. In particular, industries can attest their cybersecurity posture via compliance to cybersecurity frameworks such as the IEC 62443, the ISO 27002:2022. At the same time, several implementation guidelines exist to improve the cybersecurity posture of an organization (e.g., MITRE ATT&CK) and DEF3ND, NIST CSF and Cyber Resilience Engineering. These documents list extensive sets of requirements to reach a determined cybersecurity posture.

An abundance of frameworks and guidelines for cybersecurity is – in principle – good. On the other hand, Regulations and guideline documents tend to use different terminology across different organization, assumptions, and contexts. Different frameworks may be suited for different scopes (e.g., organization management, supply-chain management, inherent product security features, etc.) and the distinction is not always easy to delineate. This implies that companies spend considerable effort and resources in parsing through several documents, identifying the guideline items that best fit their industries, align with their risk strategies, and fulfil regulations.

At TNO CST, we are involved in several projects with energy grids organizations, and have often recorded this issue. We hence propose an internship to work on this interdisciplinary challenge, ubiquitous in research fields such as cybersecurity, governance and policy-making, and data science. The internship aims to research on, and assemble, a data model to facilitate the navigability, comparison, and scoping of cybersecurity framework requirements, and their implementation approaches in specific contexts. The internship takes place as a cooperation between TNO Cyber Security Technologies (CST), and TNO Data Science (DS) departments, and contributes to the INTERSCT project (Grant NWA.1160.18.301).

What you will be doing
You will work on the task of designing a knowledge graph that generalizes the representation of cybersecurity requirements (such as those listed in the ISO/IEC 62443-2-1), their connection to cybersecurity controls (such as those listed in the NIST 800-160 and MITRE DEF3ND) and regulations, and to the cyber-attacks that such controls aim at preventing (such as those listed in the MITRE ATT&CK). You may research the state-of-art of cybersecurity ontologies employed in the industry; design and implement algorithms to compare information items from multiple documentary sources, collect it in a unified representation, and work on its graphical visualization. Furthermore, you may create a query language or ML-based query strategy specific for such data model, aimed at assisting energy industry CISOs in navigating the broad regulatory and framework space. Finally, remember that you are free to approach this problem flexibly and creatively. Contributing your point of views and ideas is greatly welcomed!

This is a captivating socio-technical puzzle, challenging your problem solving skills. It can be engaged through several approaches in machine learning, ontologies engineering, data modelling, and concretized in tools and contribution to standards, and even legislation! Sounds like something for you? Then apply now!

You thrive on conducting research that helps protect our clients against cyber risks. As you’ll be spending between six and nine moths research for your Master’s thesis, you are highly motivated to contribute to the fast-moving field of cyber security in a multi-disciplinary environment. And you enjoy learning from the best and working with colleagues from different backgrounds.

Other knowledge and skills you bring to TNO:

• A University Bachelor’s Degree. And you’re in the final phase of your Master’s Degree training in mathematics, physics, computer science, data science, or related.
• You are comfortable with programming at university level.
• Experience of, or a keen interest in cyber security, helping you master the topic within the first few months of your internship.
• An excellent command of English at academic level.

You want to work on the precursor of your career; a work placement gives you an opportunity to take a good look at your prospective future employer. TNO goes a step further. It’s not just looking that interests us; you and your knowledge are essential to our innovation. That’s why we attach a great deal of value to your personal and professional development. You will, of course, be properly supervised during your work placement and be given the scope for you to get the best out of yourself. Furthermore, we provide:

• A highly professional, innovative working environment, with top experts as colleagues.
• A suitable internship allowance (615 euro for wo- and hbo-students, 390 euro for mbo-students, for a full-time internship).
• Eight hours of leave per internship month (for a full-time internship).
• A free membership of Jong TNO, where you can meet TNO-colleagues and join several activities, such as sports activities, (work-related) courses or the yearly ski-trip.
• Use of a laptop.
• An allowance for travel expenses in case you don’t receive an OV-card.

At TNO, we innovate for a healthier, safer and more sustainable life. And for a strong economy. Since 1932, we have been making knowledge and technology available for the common good. We find each other in wonder and ingenuity. We are driven to push boundaries. There is all the space and support for your talent and ambition. You work with people who will challenge you: who inspire you and want to learn from you. Our state-of-the-art facilities are there to realize your vision. What you do at TNO matters: impact makes the difference. Because with every innovation you contribute to tomorrow’s world. Read more about TNO as an employer.

At TNO we encourage an inclusive work environment, where you can be yourself. Whatever your story and whatever unique qualities you bring to the table. It is by combining our unique strengths and perspectives that we are able to develop innovations that make a real difference in society. Want to know more? Read what steps we are taking in the area of diversity and inclusion.

After the first CV selection, the application process will be conducted by the concerning department. TNO will provide a suitable internship agreement. If you have any questions about this vacancy, you can contact the contact person mentioned below.

Important to be aware of before applying:

• Before the start of the internship, the internship agreement from TNO needs to be signed. For students at a college or university based in the Netherlands, TNO uses the UNL-template (supplemented with a number of specific agreements from TNO). For students of foreign and MBO educational institutions, the TNO internship agreement applies. TNO does not sign any other internship agreements.
• Before the start of the internship, the educational institution will need to confirm in writing that:

1. you are enrolled at the educational institution during the internship, and;
2. the internship takes place as part of the programme of the study.

• The confirmation of educational institution takes place by signing the UNL template or forms prepared by TNO.
• Interns at TNO must be in possession of a Dutch residential address at the start of the internship. Performance of internship activities from abroad is not possible.