The 1st International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)

June 30th, 2020

In conjunction with ICSE 2020


EnCyCriS will be arranged online. The workshop date is June 30th, 07:00 – 13:15 CEST.

Please note that during registration process, select EnCyCris; see the figure below.


Information regarding teleconferencing will be sent by email on June 25th. If you did not receive such email, please contact André Hauge (


The 4th Industrial Revolution refers to the era of revolution created by the convergence of cyberphysical systems and the advances in the information and communication technologies. The 4th Industrial Revolution aims at the intelligent world through connection, decentralization, sharing, and opening. Software is the driving force of the 4th Industrial Revolution. Like other industries or domains, Critical Infrastructures (CI) such as energy, transportation, and public health are also going through digital transformation to optimize their services and processes as well as to reduce costs. However, adoption of digital technology for critical systems has exposed them to cyber, physical and combined cyber-physical threats. A cyber-attack on a critical system can inflict severe catastrophe to society, economy and national security. Assuring safety and reliability of these systems is also of utmost importance. This workshop opens discussions among researchers, practitioners and students who are working on challenges and solutions for the 4th Industrial Revolution, including cyber threats to critical systems; secure software engineering; and attack detection and response mechanisms.

The objectives of the workshop, in terms of the R&D presented in the paper contributions, is to provide state of the art and practice in:
– integrated and secured software engineering processes and methods for CI that enable coordination among different stakeholders, experts and engineers, continuous integration of new and emerging technologies that enable the 4th Industrial Revolution, and interdependencies of CIs and their rippling effects,
– threat landscape for digital systems’ software in CI, modelling cyber-attack scenarios and digital systems’ architecture and interdependencies. This includes to assess how to specify accurate software architecture design models that facilitates cybersecurity and Reliability, Availability, Maintainability and Safety (RAMS) assessment and support effective
communication of the threats, vulnerabilities, risks and potential mitigation to relevant stakeholders as decision support.
– developing risk models for digital systems’ software that could be used during response of fast evolving cyber incidents. For e.g. how to use, combine or tailor software system models, network topology, risk models, in a way that they could used by incident responders to determine event propagation and suitable response strategies.
– relevant early signals of threats to digital systems’ software for timely detection and response


Registration for the workshop will be available through ICSE registration system

Please note that while registration select EnCyCris; see the figure below.

Venue/online conference

This workshop is organised in conjunction with ICSE 2020.

Information regarding teleconferencing will be sent by email on June 25th. If you did not receive such email, please contact André Hauge (


Workshop program: EnCyCris workshop program.

Accepted Papers

1) “Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification”

Authors: Martin Macak (Masaryk University); Agata Kruzikova (Masaryk University); Lukas Daubner (Masaryk University); Barbara Buhnova (Masaryk University)


2) “Identifying Critical Components in Large Scale Cyber Physical Systems”

Authors: aida akbarzadeh (NTNU);   Sokratis Katsikas (NTNU)


3) “Domain-Based Fuzzing for Supervised Learning of Anomaly Detection in Cyber Physical Systems

Authors: Herman Wijaya (Singapore University of Technology and Design); Maurício Aniche (Delft University of Technology); Aditya Mathur (Singapore University of Technology and Design)


4) “Specific Air Traffic Management Cybersecurity Challenges”

Authors: Johannes de Haan (EUROCONTROL)


5) “Towards an Automated Approach for Detecting Architectural Weaknesses in Critical Systems

Authors: Joanna Cecilia da Silva Santos (Rochester Institute of Technology); Selma Suloglu (Rochester Institute of Technology);  Joanna Ye (Rochester Institute of Technology); Mehdi Mirakhorli (Rochester Institute of Technology)


6) “Security Threat Modeling: Are Data Flow Diagrams Enough?”

Authors: Laurens Sion (imec-DistriNet, KU Leuven); Koen Yskout (imec-DistriNet, KU Leuven); Dimitri Van Landuyt (imec-DistriNet, KU Leuven); Alexander van den Berghe (imec-DistriNet, KU Leuven); Wouter Joosen (imec-DistriNet, KU Leuven)


7) “Towards automated safety analysis for architectures of dynamically forming networks of cyber-physical systems”

Authors: Jennifer Brings (University of Duisburg-Essen); Marian Daun (University of Duisburg-Essen)


8) “Security as Culture: A Systematic Literature Review of DevSecOps”

Authors: Mary Sánchez-Gordón (Ostfold University College); Ricardo Colomo-Palacios (Ostfold University College)


9) “What happens in a control room during a cybersecurity attack? Preliminary observations from a pilot study”

Authors: Espen Nystad (IFE); Vikash Katta (IFE); John Eidar Simensen (IFE);  Per Arne Jørgensen (IFE); Fabien Sechi (IFE); Aleksander Lygren Toppe (IFE);  Christer Nihlwing (IFE)

Call for papers

This workshop invites paper contributions from research scholars and practitioners working on challenges and solutions for engineering and cybersecurity of critical systems in the 4th Industrial Revolution. The workshop invites papers within the following topics, but are not limited to:

  • Integrated and secured software engineering processes and methods for reliable CI
  • Safety by design in software engineering
  • Security by design in software engineering
  • Software engineering techniques enabling digital twin
  • Simulation technology for analysis on safety, reliability, security, etc.
  • Threats and risks modeling to critical infrastructures
  • Cybersecurity risk visualization during development and operation
  • Human factors in software engineering in the 4th Industrial Revolution

We accept position papers, research papers, and industrial experience papers. We highly value industrial experience and lessons learned, this includes also academic papers where research artefacts have been applied in an industrial context.


Workshop proceedings will be prepared by IEEE CPS and published by ACM. Workshop papers must follow the ACM formatting instructions.

Papers must have a maximum length of 8 pages. Position papers and Industrial track papers can have a page limit of 2 to 4 pages.

Submission page:

Important Dates

  • Paper submission deadline: Jan 22, 2020 Jan 29, 2020 (extended)
  • Paper acceptance notification: Feb 25, 2020
  • Camera-ready submission deadline: Mar 16, 2020 April 7, 2020
  • Workshop: June 30th, 07:00 – 13:15 CEST


Bjørn Axel Gran, IFE, Norway

André Alexandersen Hauge, IFE, Norway

Eunkyoung Jee, KAIST, South Korea

Tai Hyo Kim, Formal Works Inc., South Korea

Program committee

Sokratis Katsikas, NTNU, Norway
Vasileios Gkioulos, NTNU, Norway
Nikolaos Papakonstantinou, VTT, Finland
Ricardo Colomo-Palacios, HIOF, Norway
Eunkyoung Jee, KAIST, South Korea
Bjørn Axel Gran, IFE, Norway
Vikash Katta, IFE, Norway
André Alexandersen Hauge, IFE, Norway
Huy Kang Kim, Korea University, South Korea
Seungjoo Kim, Korea University, South Korea
Jong-Hyouk Lee, Sangmyung University, South Korea
Jung Taek Seo, Soonchunhyang University, South Korea
Taeshik Shon, Ajou University, South Korea
Dan Dongseong Kim, University of Queensland, Australia
Tai Hyo Kim, Formal Works Inc., South Korea


This workshop is sponsored by the The Research Council of Norway funded project CybWin.

Hauge, André A.

Risk, Safety and Security,