“Small cyber issues can trigger much larger real-world problems”
Cyber attackers are clever and persistent: They continuously develop new weapons and launch new attacks. How can we protect our cyber-physical systems? Elias Seid has developed a framework to strengthen our resilience.
We’ve talked to Elias Seid who recently defended his PhD thesis at the Department of Computer and Systems Sciences (DSV).
Hello Elias, please tell us about your research! What is a cyber-physical system?
“Sure, I’ll give an example. In May 2021, hackers launched a ransomware attack on the Colonial Pipeline — the largest fuel pipeline in the United States. The attack started on the cyber side, where criminals broke into the company’s computer systems and locked important files so the company couldn’t use them. As a result, Colonial Pipeline had to shut down its physical operations to stop the attack from spreading. This meant that fuel could no longer flow through the pipeline. For several days, gas stations ran out of fuel, people started panic-buying, and some flights were delayed because of shortages. This incident showed how a problem that starts in the digital world can quickly cause real-world physical and economic problems. These kinds of systems – where the digital and physical worlds are tightly connected – are called cyber-physical systems, or CPS for short. My research focuses on how we can keep these systems secure and running safely, even when new cyber threats appear.”
What are the challenges of managing cyber-physical systems?
“The systems are difficult to secure because threats are always changing. Any solution that fixes today’s security problem will eventually become outdated as new vulnerabilities and attacks appear. Attackers often use multi-stage strategies and take advantage of the fact that CPS operate in open, connected, and therefore insecure environments. Another challenge is that CPS are usually built piece by piece rather than as a whole system. This leaves gaps that attackers can exploit. Unlike regular software systems, CPS combine both physical and digital parts, which makes securing them even harder. The key problem is how to continuously keep CPS secure at runtime, in a way that adapts to new threats and provides protection for the entire system, not just individual parts.”
How is it different from “traditional” cybersecurity?
“Most current cybersecurity methods rely on traditional and reactive tools like firewalls, virus scanners, and software updates. These tools have helped build the foundation of digital security, but they quickly become outdated as new types of cyberattacks appear. This constant race between attackers and defenders creates an endless cycle of patches and new vulnerabilities. Much of the earlier research has focused mainly on the digital side of security – protecting networks and software. However, in cyber-physical systems, the digital, physical, and even social layers are closely connected. Ignoring these connections can lead to chain reactions, where a small cyber issue triggers much larger real-world problems. Some studies have looked at making CPS security more adaptive, but most rely on simple, rule-based systems that only react after an attack happens. Very few use predictive methods that can detect early warning signs and adjust defenses before damage occurs. Many existing security tools also work in isolation: One tool monitors digital networks, and another tool watches sensors – but few can handle multi-stage attacks that move across different layers of a CPS. That’s why security for cyber-physical systems needs to be both holistic and adaptive. It must protect all layers – cyber, physical, and social – and adjust automatically as threats evolve.”
What are the implications of your research?
“As society becomes increasingly dependent on smart infrastructures – from power grids and transport networks to connected manufacturing and healthcare systems – protecting them from cyber threats is more important than ever. My research explores how security in such systems can become more adaptive. It proposes a new framework that continuously monitors activity across the digital, physical, and human layers of a system, helping to detect unusual patterns and respond more effectively to emerging risks. Instead of relying only on static defenses, the model promotes context-aware, flexible protection that evolves as conditions change. The framework can assist infrastructure operators and system designers in understanding how cyber incidents might spread into physical operations and in developing faster, better-informed responses. By supporting safer and more resilient infrastructures, the study contributes to broader efforts to strengthen trust and reliability in digital technologies that underpin modern life.”
Is it possible to protect ourselves from cyber threats?
“In my view, complete protection from cyber threats is unlikely, as both technology and attackers continually evolve. However, we can strengthen resilience by adopting adaptive, multi-layered defenses that integrate human, digital, and physical monitoring. Equally important are user awareness, rapid detection, and collaborative response mechanisms. Together, these approaches can help societies and organizations reduce the impact of attacks and maintain trust in the essential systems that keep modern life running. A common example from my research involves a phishing and infrastructure-hijack attack. Here, an attacker poses as a trusted organization, sending a realistic e-mail or creating a fake login page. Once a user’s credentials are stolen, the attacker manipulates network settings to redirect control traffic within a cyber-physical system such as an energy grid or transport network. It’s important to stop these attempts that begin as social deceptions and quickly escalates into cyber intrusion, ending with physical disruption to real-world operations.”
Why did you decide to get your PhD at DSV?
“My interest in cybersecurity began during my Master’s in Security Engineering in Italy, where I became fascinated by how technology, risk, and human behavior interact. Later, while working as a Security Engineer at Bosch in Germany, I dealt with incident monitoring and response and saw firsthand the challenges and gaps in existing security systems. Those experiences sparked research questions that led me to pursue a PhD in cybersecurity. I chose DSV at Stockholm University for its interdisciplinary approach, combining technical, organizational, and human perspectives. It is an ideal environment for exploring adaptive security in cyber-physical systems.”
What are you up to next?
“I plan to continue developing my work on cyber resilience, exploring ways to connect research with real-world security practice. I’m interested in roles that combine academic insight and practical application, contributing to more adaptive and resilient approaches to cybersecurity”, says Elias Seid.
More about Elias’s research
Elias Seid defended his PhD thesis at the Department of Computer and Systems Sciences (DSV), Stockholm University, on September 30, 2025.
The title of the thesis is “Adaptive Framework for Security Attack Monitoring in Cyber-Physical Systems”.
It is a compilation of six papers, with an additional eight papers listed as related papers.
The thesis can be downloaded from Diva
Tomaž Klobučar, Jožef Stefan Institute in Slovenia, was the external reviewer at the defence.
Main supervisor for the thesis is Oliver Popov, DSV. Supervisor is Fredrik Blix, DSV.
Contact Elias Seid
Contact Oliver Popov
Contact Fredrik Blix
Read about the research and education at DSV
Text: Åse Karlén
Last updated: October 23, 2025
Source: Department of Computer and Systems Sciences, DSV