Cyber security & safety

About the Cyber Security & Safety research group

In a society that is becoming increasingly digital, cyber risks and digital threats are increasing at the same pace. All of us leave digital traces wherever we go, including online. Organisations also run serious risks. If their information flows are disrupted, the consequences can be devastating. Cyber incidents can cause irreparable damage. In the Netherlands alone, this damage has a price tag of over 1 billion euros a year.

The Cyber Security & Safety research group (CSS) conducts research into cyber security & safety and develops education in this field. The emphasis is on expanding existing scientific and other knowledge and enabling it to be applied in practice, with sufficient attention to the wide scope of the topic of cyber security & safety, as well as its multidisciplinary character.

Centre of Expertise for Cyber Security

Since November 2015, The Hague University of Applied Sciences has had its own Centre of Expertise for Cyber Security. The Cyber Security & Safety research group works within this expertise centre together with other knowledge institutions, companies and government agencies on innovation in cyber security.

   Read more about the report and annual plan.

Projects and publications

Qualification for information security professionals

In today’s information society, it is increasingly important that information security professionals possess a identifiable and recognised level of professional skill. But this is not always the case. This article outlines the results of a study into a uniform qualification and certification system for information security professionals.

Detection of Botnet Command and Control Traffic

Botnets are a serious threat to the Internet because they can have all kinds of undesirable effects, such as spreading spam and DDoS attacks. This article describes a new approach to detecting botnet command & control network traffic.

Bitcoin 2.0: Social implications

The transnational, decentralised and distributed peer-to-peer structure of Bitcoin technology and new applications of this technology have the potential to interfere with existing social relations and institutions. This article describes the possible consequences of new and existing applications of Bitcoin technology.

RAAK public project Safe Water

The Dutch water authorities play a crucial role in the management of surface water and purification of wastewater. More and more information technology is needed for this, not only for the digital processing of data, but also the remote control of vital structures like locks, pumping stations and water purification plants. If something goes wrong at any of these structures, the social consequences can be severe. That is why high demands are placed on information security within the water boards.
In response to rapid technological developments and major changes in the organisation of the water boards, good information security requires up-to-date knowledge and the latest technologies. The Cyber Security & Safety research group at The Hague University of Applied Sciences is carrying out the ‘Safe Water’ project together with TNO, the National Cyber Security Centre and the water board sector in order to provide information security professionals with new knowledge and technologies. A RAAK public subsidy was awarded for this research in 2013 by the Innovation Alliance Foundation.

The project entails two benchmarks, one for the maturity of the information security and one for information safety. An important result has been identifying a considerable discrepancy between the ambition levels for information safety and the maturity level measured. The benchmarks will be used by the water boards to further explore factors important to information safety together with THUAS.
The benchmarks also provide insight into the difference in risk perception between various parties within the water authorities, important for developing an improvement strategy.
Another aspect of the project focuses on rendering existing methods and technologies applicable for the water authorities and developing new technologies based on existing knowledge and new insights. Important results include an information risk analysis method that can be used by all water boards and a cyber security simulator that will be used to identify risks to people dealing with the information security of process automation (ICT professionals and managers). The simulator will also be used for further research in future projects and in education.
This project is an integral part of the education offered by the Faculty of IT and Design at The Hague University of Applied Sciences. In addition to the research group, the bulk of the research is carried out by lecturer-researchers and students. They have identified and expanded the existing knowledge through literature and on-site studies. The simulator was developed and built for the majority of successive groups of students (from various disciplines: ‘Computer Science’ and ‘Information Security Management’). As a result, a long-term line of research – still quite uncommon for a university of applied sciences – has been established in which students and lecturers can not only enhance their individual knowledge of information security (at water boards), but also their research skills and, while doing so, help professionals in the sector progress further (see below). The approach and results of the research are currently being incorporated into new teaching materials for the new Broad Bachelor’s degree programme in ICT being rolled out by The Hague University of Applied Sciences.
The benchmarks have resulted in enhanced knowledge of information security among those ICT professionals from the water authorities involved and greater awareness of information security on the water board management level. A sector-wide discussion has also been initiated in which THUAS is taking part as a partner about the information security situation at water authorities, the forerunners in the sector and the extent to which the water boards can learn from one another. This has resulted in working groups that identify and share good practices.
An information risk analysis method for the water boards has been developed to make methods and technologies applicable for the water boards. Successful pilots with this method have been carried out a large number of water boards will now be applying this method. To help them with this, a training workshop is being offered.
All of these activities have also revealed a desire to further address this problem as a sector. Follow-up funding will be sought by the sector and coordinated by the Centre of Expertise for Cyber Security at The Hague University of Applied Sciences.

Information security is first and foremost about people.

Head of the research group Marcel Spruit

Marcel Spruit, head of the research group (2003-present)

Marcel Spruit boasts many years of experience in information and cyber security. He is responsible for research into cyber security and the development of education in this field and is personally and intensely involved in both the research and education development.
Marcel is affiliated with the PBLQ consultancy firm as a senior consultant, where he provides advice on organisational aspects, especially the topics of information and cyber security. He also carries out audits, second opinions and security studies.
Prior to his appointment as head of the research group, Marcel worked on quality assurance at Fokker Space and as a senior lecturer for the Information Systems department at the Delft University of Technology, where he specialised in information security, human failure and the organisation of security.

Contact Head of Cyber Security & Safety research group

Marcel Spruit | LinkedIn
Head of the Cyber Security & Safety research group
+31 (0)6 – 86805928

The Hague University of Applied Sciences
Johanna Westerdijkplein 75
Postbus 13336
2501 EH The Hague
The Netherlands


Research team

Mecheline Rutjes

Steven Querido

Ellen Wesselingh

Drag sideways