University of Twente Researcher Wins National Cybersecurity Award for Ethics Framework
Enschede, Saturday, 24 January 2026.
Jeroen van der Ham-de Vos from University of Twente earned runner-up recognition in the Dutch Cybersecurity Research Paper Award for developing practical ethical guidelines that could prevent cybersecurity research from causing unintended harm before damage occurs, addressing risks from privacy breaches to vulnerability mishandling.
Award-Winning Research Addresses Critical Gap in Cybersecurity Ethics
The research paper titled “Operationalizing cybersecurity research ethics review: from principles and guidelines to practice” was co-authored by Dennis Reidsma from the Human Media Interaction group, Jeroen van der Ham-de Vos from the Design and Analysis of Communication Systems (DACS) group, and Andrea Continella from the Semantics, Cybersecurity and Services (SCS) group at the University of Twente [1]. The paper was published at the 2nd International Workshop on Ethics in Computer Security in 2023, demonstrating the university’s ongoing commitment to addressing ethical considerations in cybersecurity research [1]. The Dutch Cybersecurity Research Paper Award recognizes outstanding contributions to the field, with the complete list of winners announced on LinkedIn in January 2026 [1].
Framework Tackles Unintended Consequences of Security Research
According to the jury report, the research addresses “an important problem: the unintended consequences of cybersecurity research, which are frequently discovered only after serious harm has already occurred and is difficult or impossible to reverse” [1]. The paper provides a comprehensive framework by “clearly identifying a realistic and comprehensive list of risks—ranging from accidental privacy breaches to the mishandling of newly discovered vulnerabilities” [1]. This systematic approach represents a significant advancement in preventing potential damage before it materializes, addressing a critical gap in current cybersecurity research practices [1]. The framework’s broad applicability extends its potential impact beyond academic institutions to industry settings where new cybersecurity tools and technologies are developed [1].
Real-World Application Demonstrates Framework’s Relevance
The practical importance of such ethical frameworks becomes evident when examining recent cybersecurity incidents involving Dutch institutions. In 2024, Russian hackers from the Laundry Bear group successfully stole data from 62,000 Dutch police employees, exploiting vulnerabilities that could have been prevented [2][3]. Van der Ham-de Vos, speaking as a cybersecurity expert about this incident, emphasized the critical importance of proper risk assessment and implementation of security measures, stating it was “onbegrijpelijk” (incomprehensible) that the police failed to act adequately despite warnings [3]. The police had received an internal risk analysis in November 2022 warning about dangers in their Microsoft 365 environment, yet failed to fully implement recommended protective measures [3].
Industry Impact and Academic Recognition
The jury specifically highlighted that the proposed guidelines’ broad applicability means “their impact extends well beyond academia” and “could meaningfully improve ethical standards not only in university research labs but also in industry settings where new cybersecurity tools and technologies are developed” [1]. This recognition comes at a time when the University of Twente is actively expanding its cybersecurity research capabilities, as evidenced by its recent job posting for a Tenured Assistant Professor in Software Security within the SCS group, with applications due by March 20, 2026 [4]. The university’s cybersecurity research operates under the Twente University Centre for Cybersecurity Research (TUCCR), which focuses on strengthening security and digital sovereignty through research combining technical, socio-economic, and ethical expertise [4]. Van der Ham-de Vos continues to contribute to public discourse on cybersecurity issues, recently participating in media discussions about government IT security practices alongside other experts including Arie van Deursen from the Advisory College for ICT Assessment [5].