Lagebild zum Hackerangriff auf Telekomgeräte

Unsere Partner von der FU Berlin im Projekt RiskViz haben zum aktuellen Angriff auf die Router der Telekom ein detailliertes Lagebild erstellt. Nach den USA ist Deutschland am Häufigsten betroffen. Details des Lagebildes und weitere Karten können bei der FU eingesehen werden.

TR069 Germany 20161123

Quelle: Freie Universität Berlin/scadacs.org

Current Projects

  • RiskViz
  • SenSE4Metro
  • OSiMa
  • Sicherheitswirtschaft
  • Cyber Security
  • Terrorism
  • Risk and Crisis Communication
  • HERMENEUT
  • Fit4Sec / BERKoS
  • Demokratie leben! Integration at eye level

RiskViz – Providing a risk situation picture of industrial IT security in Germany

Cyber attacks on critical infrastructures are having an increasingly negative impact on the private sector and governments and thus on the general public who depend on their services as well. At the same time, many operators of critical infrastructure are increasingly connecting their Industrial Control Systems (ICS), which are also used in many critical infrastructures, to the Internet to monitor and control their operations in an uncomplicated and inexpensive way. However, security incidents in the past have shown that connecting an internal IT environment to the Internet can increase vulnerabilities to network breaches, data theft and Denial-of-Service activities in the industrial environment of electricity plants and other critical infrastructure. Yet, the federal government, federal states or municipalities, which are in charge of critical infrastructures, have no appropriate means to assess the intensity of threats, vulnerabilities and potential impacts and to make them transparent for operators. Moreover, it is extremely difficult to insure critical infrastructures against damages due to IT security breaches.

Within the framework of its IT Security Research Program, the Federal Ministry of Education and Research is funding the project "Providing a risk situation picture of industrial IT security in Germany" (RiskViz). In a consortium with the University of Applied Sciences Augsburg, the Freie Universität Berlin, Genua mbH, Koramis GmbH, LEW Verteilnetz GmbH, Technologie Centrum Westbayern and MunichRe (associated partner), the Brandenburg Institute for Society and Security (BIGS) will develop methods and instruments to identify ICS that have insufficient protection against cyberattacks. The research project aims to create a search engine that is capable of finding ICS and of collecting relevant information about the system and its risk situation without interfering with its operations.

The overall aim of this project is to improve the German economy's IT security, in particular with regard to critical infrastructures. Within this scope, BIGS will analyze the regulatory framework that is necessary for the development of a market for cyber insurance and will highlight and develop further political and economic instruments that could help to close identified security breaches.

bmbf rgb gef l

SenSE4Metro 

SenSE4Metro is a joint project involving partners from BIGS Potsdam, the Fraunhofer Institute, the Berliner Fire Brigade, ITC Engingeering and Universität Bundeswehr. The project will provide information leading to improved security of persons in urban underground trains and underground stations during emergency situations. BIGS will implement a Work Package that will investigate the feasibility of internationally standardizing response protocols by testing cultural differences between firefighters across countries.

In the first phase, this will involve systematic comparison of responses in emergency situations that have occurred in a wide spectrum of socio-economic backgrounds. This will be augmented by a review of existing regional and national protocols, which will determine existing underlying differences in emergency response. In the second phase, laboratory-based experimental games and computer-based simulations will determine the extent to which cultural differences exist at the individual level and the extent to which such differences can be overcome by the adoption of standardized protocols.

For more information on the project visit sense4metro.org.

 

Sense4Metro

bmbf rgb gef l

OSiMa - Organization and Regulation of the Civil Security Market in Germany

In academic literature and in public discourse often the assumption can be found that the protection of the  society from terrorism, crime or natural disasters is a public good, which due to its nature has to be provided and financed by the public sector. Though, since years there is a trend towards increased private provision of protection in order to achieve security. Security in this connection is not to be understood as the absolute absence of threat, but as a function of threat and protection. While in Germany the public inflation-adjusted spending stagnates, the private security business keeps growing at a faster pace than the economy as a whole (Gummer & Stuchtey, 2014). Here we observe a relative shifting of public towards private provision of protection, which one can term privatization in the wider sense. Moreover, a privatization in the more narrow sense can be identified in a few realms of security. Luggage inspection and screening of persons at airports is one of the most obvious examples.

Besides state-controlled actions to protect economy and society, private enterprises are required to contribute themselves to safeguarding their value added chains. At the same time, in an open economy such value added chains are cross-frontier, thus the protection has an international dimension. Besides deploying private security service providers, many companies develop internal concepts in order to protect integrity and resilience of their organizations against white-collar crime. This entails comprehensive Compliance Management Systems (CMS), which manifest features of privatization of security in the wider sense. For instance there are internal investigations which sometimes replace that of prosecuting attorneys. The danger of circumventing process principles in accordance with the rule of law cannot be precluded in this context.

While the description if this trend and its extent by means of individual indicators (e.g., growth in sales, number of persons employed) has been subject to earlier examinations and studies, the underlying causes and the consequences for organizational and regulative  embodiment of the privatization process has been hardly analyzed in Germany. To date, a comprehensive and interdisciplinary analysis of the good “protection” has yet to be conducted, by means of which political leadership, administration, security business and society can evaluate diverse courses of action.

Within the framework of the topic “Civil Security – New Economic Aspects” from the program “Research for Civil Security 2012-2017” the German Federal Ministry of Education and Research (BMBF) funds the consortium project “Organization and Regulation of the Civil Security Market in Germany” (OSiMa). Coordinated by the Brandenburg Institute for Society and Security (BIGS), we partnered with the Viadrina University Frankfurt (Oder), the Friedrich-Schiller-University Jena (FSU Jena), the University of Potsdam, the Federal Association of the German Security Industry (BDSW), and the Fraunhofer Institute for Open Communication Systems (FOKUS).

The OSiMa consortium analyzes collaboratively and multi disciplinarily which forms of the good “security” exist, and how these should be organized and financed. It is of particular interest which contribution the private security business can provide from a viewpoint of regulatory policy. Furthermore, the framework shall be described within which new services and forms of organization of protection and security supplied by the security business can develop.

For further information on OSiMa please visit the dedicated project website: www.sicherheitsmarkt.org

 Gefrdert vom BMBF

Sicherheitswirtschaft

Die Sicherheitswirtschaft leistet neben den öffentlichen Institutionen einen wichtigen Beitrag zum Schutzniveau der Gesellschaft. Allerdings gab es über diese Branche kaum Daten — bisher fehlten eine allgemeine anerkannte und klare Definition der Sicherheitswirtschaft sowie eine nachvollziehbare Datenquelle, um vergleichbare Eckdaten zu erfassen.

Am BIGS versuchen wir einen Beitrag zu leisten, die Sicherheitswirtschaft als Branche besser zu verstehen. Dabei definieren wir die Sicherheitswirtschaft wie folgt:

Die Sicherheitswirtschaft umfasst alle Unternehmen, die Produkte und Dienstleistungen zum Schutz von kritischen Infrastrukturen sowie zum Schutz vor Kriminalität, Wirtschaftsspionage und Terrorismus und zur Bewältigung von Krisen und (Natur-) Katastrophen anbieten. Unter dem Begriff der Kriminalität werden Alltagskriminalität, Gewaltkriminalität, organisierte Kriminalität und Internetkriminalität zusammengefasst.

Auf der Grundlage dieser Definition erhebt das BIGS seit 2012 jährlich Daten zur Sicherheitswirtschaft in Deutschland, um den Umfang, die Entwicklung und Trends der Branche zu erfassen und zu analysieren. Die dabei gewonnene Datenbasis bietet für Politik, Wirtschaft und Gesellschaft gleichermaßen die Möglichkeit, ein fundiertes Verständnis über den Beitrag der Sicherheitswirtschaft für das Schutzniveau Deutschlands und Trends in dieser Branche zu erlangen sowie deren Mehrwert für die deutsche Gesellschaft zu analysieren.

Zum Ausbau der bestehenden Analysebasis wird ein Unternehmenspanel aufgebaut, für welches wir fortwährend Teilnehmer suchen. Wenn Sie Interesse an einer Teilnahme haben, finden Sie hier weitere Informationen.

Analysen zu der Thematik wurden unter anderem im Rahmen des WISIND-Projektes publiziert.

Economic and Social Aspects of Cyber Security

BIGS is particularly dedicated to the economic and social dimensions within the research field of cyber security. Although cooperation between government, business and science regarding cyber security is improving on the national as well as international level, there is still urgent need for action. This is where BIGS comes into play and uses its organizational and research capacities to tackle various aspects of cyber security from a cross-disciplinary perspective.

These are, firstly, the social and structural changes that result from advancements in information and communication technology. Secondly, questions about constraints put upon various institutions, organizations and actors of cyber security are examined in the interdisciplinary setting of the Brandenburg Institute for Society and Security. Aside from issues of internet governance, BIGS also deals with the challenges imposed on the Germany economy by interconnectedness and digitalization. The focus here is on cooperation between business on the one hand and government actors and institutions on the other hand, as well as the safety of highly interconnected industries in the area of critical infrastructures.

In order to discuss these cyber-security issues, BIGS organizes together with Hasso Plattner Institute the annual Potsdam Conference of National Cyber Security. This conference aims to bring together stakeholders from politics, administration, and economy in a neutral place of science in order to jointly analyze operating options in the area of cyber security, to discuss defense mechanisms and their technical feasibility, as well as to provide a forum for mutual exchange and networking.

Publications in this field address, for example, the importance of civilian cyber security (BIGS Essence: Civilian Cyber security: Cybercrime between reality and risk) or illuminate cyber security under the heading of "digital hygiene".

Terrorism

Terrorism and politically/religiously motivated violence have a wide ranging impact on the state, society and citizens, be it under the aspect of social peace, economic effects, societal resilience and individual security.

The BIGS is working on different aspects of this complex challenge, including structures, strategies and objectives of terrorist actors, countermeasures and concepts, radicalization and de-radicalization programs, counter-terrorism legislation and the field of tension between liberty and security.

The BIGS is part of the "Radicalisation Awareness Network (RAN)" of the European Commission which aims on fostering exchange between practitioners, policy makers and academics.

Risk and Crisis Communication

BIGS has a long-term focus on risk and crisis communication in the field of civil security. The application of risk and crisis communication in the field of public risk and crisis management is central to research projects as well as the exploration of how our society deals with risk and crises - especially in politics and media.

Additionally, BIGS provides a platform of in-depth discussion on the topics of risk and crisis communication in relation to social resilience, which is understood as the self-help capacity of a population in crisis and disaster situations. Apart from project work and research on these topics, BIGS also organizes events concerning risk and crisis communication issues on a regular basis.

Recently, BIGS hosted a symposium on "Social Media in Crisis and Disaster Management" together with the Department of Business Information Systems and Electronic Government at the University of Potsdam (November 2013). The symposium proceedings titled "Social Media in Crisis and Disaster Management" were published at GITO Verlag in spring 2014.

 

 

 

HERMENEUT

Cyber security breaches preying on companies’ vulnerable networks, are already part of day-to-day business. Today, to put it bluntly, a mere distinction is made between companies that have been hacked and those unaware of having been hacked. Classical risk analysis methodology, which aims at protecting and covering tangible assets, is inadequate with regard to modern-day cyber-attacks.

For digitalized businesses, intangible assets include the reputation of said business, intellectual property, technological expertise, and brand value, all of which require new insurance strategies and risk management. To foster a culture of inclusive risk management by both individual organizations and complete sectors, ”Enterprises’ Intangible Risks Management via Economic Models Based on Simulation of Modern Cyber-Attacks – HERMENEUT” assesses various organisations’ vulnerabilities and their corresponding at-risk assets, focusing on economic issues of cybersecurity. In this context, answers will be sought to the following questions:

- What are the implications or explicit business models of different types of cyber-attacker? What are their incentive structures, and how can these be affected?
- What are the short-, medium- and long-term risks and consequences for companies following a cyber-attack for both tangible and intangible assets?
- Do other types of attacks, beyond data breaches, severely impact intangible and tangible assets?
- What influence do publications of exploits have on the probability of attacks?
- Does the probability of an attack depend on variables such as the type of business, the market size, or the market power?

HERMENEUT’s cyber-security cost-benefit approach combines integrated assessment of companies’ vulnerabilities and the likelihood of these vulnerabilities with an economic model for intangible costs. This model delivers a quantitative estimation of the risks for an organisation or a business sector, as well as investment guidelines for mitigation measures. The project is part of the EU-funded Horizon 2020 research and innovation programme. BIGS, together with ten partners from Belgium, France, the United Kingdom, Israel and Italy, will help developing an innovative methodology and an advanced micro- and macro-economic model, making it available to the European research community.

HERMENEUT Logo

H2020 2

fit4sec – Building European Consortia for Security Research

fit4sec is supported by the Federal Ministry of Education and Research (BMBF) as part of the initiative “Deutsche Antragsteller fit für Europa” (German Applicants fit for Europe). As the “Centre of Excellence for Security and Technology” (2013-2016) the project aimed to pool the expertise in the German security sector and to improve the initial position of German enterprises (in particular SMEs) for participating in European security research projects. Since 2017 the project – Building European Consortia for Security Research (,,Aufbau Europäischer Konsortien für die Sicherheitsforschung”) – serves as a community and technological-information sharing platform, specifically affording German participants necessary coping mechanisms to better support quality end-user orientation in European security research (Horizon 2020 and FP9).

The core team of fit4sec comprises the IABG in Ottobrunn and Berlin, Brandenburg Institute for Society and Security (BIGS) in Potsdam, Fraunhofer Institute for Open Communication Systems (FOKUS) in Berlin and the University of the Federal Armed Forces in Munich (UniBwM) – in new conjunction with the Technisches Hilfswerk (THW), the Federal Criminal Police Office (BKA) and the German Association of Energy and Water Industries (BDEW).

Within fit4sec the work of BIGS focused on three key components: the socio-scientific aspects in civil security research, in particular in the field of societal resilience; capacity-building within the European security research sphere; as well as on how security research findings can be applied efficiently in academic and vocational training, in order to help counteract the future shortage of qualified personnel in the civil security sector. The particular focus now is to enhance community and consortia building within the field of civil security research through the organization and implementation of workshops, in order to successfully form German-European research alliances together with academic partners and end-users for Horizon 2020.

The key findings of the first round on "Capacity Building for European Security Research" are documented in the final report. The findings on the key topics “security education” and “societal resilience” in the field of civil security were published as follows:

• Below, Alexis (2016): Scanning the Landscape of Security Management Education in Europe. BIGS Policy Paper No. 6, Brandenburgisches Institut für Gesellschaft und Sicherheit.

• Below, Alexis (2015): Berufliche Aus- und Weiterbildung in der zivilen Sicherheit, BIGS Standpunkt zivile Sicherheit No. 2, Brandenburgisches Institut für Gesellschaft und Sicherheit.

• Baban, Constance P. (2014): Gesellschaftliche Resilienz – Grundlagen für die zivile Sicherheitsforschung, BIGS Standpunkt zivile Sicherheit No. 6, Brandenburgisches Institut für Gesellschaft und Sicherheit.

 

Further information on fit4sec (becoming a partner) can be found in the project website (fit4sec.de).

Website: www.fit4sec.de

Logo fit4sec 2017 E RGB                                                                                bmbf eng rgb gef m e

Integration at eye level – Peer mediation of values for refugees


Persons who have had to flee their home countries and are now attempting to navigate their new environment are looking for support, orientation, help and advice. The question as to where they will find their place within German society and of what tangible advantages the free and democratic order holds for their lives is difficult to realise. Existing strategies to mediate gaps in societal values mainly rely on a lecturing approach, while linguistic and cultural hurdles obstruct the sharing of knowledge and experience.

The project aims at an empathic value mediation by means of creating a platform for dialogue on equal footing. Within this framework, intercultural cohabitation on the basis of shared values can be discussed comprehensively and practically oriented. Refugees are supported in their long-term integration into the host society with the help of “peers“. Integrated persons with a migration background will be trained and empowered to act as imparters of knowledge and experience.

The innovative value of the pilot project lies, on the one hand, in the peer group approach, carried out in a workshop format. On the other hand, theatre education approaches in group work have proven to foster the development of soft skills, such as conflict prevention by means of communication. The initiation of reflection processes aims at raising awareness of the concrete advantages of the liberal-democratic value system for the participants‘ own lives. Therefore, the curriculum includes hot topics such as extremism of different kinds (Islamism, right-wing extremism etc.), in order to strengthen the newcomers’ tolerance of diversity and build their resilience vis-à-vis extremist ideologies.

The pilot project is carried out in cooperation with the European Foundation for Democracy (EFD) and funded by the German Federal Ministry of Family Affairs, Senior Citizens, Women and Youth (BMFSFJ), within the framework of the federal programme “Demokratie leben!”, as an approach for the prevention of radicalization.

We are searching for participants in our workshops. Click on the language for more information in arabic or german.

BuMi Familie