Lagebild zum Hackerangriff auf Telekomgeräte

Unsere Partner von der FU Berlin im Projekt RiskViz haben zum aktuellen Angriff auf die Router der Telekom ein detailliertes Lagebild erstellt. Nach den USA ist Deutschland am Häufigsten betroffen. Details des Lagebildes und weitere Karten können bei der FU eingesehen werden.

TR069 Germany 20161123

Quelle: Freie Universität Berlin/scadacs.org

Current Projects

  • fit4sec
  • RiskViz
  • SenSE4Metro
  • OSiMa
  • Sicherheitswirtschaft
  • Cyber Security
  • Terrorism
  • Risk and Crisis Communication

fit4sec - Centre of Excellence for Security and Technology

The Centre of Excellence for Security and Technology (fit4sec) will be supported by the Federal Ministry of Education and Research until the end of 2016 as part of the "Deutsche Antragsteller fit für Europa" (German Applicants fit for Europe) scheme. fit4sec pursues the aim of pooling expertise in the German security sector so as to successfully form German-European research alliances together with academic partners and end users. The intention of this is to improve the baseline situation of German enterprises significantly for participating in European security research projects.

fit4sec will, for this purpose, identify the strengths of the German security sector and, building upon that, establish and develop a dialogue between the industrial actors and the circle of end users and representatives of academic research. By integrating selected European partners, the aim is to thus establish excellent international research alliances that are able to contend successfully with European competitors in future research projects. fit4sec will also develop tools whereby security research findings can be applied efficiently in academic and vocational training. This will help counteract the future shortage of qualified personnel in the civil security sector.

The core team of fit4sec comprises the IABG in Ottobrunn and Berlin, Brandenburg Institute for Society and Security in Potsdam, Fraunhofer FOKUS in Berlin and the University of the Federal Armed Forces in Munich.

Within fit4sec BIGS is dedicated to capacity building in the field of civil security (research, teaching and training), focusing particularly on socio-scientific security research. BIGS is also responsible for networking on matters of resilience.

For more information on the project visit http://www.fit4sec.de/en/.

RiskViz – Providing a risk situation picture of industrial IT security in Germany

Cyber attacks on critical infrastructures are having an increasingly negative impact on the private sector and governments and thus on the general public who depend on their services as well. At the same time, many operators of critical infrastructure are increasingly connecting their Industrial Control Systems (ICS), which are also used in many critical infrastructures, to the Internet to monitor and control their operations in an uncomplicated and inexpensive way. However, security incidents in the past have shown that connecting an internal IT environment to the Internet can increase vulnerabilities to network breaches, data theft and Denial-of-Service activities in the industrial environment of electricity plants and other critical infrastructure. Yet, the federal government, federal states or municipalities, which are in charge of critical infrastructures, have no appropriate means to assess the intensity of threats, vulnerabilities and potential impacts and to make them transparent for operators. Moreover, it is extremely difficult to insure critical infrastructures against damages due to IT security breaches.

Within the framework of its IT Security Research Program, the Federal Ministry of Education and Research is funding the project "Providing a risk situation picture of industrial IT security in Germany" (RiskViz). In a consortium with the University of Applied Sciences Augsburg, the Freie Universität Berlin, Genua mbH, Koramis GmbH, LEW Verteilnetz GmbH, Technologie Centrum Westbayern and MunichRe (associated partner), the Brandenburg Institute for Society and Security (BIGS) will develop methods and instruments to identify ICS that have insufficient protection against cyberattacks. The research project aims to create a search engine that is capable of finding ICS and of collecting relevant information about the system and its risk situation without interfering with its operations.

The overall aim of this project is to improve the German economy's IT security, in particular with regard to critical infrastructures. Within this scope, BIGS will analyze the regulatory framework that is necessary for the development of a market for cyber insurance and will highlight and develop further political and economic instruments that could help to close identified security breaches.

bmbf rgb gef l

SenSE4Metro 

SenSE4Metro is a joint project involving partners from BIGS Potsdam, the Fraunhofer Institute, the Berliner Fire Brigade, ITC Engingeering and Universität Bundeswehr. The project will provide information leading to improved security of persons in urban underground trains and underground stations during emergency situations. BIGS will implement a Work Package that will investigate the feasibility of internationally standardizing response protocols by testing cultural differences between firefighters across countries.

In the first phase, this will involve systematic comparison of responses in emergency situations that have occurred in a wide spectrum of socio-economic backgrounds. This will be augmented by a review of existing regional and national protocols, which will determine existing underlying differences in emergency response. In the second phase, laboratory-based experimental games and computer-based simulations will determine the extent to which cultural differences exist at the individual level and the extent to which such differences can be overcome by the adoption of standardized protocols.

For more information on the project visit sense4metro.org.

 

Sense4Metro

bmbf rgb gef l

OSiMa - Organization and Regulation of the Civil Security Market in Germany

In academic literature and in public discourse often the assumption can be found that the protection of the  society from terrorism, crime or natural disasters is a public good, which due to its nature has to be provided and financed by the public sector. Though, since years there is a trend towards increased private provision of protection in order to achieve security. Security in this connection is not to be understood as the absolute absence of threat, but as a function of threat and protection. While in Germany the public inflation-adjusted spending stagnates, the private security business keeps growing at a faster pace than the economy as a whole (Gummer & Stuchtey, 2014). Here we observe a relative shifting of public towards private provision of protection, which one can term privatization in the wider sense. Moreover, a privatization in the more narrow sense can be identified in a few realms of security. Luggage inspection and screening of persons at airports is one of the most obvious examples.

Besides state-controlled actions to protect economy and society, private enterprises are required to contribute themselves to safeguarding their value added chains. At the same time, in an open economy such value added chains are cross-frontier, thus the protection has an international dimension. Besides deploying private security service providers, many companies develop internal concepts in order to protect integrity and resilience of their organizations against white-collar crime. This entails comprehensive Compliance Management Systems (CMS), which manifest features of privatization of security in the wider sense. For instance there are internal investigations which sometimes replace that of prosecuting attorneys. The danger of circumventing process principles in accordance with the rule of law cannot be precluded in this context.

While the description if this trend and its extent by means of individual indicators (e.g., growth in sales, number of persons employed) has been subject to earlier examinations and studies, the underlying causes and the consequences for organizational and regulative  embodiment of the privatization process has been hardly analyzed in Germany. To date, a comprehensive and interdisciplinary analysis of the good “protection” has yet to be conducted, by means of which political leadership, administration, security business and society can evaluate diverse courses of action.

Within the framework of the topic “Civil Security – New Economic Aspects” from the program “Research for Civil Security 2012-2017” the German Federal Ministry of Education and Research (BMBF) funds the consortium project “Organization and Regulation of the Civil Security Market in Germany” (OSiMa). Coordinated by the Brandenburg Institute for Society and Security (BIGS), we partnered with the Viadrina University Frankfurt (Oder), the Friedrich-Schiller-University Jena (FSU Jena), the University of Potsdam, the Federal Association of the German Security Industry (BDSW), and the Fraunhofer Institute for Open Communication Systems (FOKUS).

The OSiMa consortium analyzes collaboratively and multi disciplinarily which forms of the good “security” exist, and how these should be organized and financed. It is of particular interest which contribution the private security business can provide from a viewpoint of regulatory policy. Furthermore, the framework shall be described within which new services and forms of organization of protection and security supplied by the security business can develop.

 Gefrdert vom BMBF

Sicherheitswirtschaft

Die Sicherheitswirtschaft leistet neben den öffentlichen Institutionen einen wichtigen Beitrag zum Schutzniveau der Gesellschaft. Allerdings gab es über diese Branche kaum Daten — bisher fehlten eine allgemeine anerkannte und klare Definition der Sicherheitswirtschaft sowie eine nachvollziehbare Datenquelle, um vergleichbare Eckdaten zu erfassen.

Am BIGS versuchen wir einen Beitrag zu leisten, die Sicherheitswirtschaft als Branche besser zu verstehen. Dabei definieren wir die Sicherheitswirtschaft wie folgt:

Die Sicherheitswirtschaft umfasst alle Unternehmen, die Produkte und Dienstleistungen zum Schutz von kritischen Infrastrukturen sowie zum Schutz vor Kriminalität, Wirtschaftsspionage und Terrorismus und zur Bewältigung von Krisen und (Natur-) Katastrophen anbieten. Unter dem Begriff der Kriminalität werden Alltagskriminalität, Gewaltkriminalität, organisierte Kriminalität und Internetkriminalität zusammengefasst.

Auf der Grundlage dieser Definition erhebt das BIGS seit 2012 jährlich Daten zur Sicherheitswirtschaft in Deutschland, um den Umfang, die Entwicklung und Trends der Branche zu erfassen und zu analysieren. Die dabei gewonnene Datenbasis bietet für Politik, Wirtschaft und Gesellschaft gleichermaßen die Möglichkeit, ein fundiertes Verständnis über den Beitrag der Sicherheitswirtschaft für das Schutzniveau Deutschlands und Trends in dieser Branche zu erlangen sowie deren Mehrwert für die deutsche Gesellschaft zu analysieren.

Zum Ausbau der bestehenden Analysebasis wird ein Unternehmenspanel aufgebaut, für welches wir fortwährend Teilnehmer suchen. Wenn Sie Interesse an einer Teilnahme haben, finden Sie hier weitere Informationen.

Analysen zu der Thematik wurden unter anderem im Rahmen des WISIND-Projektes publiziert.

Economic and Social Aspects of Cyber Security

BIGS is particularly dedicated to the economic and social dimensions within the research field of cyber security. Although cooperation between government, business and science regarding cyber security is improving on the national as well as international level, there is still urgent need for action. This is where BIGS comes into play and uses its organizational and research capacities to tackle various aspects of cyber security from a cross-disciplinary perspective.

These are, firstly, the social and structural changes that result from advancements in information and communication technology. Secondly, questions about constraints put upon various institutions, organizations and actors of cyber security are examined in the interdisciplinary setting of the Brandenburg Institute for Society and Security. Aside from issues of internet governance, BIGS also deals with the challenges imposed on the Germany economy by interconnectedness and digitalization. The focus here is on cooperation between business on the one hand and government actors and institutions on the other hand, as well as the safety of highly interconnected industries in the area of critical infrastructures.

In order to discuss these cyber-security issues, BIGS organizes together with Hasso Plattner Institute the annual Potsdam Conference of National Cyber Security. This conference aims to bring together stakeholders from politics, administration, and economy in a neutral place of science in order to jointly analyze operating options in the area of cyber security, to discuss defense mechanisms and their technical feasibility, as well as to provide a forum for mutual exchange and networking.

Publications in this field address, for example, the importance of civilian cyber security (BIGS Essence: Civilian Cyber security: Cybercrime between reality and risk) or illuminate cyber security under the heading of "digital hygiene".

Terrorism

Terrorism and politically/religiously motivated violence have a wide ranging impact on the state, society and citizens, be it under the aspect of social peace, economic effects, societal resilience and individual security.

The BIGS is working on different aspects of this complex challenge, including structures, strategies and objectives of terrorist actors, countermeasures and concepts, radicalization and de-radicalization programs, counter-terrorism legislation and the field of tension between liberty and security.

The BIGS is part of the "Radicalisation Awareness Network (RAN)" of the European Commission which aims on fostering exchange between practitioners, policy makers and academics.

Risk and Crisis Communication

BIGS has a long-term focus on risk and crisis communication in the field of civil security. The application of risk and crisis communication in the field of public risk and crisis management is central to research projects as well as the exploration of how our society deals with risk and crises - especially in politics and media.

Additionally, BIGS provides a platform of in-depth discussion on the topics of risk and crisis communication in relation to social resilience, which is understood as the self-help capacity of a population in crisis and disaster situations. Apart from project work and research on these topics, BIGS also organizes events concerning risk and crisis communication issues on a regular basis.

Recently, BIGS hosted a symposium on "Social Media in Crisis and Disaster Management" together with the Department of Business Information Systems and Electronic Government at the University of Potsdam (November 2013). The symposium proceedings titled "Social Media in Crisis and Disaster Management" were published at GITO Verlag in spring 2014.