Lagebild zum Hackerangriff auf Telekomgeräte

Unsere Partner von der FU Berlin im Projekt RiskViz haben zum aktuellen Angriff auf die Router der Telekom ein detailliertes Lagebild erstellt. Nach den USA ist Deutschland am Häufigsten betroffen. Details des Lagebildes und weitere Karten können bei der FU eingesehen werden.

TR069 Germany 20161123

Quelle: Freie Universität Berlin/scadacs.org

Current Projects

  • RiskViz
  • SenSE4Metro
  • OSiMa
  • Sicherheitswirtschaft
  • Cyber Security
  • Terrorism
  • Risk and Crisis Communication
  • HERMENEUT
  • BERKoS

RiskViz – Providing a risk situation picture of industrial IT security in Germany

Cyber attacks on critical infrastructures are having an increasingly negative impact on the private sector and governments and thus on the general public who depend on their services as well. At the same time, many operators of critical infrastructure are increasingly connecting their Industrial Control Systems (ICS), which are also used in many critical infrastructures, to the Internet to monitor and control their operations in an uncomplicated and inexpensive way. However, security incidents in the past have shown that connecting an internal IT environment to the Internet can increase vulnerabilities to network breaches, data theft and Denial-of-Service activities in the industrial environment of electricity plants and other critical infrastructure. Yet, the federal government, federal states or municipalities, which are in charge of critical infrastructures, have no appropriate means to assess the intensity of threats, vulnerabilities and potential impacts and to make them transparent for operators. Moreover, it is extremely difficult to insure critical infrastructures against damages due to IT security breaches.

Within the framework of its IT Security Research Program, the Federal Ministry of Education and Research is funding the project "Providing a risk situation picture of industrial IT security in Germany" (RiskViz). In a consortium with the University of Applied Sciences Augsburg, the Freie Universität Berlin, Genua mbH, Koramis GmbH, LEW Verteilnetz GmbH, Technologie Centrum Westbayern and MunichRe (associated partner), the Brandenburg Institute for Society and Security (BIGS) will develop methods and instruments to identify ICS that have insufficient protection against cyberattacks. The research project aims to create a search engine that is capable of finding ICS and of collecting relevant information about the system and its risk situation without interfering with its operations.

The overall aim of this project is to improve the German economy's IT security, in particular with regard to critical infrastructures. Within this scope, BIGS will analyze the regulatory framework that is necessary for the development of a market for cyber insurance and will highlight and develop further political and economic instruments that could help to close identified security breaches.

bmbf rgb gef l

SenSE4Metro 

SenSE4Metro is a joint project involving partners from BIGS Potsdam, the Fraunhofer Institute, the Berliner Fire Brigade, ITC Engingeering and Universität Bundeswehr. The project will provide information leading to improved security of persons in urban underground trains and underground stations during emergency situations. BIGS will implement a Work Package that will investigate the feasibility of internationally standardizing response protocols by testing cultural differences between firefighters across countries.

In the first phase, this will involve systematic comparison of responses in emergency situations that have occurred in a wide spectrum of socio-economic backgrounds. This will be augmented by a review of existing regional and national protocols, which will determine existing underlying differences in emergency response. In the second phase, laboratory-based experimental games and computer-based simulations will determine the extent to which cultural differences exist at the individual level and the extent to which such differences can be overcome by the adoption of standardized protocols.

For more information on the project visit sense4metro.org.

 

Sense4Metro

bmbf rgb gef l

OSiMa - Organization and Regulation of the Civil Security Market in Germany

In academic literature and in public discourse often the assumption can be found that the protection of the  society from terrorism, crime or natural disasters is a public good, which due to its nature has to be provided and financed by the public sector. Though, since years there is a trend towards increased private provision of protection in order to achieve security. Security in this connection is not to be understood as the absolute absence of threat, but as a function of threat and protection. While in Germany the public inflation-adjusted spending stagnates, the private security business keeps growing at a faster pace than the economy as a whole (Gummer & Stuchtey, 2014). Here we observe a relative shifting of public towards private provision of protection, which one can term privatization in the wider sense. Moreover, a privatization in the more narrow sense can be identified in a few realms of security. Luggage inspection and screening of persons at airports is one of the most obvious examples.

Besides state-controlled actions to protect economy and society, private enterprises are required to contribute themselves to safeguarding their value added chains. At the same time, in an open economy such value added chains are cross-frontier, thus the protection has an international dimension. Besides deploying private security service providers, many companies develop internal concepts in order to protect integrity and resilience of their organizations against white-collar crime. This entails comprehensive Compliance Management Systems (CMS), which manifest features of privatization of security in the wider sense. For instance there are internal investigations which sometimes replace that of prosecuting attorneys. The danger of circumventing process principles in accordance with the rule of law cannot be precluded in this context.

While the description if this trend and its extent by means of individual indicators (e.g., growth in sales, number of persons employed) has been subject to earlier examinations and studies, the underlying causes and the consequences for organizational and regulative  embodiment of the privatization process has been hardly analyzed in Germany. To date, a comprehensive and interdisciplinary analysis of the good “protection” has yet to be conducted, by means of which political leadership, administration, security business and society can evaluate diverse courses of action.

Within the framework of the topic “Civil Security – New Economic Aspects” from the program “Research for Civil Security 2012-2017” the German Federal Ministry of Education and Research (BMBF) funds the consortium project “Organization and Regulation of the Civil Security Market in Germany” (OSiMa). Coordinated by the Brandenburg Institute for Society and Security (BIGS), we partnered with the Viadrina University Frankfurt (Oder), the Friedrich-Schiller-University Jena (FSU Jena), the University of Potsdam, the Federal Association of the German Security Industry (BDSW), and the Fraunhofer Institute for Open Communication Systems (FOKUS).

The OSiMa consortium analyzes collaboratively and multi disciplinarily which forms of the good “security” exist, and how these should be organized and financed. It is of particular interest which contribution the private security business can provide from a viewpoint of regulatory policy. Furthermore, the framework shall be described within which new services and forms of organization of protection and security supplied by the security business can develop.

For further information on OSiMa please visit the dedicated project website: www.sicherheitsmarkt.org

 Gefrdert vom BMBF

Sicherheitswirtschaft

Die Sicherheitswirtschaft leistet neben den öffentlichen Institutionen einen wichtigen Beitrag zum Schutzniveau der Gesellschaft. Allerdings gab es über diese Branche kaum Daten — bisher fehlten eine allgemeine anerkannte und klare Definition der Sicherheitswirtschaft sowie eine nachvollziehbare Datenquelle, um vergleichbare Eckdaten zu erfassen.

Am BIGS versuchen wir einen Beitrag zu leisten, die Sicherheitswirtschaft als Branche besser zu verstehen. Dabei definieren wir die Sicherheitswirtschaft wie folgt:

Die Sicherheitswirtschaft umfasst alle Unternehmen, die Produkte und Dienstleistungen zum Schutz von kritischen Infrastrukturen sowie zum Schutz vor Kriminalität, Wirtschaftsspionage und Terrorismus und zur Bewältigung von Krisen und (Natur-) Katastrophen anbieten. Unter dem Begriff der Kriminalität werden Alltagskriminalität, Gewaltkriminalität, organisierte Kriminalität und Internetkriminalität zusammengefasst.

Auf der Grundlage dieser Definition erhebt das BIGS seit 2012 jährlich Daten zur Sicherheitswirtschaft in Deutschland, um den Umfang, die Entwicklung und Trends der Branche zu erfassen und zu analysieren. Die dabei gewonnene Datenbasis bietet für Politik, Wirtschaft und Gesellschaft gleichermaßen die Möglichkeit, ein fundiertes Verständnis über den Beitrag der Sicherheitswirtschaft für das Schutzniveau Deutschlands und Trends in dieser Branche zu erlangen sowie deren Mehrwert für die deutsche Gesellschaft zu analysieren.

Zum Ausbau der bestehenden Analysebasis wird ein Unternehmenspanel aufgebaut, für welches wir fortwährend Teilnehmer suchen. Wenn Sie Interesse an einer Teilnahme haben, finden Sie hier weitere Informationen.

Analysen zu der Thematik wurden unter anderem im Rahmen des WISIND-Projektes publiziert.

Economic and Social Aspects of Cyber Security

BIGS is particularly dedicated to the economic and social dimensions within the research field of cyber security. Although cooperation between government, business and science regarding cyber security is improving on the national as well as international level, there is still urgent need for action. This is where BIGS comes into play and uses its organizational and research capacities to tackle various aspects of cyber security from a cross-disciplinary perspective.

These are, firstly, the social and structural changes that result from advancements in information and communication technology. Secondly, questions about constraints put upon various institutions, organizations and actors of cyber security are examined in the interdisciplinary setting of the Brandenburg Institute for Society and Security. Aside from issues of internet governance, BIGS also deals with the challenges imposed on the Germany economy by interconnectedness and digitalization. The focus here is on cooperation between business on the one hand and government actors and institutions on the other hand, as well as the safety of highly interconnected industries in the area of critical infrastructures.

In order to discuss these cyber-security issues, BIGS organizes together with Hasso Plattner Institute the annual Potsdam Conference of National Cyber Security. This conference aims to bring together stakeholders from politics, administration, and economy in a neutral place of science in order to jointly analyze operating options in the area of cyber security, to discuss defense mechanisms and their technical feasibility, as well as to provide a forum for mutual exchange and networking.

Publications in this field address, for example, the importance of civilian cyber security (BIGS Essence: Civilian Cyber security: Cybercrime between reality and risk) or illuminate cyber security under the heading of "digital hygiene".

Terrorism

Terrorism and politically/religiously motivated violence have a wide ranging impact on the state, society and citizens, be it under the aspect of social peace, economic effects, societal resilience and individual security.

The BIGS is working on different aspects of this complex challenge, including structures, strategies and objectives of terrorist actors, countermeasures and concepts, radicalization and de-radicalization programs, counter-terrorism legislation and the field of tension between liberty and security.

The BIGS is part of the "Radicalisation Awareness Network (RAN)" of the European Commission which aims on fostering exchange between practitioners, policy makers and academics.

Risk and Crisis Communication

BIGS has a long-term focus on risk and crisis communication in the field of civil security. The application of risk and crisis communication in the field of public risk and crisis management is central to research projects as well as the exploration of how our society deals with risk and crises - especially in politics and media.

Additionally, BIGS provides a platform of in-depth discussion on the topics of risk and crisis communication in relation to social resilience, which is understood as the self-help capacity of a population in crisis and disaster situations. Apart from project work and research on these topics, BIGS also organizes events concerning risk and crisis communication issues on a regular basis.

Recently, BIGS hosted a symposium on "Social Media in Crisis and Disaster Management" together with the Department of Business Information Systems and Electronic Government at the University of Potsdam (November 2013). The symposium proceedings titled "Social Media in Crisis and Disaster Management" were published at GITO Verlag in spring 2014.

 

 

 

HERMENEUT

Cyber security breaches preying on companies’ vulnerable networks, are already part of day-to-day business. Today, to put it bluntly, a mere distinction is made between companies that have been hacked and those unaware of having been hacked. Classical risk analysis methodology, which aims at protecting and covering tangible assets, is inadequate with regard to modern-day cyber-attacks.

For digitalized businesses, intangible assets include the reputation of said business, intellectual property, technological expertise, and brand value, all of which require new insurance strategies and risk management. To foster a culture of inclusive risk management by both individual organizations and complete sectors, ”Enterprises’ Intangible Risks Management via Economic Models Based on Simulation of Modern Cyber-Attacks – HERMENEUT” assesses various organisations’ vulnerabilities and their corresponding at-risk assets, focusing on economic issues of cybersecurity. In this context, answers will be sought to the following questions:

- What are the implications or explicit business models of different types of cyber-attacker? What are their incentive structures, and how can these be affected?
- What are the short-, medium- and long-term risks and consequences for companies following a cyber-attack for both tangible and intangible assets?
- Do other types of attacks, beyond data breaches, severely impact intangible and tangible assets?
- What influence do publications of exploits have on the probability of attacks?
- Does the probability of an attack depend on variables such as the type of business, the market size, or the market power?

HERMENEUT’s cyber-security cost-benefit approach combines integrated assessment of companies’ vulnerabilities and the likelihood of these vulnerabilities with an economic model for intangible costs. This model delivers a quantitative estimation of the risks for an organisation or a business sector, as well as investment guidelines for mitigation measures. The project is part of the EU-funded Horizon 2020 research and innovation programme. BIGS, together with ten partners from Belgium, France, the United Kingdom, Israel and Italy, will help developing an innovative methodology and an advanced micro- and macro-economic model, making it available to the European research community.

HERMENEUT Logo

H2020 2

BERKoS – Building European Consortia for Security Research 

BIGS is proud to announce the foundation of a new project: BERKoS. BERKoS (Building European Consortia for Security Research, or ,,Aufbau Europäischer Konsortien für die Sicherheitsforschung”) serves as a technological-information sharing platform, specifically affording German participants necessary coping mechanisms to better support quality end-user orientation in European security research. BERKos is funded into 2021 by the German Ministry of Education and Research (BMBF) as a part of the “Deutsche Antragssteller fit für Europa” initiative. The project is a successor of fit4sec, (Centre of Excellence for Security and Technology), whose core team is particularly thrilled to work in conjunction with the Technisches Hilfswerk (THW), the Federal Criminal Police Office (BKA) and the German Association of Energy and Water Industries (BDEW).

bmbf eng rgb gef m e