Background to the research project
Small and medium-sized operators of critical infrastructures face the problem that comprehensive IT security can only be ensured with an increased commitment of human or financial resources due to the high complexity and penetration. However, these resources are rarely available to small or medium-sized CRITIS operators, such as municipal or water utilities. Drinking water supply and wastewater disposal are indispensable in modern everyday life. However, the fact that computer, control and management systems are networked means that they are increasingly becoming the target of attacks. Security gaps in these systems must be identified and secured in the shortest possible time. However, the continuous operation of the systems restricts the space for experiments. This is where the Aqua-IT-Lab research project comes in.
Research project AQUA-IT-LAB
The research project of AQUA-IT-LAB develops adapted methods for the technical and organizational analysis of cyber security in critical infrastructures and derives appropriate resource-saving measures from them. Thereby, two goals are pursued in the method development:
First, a self-assessment tool is to provide information for action requirements to the operator. This is particularly suitable for small operators with less complex information systems.
Second, for larger IT infrastructures, on the other hand, a more in-depth analysis is necessary. For this purpose, a hybrid simulation laboratory will be used to examine specific vulnerabilities in more detail and to uncover cascading effects within the IT infrastructure.
Concrete goals of AQUA-IT-LAB
The research project is divided into four concrete objectives
Determining the optimal scope of critical infrastructure analysis in terms of survey, modeling and mapping effort as well as the expected level of damage (criticality analysis).
Mapping of criteria for rough security assessment in the form of a self-assessment tool
Development of a demonstrator for a hybrid test lab for efficient, scalable simulation of information systems in critical infrastructures
Design of measures derived from the test results for the technical, organizational and personnel improvement of IT security in critical infrastructures
Innovations and perspectives
AQUA-IT-Lab pursues two innovative approaches. On the one hand, a suitable solution is to be developed that allows small operators to quickly and reliably self-assess their security situation. On the other hand, methods are to be developed for operators with complex plants to identify specific vulnerabilities, to investigate them and to evaluate them with regard to the specific environment of computer, instrumentation and control systems. The flexible design of the hybrid laboratory allows the investigation method to be used in very different areas of utilities. The AQUA-IT-Lab project can thus make an important innovative contribution to the sustainable improvement of IT security in critical infrastructures in Germany.
Project partners and funding
The BMBF-funded joint project AQUA-IT-LAB is carried out jointly by the Chair of Business Informatics at the university and partners from practice. Project partners: HiSolutions AG, Pretherm GmbH, Wasser- und Abwasserzweckverband Calau, StWB/BRAWAG.