Germany

AQUA-IT-Lab Laboratory for IT security at water utilities

The joint project AQUA-IT-Lab wants to develop new solutions for small and medium-sized operators of critical infrastructures. The safety of existing systems should be investigated with a reasonable effort for the operator. For small operators, a quick test will be developed. For medium-sized operators, a laboratory will set up a test environment with a combination of typical computer, guidance and control systems. Simulation programs allow a detailed examination and detailed safety tests without having to intervene in the ongoing operation of the systems.

ITS.APT

The joint project ITS.APT pursues the goal of extending this classic test method by the human factor, that is, the users of the IT infrastructure. The project will develop new methods to measure users' IT security awareness. The extent to which the security awareness of individuals plays a role in attacks on the IT infrastructure has not been proven to be practicable using traditional scientific measurement tools.

MoSaIK Model-based security analysis of ICT-based critical infrastructures

The joint project MoSaIK aims to support smaller operators of critical infrastructures in the analysis of the IT security of their computer and control systems. These are to be enabled by new methods and tools to always provide a timely and meaningful picture of the risks and the achieved safety level with justifiable effort. The project is pursuing a model-based research approach for the risk analysis and the assessment of the safety level, especially for smaller operators of critical infrastructures.

PREVENT Management software for preventive crisis and risk management for data centers of systemically important banks

The project PREVENT aims to develop methods and tools for a systematic security assessment of data centers. The approach is to combine behavioral rules and risk management with real-time measurements, security tests and simulations of threat scenarios. The combination of these different instruments in a new kind of software guarantees an improved protection of data centers.

SICIA Security Indicators for Critical Infrastructure Analysis

In the SICIA project, a procedure is developed with which operators of critical infrastructures can determine the current state of IT security in their facilities.This type of assessment is already required in many industry-specific guidelines as a prerequisite for the continuous improvement of security-relevant IT processes. However, a concrete approach that allows differentiated evaluation even of complex infrastructures down to the device level is not yet available.

INDI Intelligent Intrusion Detection Systems for Industrial Networks

The INDI project is researching a novel technology for detecting and controlling cyber attacks in industrial grids. Because modern attacks are often unique and therefore difficult to model, this technology is based on the concept of anomaly detection. Network traffic in industrial plants is automatically analyzed using machine learning techniques. From the analysis, models for the normal operation of the plants are derived and calculated. These models make it possible to identify unusual communications in the industrial networks and detect known or unknown attacks.

NGCert Next Generation Certification

The aim of the NGCert project is to develop the basics and procedures for dynamic certification. This is to ensure that all relevant quality and safety requirements of the certificate are adhered to at all times, even if technical innovations are integrated into the services. For this purpose, metrics must be defined that make IT security measurable and by means of which it can be continuously checked whether, for example, the criteria of a certificate are still met after a software or hardware update. At the same time, the verification of the certificate criteria should be automated.

APT-Sweeper Identification of malware based on analysis of the transmission context of data streams

Data streams always consist of information about the content of the message and context of the message (metadata, protocol data, time, etc.). Traditional approaches to identifying malware are based on an analysis of the content of incoming data streams. However, in many areas this procedure is only possible to a limited extent for reasons of data protection or fails because contents are protected against access in encrypted form. In the APT-Sweeper project, on the other hand, the transmission context is analyzed.

SFC Securing the Financial Cloud

The SFC project is developing a cloud platform for networking banks, ATMs and financial services transfer terminals. For this, methods of hardware and software security are combined with approaches from cloud computing. To make the complex access structure secure, innovative encryption technologies are used. Each user is assigned an attribute that reflects his authorizations. These attributes flow into an individual key that only matches the shared files. This procedure is combined with hardware security modules.

Pages

News

SMESEC project Open Call for SMEs and SME associations
SMESEC has released an open call for SMEs and SME associations in order to validate SMESEC framework and at the same time improve their systems’ security.
 
SMESEC is inviting SMEs to participate in the validation of the SMESEC framework. By participating you not only have influence on the evaluation of the SMESEC framework, but also improve your own company security and get up to €20.000 of funds!

Future Events

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

Where: Scottish Event Campus (SEC), Glasgow
When: 24-25 April 2019
 
CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.