Security of Urban Infrastructures Against Cyberattacks (SecAttack)
With the increasing militarization of cyberspace as well as proliferation of malware among non-state actors and cybercriminals, urban infrastructures are an attractive target with potentially devastating intended and unintended consequences. Since these heterogeneous infrastructures are marked by a highly automated flow of different services which rely on each other’s functionality, they provide a broad range of attack vectors that are hard to secure.
To reduce the risk of escalating conflicts in cyberspace, SecAttack analyzes these dependencies and develops tools that helps to increase transparency around state-owned arsenals of exploits to incentivize their reductions and foster secure IT systems. In addition, the project investigates knowledge-sharing and open-source intelligence about cyber threats to urban infrastructures.
Project Coordinator: Prof. Christian Reuter, E-Mail
Integrating Safety and Security Aspects in Secure Urban Infrastructures (SaSec)
Safety and security interact with one another in a wide range of industries, especially in critical urban infrastructures.
An example concerns hospitals where medical records are encrypted by malware: This can disrupt medical treatments, disable medical equipment endangering patients’ lives and thereby compromise safety.
Insecure always means unsafe. Inversely, too much security often impairs safety. Integrating these two concepts and addressing potential implications remains an open challenge. Additionally, keeping the human in a loop is an important contributing factor to the resilience of the system.
SaSec therefore seeks to firstly address the safety dimensions of security-relevant applications developed by other projects of SecUrban and secondly empower humans by visualization and other appropriate measures to promote resilience of the systems as well as encourage secure and safe behaviors.
Project Coordinator: Prof. Joachim Vogt, E-Mail
Security Modelling and Simulation of Secure Urban Infrastructures (SeMS)
Through digitization, intelligent cities offer a multitude of advantages and development opportunities for the administration, economy and civil society. However, digitization also increases the attack surface of smart cities and their infrastructure. As attacks and failures are inevitable, concepts are required that increase the resilience of smart cities.
In this context, SeMS provides a simulation and optimization platform that allows stakeholders to “experience” and understand their roles within smart cities. This platform shall then provide a basis for discerning interdependencies between stakeholders and investigating consequences of their decision-making during challenging situations (including attacks and failures) in a safe environment. Ultimately, advancements in this project aim to support city planners and decision-makers alike by supporting them in the planning of resilient infrastructures and the development of problem mitigation strategies.
Project Coordinator: Prof. Max Mühlhäuser, E-Mail
Secure Urban Mesh Networks (Smesh)
The critical infrastructure Information and Communication is the basis for proper operation of all other critical infrastructures. Smesh considers a break-down of the primary communication system due to ongoing cyberattacks and how backup networks can offer secure and resilient operation, potentially with degraded or delay-tolerant service.
Current secure-by-design network protocols which also protect the availability of communication suffer from abysmal scalability properties and limited DoS protection.
Smesh therefore seeks to investigate latency and reliability requirements for selected critical infrastructures, perform a requirement analysis under a strong adversary, design and implement on this basis a prototype and study the performance of this solution in simulation and practice, including performance under attack.
Project Coordinator: Prof. Matthias Hollick, E-Mail
Situation Awareness for Smart Cities (SiAware)
Smart cities have an increasing number of sensors to measure all kinds of data like weather conditions or traffic density. At the lower levels of a smart city there are even more sensors in the form of personal sensors and wearables. While the aggregation of all these sensors and IoT devices present new vectors of attack, they also provide new chances to generate big datasets to benefit smart cities.
SiAware seeks to leverage these big datasets to detect abnormal situations that can occur in smart cities with methods of machine learning. A particular focus lies on intrusion detection which is a subdomain of the detection of abnormal situations. An enhancement of the possibilities and accuracy of situation awareness in smart urban areas thus leads to enhanced security of infrastructures and individuals. Privacy requirements are taken into account.
The output of this project can also be fed into the design process of new infrastructures.
Project Coordinator: Florian Kirchbuchner, M. Sc., E-Mail
Architecture and Processes for Effective Cybersecurity and Privacy Protection in Smart Cities (SecArch)
The digitalization of urban infrastructures is a complex undertaking, taking place in an environment typically ill-prepared for it and facing multiple challenges itself. This applies in particular to cybersecurity and privacy protection in the newly emerging information and communication infrastructures and large data collections. Cybersecurity and data protection are also the keys to the society’s acceptance of the urban infrastructure solutions. At the same time, only when stakeholders approach technology and governance do smart city projects have a chance of success.
SecArch identifies cybersecurity and privacy requirements for urban infrastructures as well as researches criteria for their effective deployment. This is done on the governance, technical and economic level, resulting in processes, structures and an architecture for cybersecurity and privacy of urban infrastructures.
Project Coordinator: Dr. Haya Shulman, E-Mail