If cyber attacks paralyze critical infrastructure such as the power grid, water supplies, or medical services, the repercussions are massive. Yet small utility companies in particular often find it difficult to protect their own – and thus the entire – system adequately. Fraunhofer researchers are facilitating protection and risk analysis for this target group in particular.
The challenge lies in the fact that in the energy turnaround, facilities are connected with each other not only directly, but also increasingly via the Internet. What makes a great deal of sense in terms of energy policy represents a major challenge when it comes to cyber security, a challenge that demands robust security solutions. For those in positions of responsibility in power plants, this means the need to maintain state-of-the-art IT security across the board at all times – and not for one centralized structure, but for any number of heterogeneous, regional companies. Yet it is these companies in particular that often have difficulty in guaranteeing security.
While the Federal Office for Information Security in Germany has a standard assessment form – essentially a comprehensive questionnaire – designed to identify risks, it is far too complex for small companies. Researchers at the Fraunhofer Institute for Applied and Integrated Security AISEC are therefore involved in the MOSAIK project, intended to trim the questionnaire down: “We are shortening the process from 100 steps to 10, thereby making it much more manageable for smaller companies,” says Dr. Jörn Eichler, the head of department at Fraunhofer AISEC.
In the long term, it might even be possible to run through various measures in advance, and to test how helpful they might be against identified threats without disrupting operations.