Cyber attacks on critical infrastructure operators
The WannaCry ransomware attack first manifested itself on May 12, 2017. It also impacted private individuals, but those principally affected in Germany were large organizations and facilities such as railroad operator Deutsche Bahn and hospitals. WannaCry infected computers with a so-called ransomware cryptoworm, which encrypted data and only decrypted them following payment of a ransom in Bitcoin. What made WannaCry especially treacherous was that it spread from one computer to another without any action on the part of users. Germany’s Federal Office for Information Security was still receiving reports of attacks more than six months later. All in all, over 200,000 computers in 150 countries were infected.
Industroyer, also known as CrashOverride, was a malware that caused a major power outage in the Ukraine capital, Kiev, in 2016. It enabled hackers to hijack the process control systems of Ukraine’s power grid. Although it principally targets power utilities, this sophisticated and highly dangerous malware is designed to attack industrial control systems in any sector whatsoever. Investigators therefore concluded that the hackers evidently had substantial funds and resources at their disposal and that their long-term goal was to sabotage industrial companies and critical infrastructure.
Research and development for enhanced cybersecurity
The importance of IT security continues to grow, not least in the realm of critical infrastructure. In the past, such systems were largely operated as stand-alone facilities and, as such, well monitored and easy to control. Today, digitalization has interconnected them, with the result that they are no longer isolated and insulated against attack. Naturally, this also means they can now be remotely accessed, and their data retrieved for analysis. And this connectivity creates a host of openings for new research and development. For example, technology is required to ensure efficient monitoring and reliable operation of critical infrastructure as well as a rapid response in the event of problems. But it also generates risks: key facilities and processes can be manipulated, and critical infrastructure can be made to crash with devastating consequences for civil security and the supply of essential services.
Analytic tools for evaluating security in critical infrastructure for specific sectors
For many years now, the Fraunhofer Institute for Applied and Integrated Security AISEC has been carrying out research and development projects with and on behalf of operators of critical infrastructure on the regional, national and European level. Such projects focus on the development and systematic implementation of security concepts specially tailored to the specific requirements of critical infrastructure. Many operators of critical infrastructure simply lack the expertise and the human resources to properly assess the IT security risks they face and to determine the appropriate measures on the basis of a cost-benefit analysis. This is where a lot of Fraunhofer AISEC projects begin.
Within the EU-funded SPARKS (Smart Grid Protection Against Cyber Attacks) project, for example, Fraunhofer researchers have teamed up with a number of municipal utilities in order to develop an easy-to-implement, IT-supported methodology for use with, in particular, smart grids. This enables power grid operators to practice systematic risk management, including threat identification and impact assessment.
The ECOSSIAN (European Control System Security Incident Analysis Network) project – itself part of the European Programme for Critical Infrastructure Protection (EPCIP) – focused on the development of key technology and reference architecture for delivering secure critical infrastructure. This was designed to enable preventive services such as early warning and anomaly detection across multiple locations, and to improve emergency and disaster management. Processes developed in the course of this project include AI-driven anomaly detection methods and multi-party protocols for the secure transfer of sensitive data between infrastructure operators, thereby enabling them to share general situational awareness information without having to reveal confidential infrastructure details. In addition, researchers devised and implemented hardware-based procedures for authentication and data-protection compliance in conjunction with smart meters and smart meter gateways. This system has been tested in various scenarios involving critical infrastructure in the financial, transportation and energy sectors. Fraunhofer AISEC was also involved in drawing up recommendations for future security standards for smart grids and for an early-warning system that enables information-sharing on current threat levels without the requirement to reveal sensitive data from the jeopardized facilities.
In the course of such projects, Fraunhofer AISEC has acquired a wealth of expertise in critical infrastructure. This is now to be made available to small and medium-sized operators of critical infrastructure, who often face major organizational hurdles in terms of ensuring IT security. This problem was also the focus of the MoSaIK project, which investigated model-based security assessments of ICT-reliant critical infrastructure. Funded by the Federal Ministry of Education and Research (BMBF), the project spawned a number of innovative approaches that enable operators without specialized IT security know-how to analyze the IT security of their systems.
National Research Center for Applied Cybersecurity CRISP
Recent advances in areas such as artificial intelligence and quantum technology are generating exciting new opportunities. Yet they also entail risks, which in turn pose major challenges for cybersecurity research. At Germany’s National Research Center for Applied Cybersecurity CRISP in Darmstadt, some 450 scientists are now investigating how best to safeguard critical infrastructure and provide long-term protection for IT systems. CRISP is a research facility established by the Fraunhofer-Gesellschaft for its two Darmstadt institutes, the Fraunhofer Institute for Secure Information Technology SIT and the Fraunhofer Institute for Computer Graphics Research IGD. It also involves the participation of TU Darmstadt and Darmstadt University of Applied Sciences. CRISP is funded by the Federal Ministry of Education and Research (BMBF) and the State of Hesse.