Auflistung nach Schlagwort "Cybersecurity"
1 - 10 von 12
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragThe application of Articial Intelligence for Cyber Security in Industry 4.0(INFORMATIK 2019: 50 Jahre Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge), 2019) Ben Zid, Ines; Parekh, Mithil; Waedt, Karl; Lou, XinxinThe use of Artificial Intelligence (AI) in different domains is continuously growing. In particular for cybersecurity, we can see the implementations of AI solutions, e.g. machine learning, in a wide range of applications from various domains. While some consider this step as risk for cybersecurity, others agree that it is in fact a solution to many issues as well. This leads to a higher necessity of having a right understanding as well as handling of cybersecurity controls that enforce meeting domain, project and application specific security targets. This implies that more efforts and resources have to be focused and invested towards cybersecurity. One reason for this is that attackers (threat agents) may integrate AI based algorithms and AI based evaluation of data, which forces the security staff to respond at a similar level. Thus, we are considering AI as a potential solution for satisfying a set of rising needs and objectives. In this paper, we present the concept for merging and integration of these three major domains and applications. Also, we detail the relevant motivations, requirements and challenges to be considered when coming to such combination.
- KonferenzbeitragComparison of Aviation and Automotive Standards and Methods in Terms of Safety and Cybersecurity(Software Engineering 2022 Workshops, 2022) Akkus, Yusuf; Annighoefer, BjoernSafety and security methods from the aviation and automotive are compared. Current safety and security standards and regulations for both product development aspects like systems engineering, hardware/software development and their management are considered. Methods and processes are investigated. The main purpose is to figure out and understand the backgrounds and to characterize the similarities and differences. Moreover, potential opportunities for transferring methods from one industry to another are identified. Aviation has more systematic development and involves authorities throughout the complete development lifecycle. Huge volumes in automotive leads to quality-driven development. Assessment structure and process activities provide potential transfer. For security both areas face same challenges and standardization activities and development run parallel. Methods are being mainly taken over from safety and assessment is incorporated into the safety assessment lifecycle today. For certification process, authorities must take action in both areas since the security ecosystem includes a bigger scope like infrastructure, communication devices, traffic control.
- ZeitschriftenartikelCybersecurity im medialen Diskurs(HMD Praxis der Wirtschaftsinformatik: Vol. 57, No. 3, 2020) Griesbacher, Eva-Maria; Griesbacher, MartinDie Digitalisierung hat in den letzten Jahren ein komplexes, sich scheinbar ständig veränderndes Feld möglicher Risiken hervorgebracht, dessen Ausmaße für Unternehmen zunehmend schwer erkennbar sind. Entsprechend wichtig wird die Frage, wie EntscheidungsträgerInnen und MitarbeiterInnen Gefahren im digitalen Raum besser erkennen, adäquat einschätzen und auf diese reagieren können. Da sich EntscheidungsträgerInnen in kleineren KMU meist über Internetrecherchen oder in der Tagespresse über Cybersecurity informieren, hängt ihre Risikoeinschätzung und Maßnahmensetzung davon ab, wie Cybersecurity-Themen in diversen Medien dargestellt und diskutiert werden. Basierend auf einer Diskursanalyse von 504 Medienberichten zum Thema Cybersecurity in Unternehmen zwischen 2010 und 2019 kommt der Beitrag zu dem Ergebnis, dass sich die Medien weniger an langfristig bestehenden Bedrohungslagen orientiert haben, sondern vielmehr an den spektakulärsten Zwischenfällen und typischen Rollenverteilungen zwischen „Gut“ und „Böse“. Insgesamt wurde der Cyberspace als ein unsicherer Raum für Unternehmen dargestellt – teilweise aufgrund des Verhaltens ihrer eigenen MitarbeiterInnen. Für IT-Unternehmen, Polizeibehörden und die Forschung bedeutet der Nachvollzug des medialen Cybersecurity-Diskurses eine verbesserte Einsicht in die selektive und situative Behandlung von Bedrohungslagen durch Medien und die damit verbundenen Verzerrungen unternehmerischer Risikoeinschätzungen. Zentral für die unternehmerische Cybersecurity ist zudem die Kompetenz der MitarbeiterInnen, die Gefahren akkurat erkennen zu können. In recent years, digitization has created a complex, seemingly ever-changing field of possible risks. The extent of these risks is increasingly difficult for companies to identify. Accordingly, the question of how decision-makers and employees can recognize, assess and react to dangers from cyberspace becomes increasingly important. Since decision-makers in smaller SMEs usually obtain information about cybersecurity through Internet research or through daily press, their risk assessment and measures depend on how cybersecurity issues are presented and discussed in various media. Based on a discourse analysis of 504 media reports on the topic of cyber security in companies between 2010 and 2019, the article comes to the following conclusion: The media has focused less on long-term existing threats and more on the most spectacular incidents and typical role distribution between “good” and “evil”. All in all, cyberspace was portrayed as an insecure space for companies—partly due to the behaviour of their own employees. For IT companies, police authorities and research, the understanding of the media cybersecurity discourse means an improved insight into the selective and situational treatment of threat situations by the media and the associated distortions in corporate risk assessments. Finally, the competence of the employees to accurately recognize the risks is central to corporate cybersecurity.
- KonferenzbeitragIdentity Management as a target in cyberwar(Open Identity Summit 2020, 2020) Fritsch, LotharThis article will discuss Identity Management (IdM) and digital identities in the context of cyberwar. Cyberattacks that target or exploit digital identities in this context gain leverage through the central position of IdM digital infrastructures. Such attacks will compromize service operations, reduce the security of citizens and will expose personal data - those of military personell included. The article defines the issue, summarizes its background and then discusses the implications of cyberwar for vendors and applicants digital identity management infrastructures where IdM is positioned as a critical infrastructure in society.
- TextdokumentInteractive graphical modeling of security artefacts for abstracted Industry 4.0 automation systems(INFORMATIK 2022, 2022) Tchuegoue Djeukoua,Louis Roger; Kreho,Edin; Belaidi,Siwar; Waedt,KarlThe frontend and backend are found in all software and therefore also on all websites. These two terms describe two different layers that make up programs or pages. About two thirds of all companies have their own website, and most employees use computers.Globally, cyberattacks are becoming more prominent and spreading to multiple areas, and the move to Industry 4.0 requires increased security measures. Important security precautions must be taken from the development of industrial devices that use the Industrial Internet of Things, with IEC 62443, ISO/IEC 27001, and their integration into the architecture of existing information and automation systems must be secure. IEC 62443 focuses on the IT security of so-called industrial automation and control systems (IACS), which are necessary for the safe and reliable operation of automated factories or infrastructures. ] Since security breaches are inevitable, it is also important to implement detection and response mechanisms in industrial automation and control systems (IACS). Together, these measures will enable various organizations to achieve an appropriate level of resilience. This paper discusses the interactive graphical representation of large-scale industrial automation systems for the purpose of modeling and evaluating cybersecurity during all phases of the industrial equipment life cycle. In addition, it addresses the expressiveness and scalability of front-end graphical problems by assuming that a multi-user back-end server with a semi-formal representation of cybersecurity-related artifacts is available, at least in software prototype form.
- TextdokumentScalable backend representation of security posture of IIoT systems(INFORMATIK 2022, 2022) Kreho,Edin; Djeukoua,Roger; Guiraud,Timothée; Waedt,KarlThe focus of this paper is the scalable modelling and database representation of cybersecurity postures as part of a framework for modelling of security artefacts. A cybersecurity posture describes the current state of protection of a system. During the lifecycle phases of a power plant or manufacturing facility this includes the semi-formal database representation of all components and subsystems of automation equipment, the controlled aggregates, the related sensors and the applied security controls. The type of database choice is discussed based on the need to serve as web backend server and scalable multi-user use. The frontend part of a comprehensive security artefacts modelling framework is not in the focus of this paper. One focus will be on the modelling related to network security artefacts as supporting assets. This will include all network devices and network endpoints with segregations between networks by physically unidirectional security gateways and firewalls. The primary assets (that are controlled or monitored) will be selected and can include pumps, pressurizers, valves, motors, circuit breakers and similar. The important part of the modelling is to be able to represent the potential attack vectors via supporting assets up to the primary assets that may potentially be destroyed or degraded by an attack. An important aspect of the data modeling is the security grading, as present in industrial environments, but not covered by the common IT security standards (like ISO/IEC 2700x). The current state of the art of tools and frameworks that cover a part of the intended data modelling will be outlined. The backend of a document based (e.g. MongoDB) database for modelling the relations will be presented in more detail. The backend semi-formal representation takes into account the semi-formal approach of structuring of the supporting assets, structuring of primary assets, linking between assets and association of Application Security Controls in the sense of ISO/IEC 27034-5 and ISO/IEC 27034-5-1 (for XML/JSON representation) to supporting assets.[ IS17] [IS18] A web framework will be used to interact with the backend data representation. Approaches to compare different revisions of a security posture will be outlined. This will help in planning and regularly monitoring the progress of a security posture, e.g. with regard to security audit preparations.
- KonferenzbeitragSecurity challenges and best practices for resilient IIoT Networks: Network Segmentation(INFORMATIK 2023 - Designing Futures: Zukünfte gestalten, 2023) Yatagha, Romarick; Waedt, Karl; Schindler, Josef; Kirdan, ErkanThe surging prominence of the Industrial Internet of Things (IIoT) introduces both unique prospects and complex issues for industrial control systems, notably within the cybersecurity sphere. Cybersecurity concerns are particularly acute for smart factories, entities that leverage IIoT capabilities like networked sensors and machine learning to streamline production. The heterogeneous devices from diverse manufacturers and vast interconnected networks heighten their susceptibility to cyber threats. This paper examines the contemporary cybersecurity landscape within smart factories, pinpointing current vulnerabilities and imminent threats. Drawing on this analysis, we put forth a suite of best practices and strategic measures to fortify IIoT networks, including but not limited to network segmentation and stringent access controls. We pay specific attention to network segmentation, a technique used to break down a computer network into manageable subnetworks, thus mitigating the risk of attacks. We propose an innovative network segmentation policy that leverages clustering, an unsupervised learning algorithm. This algorithm classifies network traffic into distinct categories based on, but not limited to, source and destination IP addresses, employed protocol, and packet size. This data-driven classification simplifies network segmentation and configuration, minimizing their complexity. The paper also underlines the critical role of employee training and awareness in establishing robust security practices, particularly for the design, integration, and deployment of IIoT devices and edge computing. Our findings offer actionable insights for industrial control systems operators and cybersecurity professionals, empowering them to fortify their IIoT networks against cyber threats effectively.
- ZeitschriftenartikelSecurity-Induced Lock-In in the Cloud(Business & Information Systems Engineering: Vol. 64, No. 4, 2022) Arce, DanielCloud services providers practice security-induced lock-in when employing cryptography and tamper-resistance to limit the portability and interoperability of users’ data and applications. Moreover, security-induced lock-in and users’ anti-lock-in strategies intersect within the context of platform competition. When users deploy anti-lock in strategies, such as using a hybrid cloud, a leader–follower pricing framework increases profits for cloud services providers relative to Nash equilibrium prices. This creates a second-mover advantage, as the follower’s increase in profits exceeds that of the leader owing to the potential for price undercutting. By contrast, introducing or enhancing security-induced lock-in creates both an increase in profits and a first-mover advantage. Cloud services providers therefore favor security-induced lock-in over price leadership. More broadly, we show why standardization of semantics, technologies, and interfaces is a nonstarter for cloud services providers.
- TextdokumentShort Paper: Debating Ethics with Cybersecurity Students(GI SICHERHEIT 2022, 2022) Breig, Jan; Westhoff, DirkWe aim to debate and eventually be able to carefully judge how realistic the following statement of a young computer scientist is: “I would like to become an ethical correctly acting offensive cybersecurity expert”. The objective of this article is not to judge what is good and what is wrong behavior nor to present an overall solution to ethical dilemmas. Instead, the goal is to become aware of the various personal moral dilemmas a security expert may face during his work life. For this, a total of 14 cybersecurity students from HS Offenburg were asked to evaluate several case studies according to different ethical frameworks. The results and particularities are discussed, considering different ethical frameworks. We emphasize, that different ethical frameworks can lead to different preferred actions and that the moral understanding of the frameworks may differ even from student to student.
- TextdokumentShort Paper: Untersuchung des Gender-gaps bei Cybersecurity-Publikationen(GI SICHERHEIT 2022, 2022) Mayer, Nico; Wendzel, Steffen; Keller, JörgIm Bereich der Informatik konnte bereits aufgezeigt werden, dass es eine geringere Anzahl an weiblichen Autoren von wissenschaftlichen Publikationen gibt. Wir untersuchen die Frage, ob es ein ähnliches Verhältnis bei Publikationen im Teilbereich Cybersecurity gibt, ob Frauen seltener zitiert werden als Männer und ob ein Trend in den letzten 10 Jahren erkannt werden kann. Zur Beantwortung der Frage untersuchen wir ausgewählte Journale und Tagungen auf deren Zitierungsanzahl und die Geschlechtsverteilung der Autor:innen. Wir stellen keinen Gender-gap in Form einer Benachteiligung in der Zitierungsanzahl fest, allerdings liegt ein Gender-gap bei der Publikationszahl vor, der jedoch erwartbar ist und zudem in Cybersecurity weniger ausgeprägt ist als in der Informatik als Ganzes.