Advancing digitization, as well as a lack of financial resources and technical expertise, make these companies easy targets for attackers. To help SMEs protect themselves effectively against cyberattacks, partners from science and industry have developed easy-to-use solutions in the BMBF-funded IUNO Insec project. These include:
- Easy-to-use threat modeling and automated anomaly detection tools.
- Solutions for more security when using industrial clouds.
- Secure remote access to machines, including for secure remote maintenance.
- Controllable, trusted usage management in distributed digital value networks.
Cyberattacks and digital traps
The Intelligent Networks research department of the German Research Center for Artificial Intelligence (DFKI) in Kaiserslautern led the development of a new approach in the project that can trap attackers and retrace their tracks. This involves the use of "cyber deception" methods. This technology is directed against attacks on the confidentiality, integrity or availability of critical information in companies by so-called Insider Threats and against advanced persistent threats to the local IT infrastructure from espionage and sabotage (Advanced Persistent Threats).
These attacks are often discovered late, sometimes several months after they have infected the network. But they can be detected early using deception-based anomaly detection. DFKI project manager Daniel Reti explains the methodology: "If an attacker searches the network for vulnerable servers, he is presented with an invented login page by the deception proxy. Once the attacker interacts with such a decoy, it makes itself known." Implementation via proxy makes it very easy for SMBs to apply deception-based defenses because the deception elements, known as "honey tokens," do not need to be placed on production systems but can be injected into network traffic.
Toolbox for SMEs
With all the tools from the project, SMEs determine their own security level, set target levels for the desired protection and implement appropriate measures to achieve these target levels. This enables SMEs to continuously evaluate their own level of IT security and adapt it at an early stage, e.g., if new threats or new requirements from legislators or customers make it necessary:
- Testbed for the Evaluation of IIoT Security (Lead: Fraunhofer AISEC): The developed testbed allows a dynamic configuration of industrial network components that can also be used by third parties. It can be used to simulate the behavior of the production environment with and without security solutions in case of attack. Only one web server is needed for the testbed, which simplifies its deployment in SMEs. The library of supported IIoT components is pre-configured and dynamically usable by drag-and-drop. End users can also configure their own devices.
- Data-based anomaly detection (Lead: Fraunhofer AISEC): The methodology can be used to detect anomalies in various data scenarios, such as image files, network data streams, and financial data. Undesirable states caused, for example, by an IT attack on production components can be detected at an early stage and countermeasures initiated. The method is particularly suitable for use in heterogeneous production landscapes and can be set up and executed without prior knowledge of possible anomalies.
- Continuous threat modeling (Lead: Fraunhofer SIT): Threat and risk modeling is document-heavy and complex. A browser-based graphical user interface simplifies the creation of architectural models as the basis of threat modeling. Using a modeling language and a graphical tool to create threat patterns, existing architectural models can be analyzed continuously in an easy and user-friendly way.
- BAScloud (Lead: accessec): The BAScloud (BAS: Building Automation System) maps data from the local infrastructure into a digital twin in the cloud. This is done by digitally capturing, normalizing, storing and providing measurement data. Setpoints can also be securely sent back to the infrastructure. It has an interface (API) to make relevant data available to third-party systems and services. A roles and rights system allows fine-grained authorization management. The technical network is separated from the Internet and thus remains protected from possible cyber attacks. The BAScloud is available as a software-as-a-service (SaaS).
- Secure remote access to assets and machines in the corporate network (management: axxessio): The solution is specifically designed for the use of secure remote maintenance services. By combining VPN and SDN technologies, secure connections are established from outside to a specific endpoint within the corporate network. The management of the necessary controls is automated. For a user-friendly process design, the scheduling and execution of remote maintenance deployments is done via a cloud platform with encrypted and authenticated connection. The technologies used are open source. This means they are independent of third-party providers and are continuously developed by the community.
- Attribute-based usage management(Lead: TU Darmstadt): Digital value networks are characterized by the dynamic number of different participants. Attribute-based usage management makes it possible to set up fine-grained usage rules, while usage or communication can be monitored and controlled on the basis of SDN technology. Dynamic, flexible and differentiated authorization and usage control increase the confidentiality and integrity of digital communication. Operation is possible on common hardware, only SDN switches are additionally required.
- Simulation-based usage control (Lead: TU Darmstadt):In order to use attribute-based usage control optimally, precise knowledge about the system to be monitored is required. Based on behavioral simulations derived from product development, a digital twin can provide this information. The comparison of simulated system states of the digital twin and permissible system states serves in particular to refine the usage control. The operation of the simulation model is possible on common hardware.
About the IUNO Insec project
The IUNO Insec project ran from October 2018 to June 2022 and had a volume of 4.5 million EUR (85% of which was funded by the BMBF). Partners of IUNO Insec were the Fraunhofer Institute for Applied and Integrated Security AISEC (collaborative coordinator), accessec GmbH, axxessio GmbH, the German Research Center for Artificial Intelligence (DFKI), the Fraunhofer Institute for Secure Information Technology SIT and the Technical University of Darmstadt, Department of Data Processing in Design (DiK).
Between 2015 and 2018, the predecessor project IUNO had researched and prototyped a viable basis of security concepts and solution modules for SMEs and demonstrated their added value using demonstrators. In the follow-up project IUNO Insec, funded by the German Federal Ministry of Education and Research (BMBF), partners from science and industry have expanded these basic concepts and used them to develop easy-to-use solutions that enable SMEs from the industrial environment in particular to improve their own IT security levels.