SIDATE
Duation: 2015–2018
Sponsorship: Bundesministerium für Bildung und Forschung (BMBF)
Contact person: Dipl.-Wirt.Inform. Benedikt Ley –
Dipl.-Wirt. Inform. Julian Dax
The SIDATE project focuses on the technical support of small and medium sized energy grid operators. It aims to support these operators by providing concepts and tools for self-assessment and improvement of IT-security. SIDATE is a joint project by the University of Siegen, Goethe University Frankfurt am Main, TÜV Rheinland i-sec GmbH, regio iT gesellschaft für informationstechnologie mbh and Arbeitsgemeinschaft für sparsame Energie- und Wasserverwendung (ASEW). The Project is funded as part of the program for IT-Security in critical infrastructures of the Federal Ministry for Education and Research (BMBF) from August 2015 to July 2018.
Motivation
A working energy infrastructure is fundamental for almost all aspects of modern life. The protection of this infrastructure is therefor central to the public interest. In order to guarantee a secure and sustainable energy supply, more and more IT-systems are used as part of the energy infrastructure. These IT-systems are changing continuously in response to factors like the adoption of smart grids and renewable energy. Hence the energy infrastructure is prone to cyber-attacks and its protection is big and growing challenge. As operators of these energy networks are part of the private sector in most cases, they are confronted with the dual challenge of protecting their networks in a way that is both effective in and economic. The goal of the project is to provide solutions for this challenge.
Goals and Approach
In the SIDATE Project, tools and concepts are developed, which allow better self-assessment of the current security level of an energy network and help improving security in small and medium sized energy network operators. The tools and concepts should be usable in practice and independent of the specific economic, organizational and personnel structure of the energy network operator. New IT-security metrics, a description language for describing the energy infrastructure and its components, a knowledge-base and a community platform are developed. Small and medium size energy network operators are involved in the development of these tools and concepts throughout the whole project.
Innovation and Perspectives
The SIDATE project represents a novel approach due to its focus on tools and concepts custom tailored to small and medium sized energy grid operators and the focus on self-assessment. Using the tools, operators can determine if the regulatory requirements for IT-security and the protection of critical infrastructure are met. The tools developed in the SIDATE project allows this self-assessment to be faster and more reliable then previously. The effective and economic implementation of these requirements can be evaluated using best practice collections. The tools will also be adopted for water system operators in the medium term.
Further information on http://sidate.org/
Publications
2020
-
Pape, S., Schmitz, C., Kipker, D. & Sekulla, A. (2020)On the Use of Information Security Management Systems by German Energy Providers”
Fourteenth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection (ICCIP 2020. Arlington, Virginia, USA
[BibTeX]@inproceedings{pape_use_2020, address = {Arlington, Virginia, USA}, title = {On the {Use} of {Information} {Security} {Management} {Systems} by {German} {Energy} {Providers}"}, language = {en}, booktitle = {Fourteenth {Annual} {IFIP} {WG} 11.10 {International} {Conference} on {Critical} {Infrastructure} {Protection} ({ICCIP} 2020}, author = {Pape, Sebastian and Schmitz, Christopher and Kipker, Dennis-Kenji and Sekulla, André}, year = {2020}, keywords = {sidate}, } -
Schmitz, C., Sekulla, A. & Pape, S. (2020)Asset-Centric Analysis and Visualisation of Attack Trees”
Proceedings of the 7th International Workshop on Graphical Models for Security (GraMSec 2020. Boston, Massachusetts, USA
[BibTeX]@inproceedings{schmitz_asset-centric_2020, address = {Boston, Massachusetts, USA}, title = {Asset-{Centric} {Analysis} and {Visualisation} of {Attack} {Trees}"}, language = {en}, booktitle = {Proceedings of the 7th {International} {Workshop} on {Graphical} {Models} for {Security} ({GraMSec} 2020}, author = {Schmitz, Christopher and Sekulla, André and Pape, Sebastian}, year = {2020}, keywords = {sidate}, }
2019
-
Sekulla, A., Giatagantzidis, J., Dax, J. & Pipek (2019)V.: A Lightweight Tool for Measuring the Impact of IT Security Controls in Critical Infrastructures
Proceedings of the 17th European Conference on Computer-Supported Cooperative Work – Demos and Posters. Salzburg, Österreich
[BibTeX] [Download PDF]@inproceedings{sekulla_v_2019, address = {Salzburg, Österreich}, title = {V.: {A} {Lightweight} {Tool} for {Measuring} the {Impact} of {IT} {Security} {Controls} in {Critical} {Infrastructures}}, url = {https://dl.eusset.eu/handle/20.500.12015/3288,}, language = {en}, booktitle = {Proceedings of the 17th {European} {Conference} on {Computer}-{Supported} {Cooperative} {Work} - {Demos} and {Posters}}, author = {Sekulla, A. and Giatagantzidis, J. and Dax, J. and {Pipek}}, year = {2019}, keywords = {sidate}, } -
A., S., C., S., S., P. & V, P. (2019)Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur
Proceedings of the International Conference on Wirtschaftsinformatik (WI 2019), S. 1978. Siegen, Publisher: Deutschland
[BibTeX]@inproceedings{a_demonstrator_2019, address = {Siegen}, title = {Demonstrator zur {Beschreibung} und {Visualisierung} einer kritischen {Infrastruktur}}, language = {de}, booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI} 2019), {S}. 1978}, publisher = {Deutschland}, author = {A., Sekulla and C., Schmitz and S., Pape and V, Pipek}, year = {2019}, keywords = {sidate}, } -
Sekulla, A., Schmitz, C. & Pipek, V. (2019)Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur
@inproceedings{sekulla_demonstrator_2019, title = {Demonstrator zur {Beschreibung} und {Visualisierung} einer kritischen {Infrastruktur}}, author = {Sekulla, A. and Schmitz, C. and Pipek, V.}, year = {2019}, keywords = {sidate}, } -
Sekulla, A., Giatagantzidis, J., Dax, J. & Pipek, V. (2019)A Lightweight Tool for Measuring the Impact of IT Security Controls in Critical Infrastructures
doi:10.18420/ECSCW2019_P03
[BibTeX] [Abstract] [Download PDF]IT security is a cost-intensive aspect of SMEs. Critical infrastructures, in particular, are increasingly dependent on good IT security. Increasing security, however, can limit the usability of existing applications and work processes. Based on empirical studies inclusive workshops in the field, we designed a lightweight tool and integrated it into an inter-organizational knowledge exchange platform. With the tool, we want to offer an opportunity to get experience and feedback directly from those employees, who are directly affected by IT security controls. So, the IT security officer can react to it and gain more insight into the impact of IT security controls. They are in the position to administrate the tool’s backend company-internally, while chosen data can be exported and discussed on the inter-organizational platform. Hence, this tool supports a community building effect on organizational and inter-organizational level.
@article{sekulla_lightweight_2019, title = {A {Lightweight} {Tool} for {Measuring} the {Impact} of {IT} {Security} {Controls} in {Critical} {Infrastructures}}, issn = {2510-2591}, url = {https://dl.eusset.eu/handle/20.500.12015/3288}, doi = {10.18420/ECSCW2019_P03}, abstract = {IT security is a cost-intensive aspect of SMEs. Critical infrastructures, in particular, are increasingly dependent on good IT security. Increasing security, however, can limit the usability of existing applications and work processes. Based on empirical studies inclusive workshops in the field, we designed a lightweight tool and integrated it into an inter-organizational knowledge exchange platform. With the tool, we want to offer an opportunity to get experience and feedback directly from those employees, who are directly affected by IT security controls. So, the IT security officer can react to it and gain more insight into the impact of IT security controls. They are in the position to administrate the tool’s backend company-internally, while chosen data can be exported and discussed on the inter-organizational platform. Hence, this tool supports a community building effect on organizational and inter-organizational level.}, language = {en}, urldate = {2021-12-14}, author = {Sekulla, André and Giatagantzidis, Jiannis and Dax, Julian and Pipek, Volkmar}, year = {2019}, keywords = {sidate}, }
2018
-
Aladawy, D., Beckers, K. & Pape, S. (2018)PERSUADED: Fighting Social Engineering Attacks with a Serious Game
IN Trust, Privacy and Security in Digital Business – 15th International Conference, TrustBus 2018, Vol. 11033
[BibTeX]@article{aladawy_persuaded_2018, title = {{PERSUADED}: {Fighting} {Social} {Engineering} {Attacks} with a {Serious} {Game}}, volume = {11033}, language = {en}, journal = {Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018}, author = {Aladawy, D. and Beckers, K. and Pape, S.}, month = sep, year = {2018}, note = {ISBN: 978-3-319-98384-4 Place: Regensburg, Germany}, keywords = {sidate}, } -
Dax, J., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Sekulla, A. (2018)Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{dax_stand_2018, address = {Neubiberg}, title = {Stand der {IT}-{Sicherheit} bei deutschen {Stromnetzbetreibern}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Dax, J. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A.}, year = {2018}, keywords = {sidate}, pages = {69--74,}, } -
Hamburg, D., Niephaus, T., Noll, W., Pape, S., Rannenberg, K. & Schmitz, C. (2018)SIDATE: Gefährdungen und Sicherheitsmassnahmen
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{hamburg_sidate_2018, address = {Neubiberg}, title = {{SIDATE}: {Gefährdungen} und {Sicherheitsmassnahmen}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Hamburg, D. and Niephaus, T. and Noll, W. and Pape, S. and Rannenberg, K. and Schmitz, C.}, year = {2018}, keywords = {sidate}, pages = {51,}, } -
Dax, J., Hamburg, D., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C., Sekulla, A. & Terhaag, F. (2018)Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{dax_sichere_2018, address = {Neubiberg}, title = {Sichere {Informationsnetze} bei kleinen und mittleren {Energieversorgern} ({SIDATE}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Dax, J. and Hamburg, D. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A. and Terhaag, F.}, year = {2018}, keywords = {sidate}, pages = {29,}, } -
Kipker, D. -K., Pape, S., Wojak, S. & Beckers, K. (2018)Juristische Bewertung eines Social-Engineering-Abwehr Trainings
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{kipker_juristische_2018, address = {Neubiberg}, title = {Juristische {Bewertung} eines {Social}-{Engineering}-{Abwehr} {Trainings}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Kipker, D.-K. and Pape, S. and Wojak, S. and Beckers, K.}, year = {2018}, keywords = {sidate}, pages = {112--115,}, } -
Schmitz, C., Sekulla, A., Pape, S., Pipek, V. & K, R. (2018)Easing the Burden of Security Self-Assessments
Proceedings of the 12th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018. Dundee, Scotland
[BibTeX]@inproceedings{schmitz_easing_2018, address = {Dundee, Scotland}, title = {Easing the {Burden} of {Security} {Self}-{Assessments}}, language = {en}, booktitle = {Proceedings of the 12th {International} {Symposium} on {Human} {Aspects} of {Information} {Security} \& {Assurance} ({HAISA} 2018}, author = {Schmitz, C. and Sekulla, A. and Pape, S. and Pipek, V. and K, Rannenberg}, year = {2018}, keywords = {sidate}, } -
Dax, J., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C., Sekulla, A. & Terhaag, F. (2018)Das SIDATE-Portal im Einsatz
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{dax_sidate-portal_2018, address = {Neubiberg}, title = {Das {SIDATE}-{Portal} im {Einsatz}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Dax, J. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A. and Terhaag, F.}, year = {2018}, keywords = {sidate}, pages = {145--150,}, }
2017
-
Beckers, K., Schosser, D., Pape, S. & Schaab, P. (2017)A Structured Comparison of Social Engineering Intelligence Gathering Tools
IN Trust, Privacy and Security in Digital Business – 14th International Conference, TrustBus 2017, Pages: 232–246,
[BibTeX] [Download PDF]@article{beckers_structured_2017, title = {A {Structured} {Comparison} of {Social} {Engineering} {Intelligence} {Gathering} {Tools}}, url = {http://link.springer.com/10.1007/978-3-319-64483-7_16.}, language = {en}, number = {ion 1}, journal = {Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017}, author = {Beckers, K. and Schosser, D. and Pape, S. and Schaab, P.}, month = aug, year = {2017}, note = {Place: Lyon, France}, keywords = {sidate}, pages = {232--246,}, annote = {Table 7 was corrected, see}, } -
Dax, J., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Sekulla, A. (2017)Stand zur IT-Sicherheit deutscher Stromnetzbetreiber : technischer Bericht
@techreport{dax_stand_2017, type = {Technical {Report},}, title = {Stand zur {IT}-{Sicherheit} deutscher {Stromnetzbetreiber} : technischer {Bericht}}, language = {de}, institution = {Universität Siegen}, author = {Dax, J. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A.}, year = {2017}, keywords = {sidate}, } -
Dax, J., Ivan, A., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Sekulla, A. (2017)IT Security Status of German Energy Providers
@techreport{dax_it_2017, type = {Technical {Report},}, title = {{IT} {Security} {Status} of {German} {Energy} {Providers}}, language = {en}, institution = {Cornell University, arXiv}, author = {Dax, J. and Ivan, A. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A.}, year = {2017}, keywords = {sidate}, }
2016
-
Beckers, K., Pape, S. & Fries, V. (2016)HATCH: Hack And Trick Capricious Humans – A Serious Game on Social Engineering
Proceedings of the 2016 British HCI Conference. Bournemouth, United Kingdom
[BibTeX]@inproceedings{beckers_hatch_2016, address = {Bournemouth, United Kingdom}, title = {{HATCH}: {Hack} {And} {Trick} {Capricious} {Humans} – {A} {Serious} {Game} on {Social} {Engineering}}, language = {en}, booktitle = {Proceedings of the 2016 {British} {HCI} {Conference}}, author = {Beckers, K. and Pape, S. and Fries, V.}, month = jul, year = {2016}, keywords = {sidate}, } -
Dax, J., Ley, B., Pape, S., Schmitz, C., Pipek, V. & Rannenberg, K. (2016)Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions
IN 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016
[BibTeX]@article{dax_elicitation_2016-1, title = {Elicitation of {Requirements} for an inter-organizational {Platform} to {Support} {Security} {Management} {Decisions}}, language = {en}, journal = {10th International Symposium on Human Aspects of Information Security \& Assurance, HAISA 2016}, author = {Dax, J. and Ley, B. and Pape, S. and Schmitz, C. and Pipek, V. and Rannenberg, K.}, month = jul, year = {2016}, note = {Place: Frankfurt, Germany}, keywords = {sidate}, } -
Dax, J., Ley, B., Pape, S., Schmitz, C., Pipek, V. & Rannenberg, K. (2016)Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions
10th International Symposium on Human Aspects of Information Security & Assurance, \HAISA\. Frankfurt, Germany
[BibTeX] [Abstract]Due to new regulations energy providers are required to obtain IT security certificates. Especially small and medium-sized energy providers struggle to fulfill these new requirements. Since most of them are in the same situation, we aim to support their collaboration with a platform. We elicited criteria from energy providers how such a platform should be designed to support them. The main contribution is a set of requirements for the collaboration platform along with the implications for its construction. The focus of this work is not on technical innovation but on how existing technologies and best practices can be adopted for the needs of small and medium-sized energy providers.
@inproceedings{dax_elicitation_2016, address = {Frankfurt, Germany}, title = {Elicitation of {Requirements} for an inter-organizational {Platform} to {Support} {Security} {Management} {Decisions}}, abstract = {Due to new regulations energy providers are required to obtain IT security certificates. Especially small and medium-sized energy providers struggle to fulfill these new requirements. Since most of them are in the same situation, we aim to support their collaboration with a platform. We elicited criteria from energy providers how such a platform should be designed to support them. The main contribution is a set of requirements for the collaboration platform along with the implications for its construction. The focus of this work is not on technical innovation but on how existing technologies and best practices can be adopted for the needs of small and medium-sized energy providers.}, booktitle = {10th {International} {Symposium} on {Human} {Aspects} of {Information} {Security} \& {Assurance}, \{{HAISA}\}}, author = {Dax, Julian and Ley, Benedikt and Pape, Sebastian and Schmitz, Christopher and Pipek, Volkmar and Rannenberg, Kai}, year = {2016}, keywords = {CSCW, security, SIDATE}, } -
Dax, J., Hamburg, J., Kreusch, B., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Terhaag, F. (2016)Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger
Multikonferenz Wirtschaftsinformatik, Research-in-Progress., Pages: 59–65
[BibTeX] [Download PDF]@inproceedings{dax_sichere_2016, title = {Sichere {Informationsinfrastrukturen} für kleine und mittlere {Energieversorger}}, url = {http://www.smjp.org/files/publications/DHKLPPRST16mkwi.pdf https://www.researchgate.net/publication/299594666_Sichere_Informationsinfrastrukturen_fur_kleine_und_mittlere_Energieversorger}, booktitle = {Multikonferenz {Wirtschaftsinformatik}, {Research}-in-{Progress}}, author = {Dax, Julian and Hamburg, J. and Kreusch, B. and Ley, Benedikt and Pape, Sebastian and Pipek, Volkmar and Rannenberg, Kai and Schmitz, Christopher and Terhaag, F.}, year = {2016}, keywords = {CSCW, SIDATE}, pages = {59--65}, } -
Beckers, K. & Pape, S. (2016)A Serious Game for Eliciting Social Engineering Security Requirements
Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society.
[BibTeX]@inproceedings{beckers_serious_2016, title = {A {Serious} {Game} for {Eliciting} {Social} {Engineering} {Security} {Requirements}}, volume = {RE '16}, language = {en}, booktitle = {Proceedings of the 24th {IEEE} {International} {Conference} on {Requirements} {Engineering}, {IEEE} {Computer} {Society}}, author = {Beckers, K. and Pape, S.}, year = {2016}, keywords = {sidate}, }
-
Dax, J., Hamburg, D., Kreusch, M., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Terhaag, F. Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger
IN Multikonferenz Wirtschaftsinformatik (MKWI
[BibTeX]@incollection{dax_sichere_nodate, title = {Sichere {Informationsinfrastrukturen} für kleine und mittlere {Energieversorger}}, language = {de}, booktitle = {Multikonferenz {Wirtschaftsinformatik} ({MKWI}}, author = {Dax, J. and Hamburg, D. and Kreusch, M. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Terhaag, F.}, keywords = {sidate}, annote = {– Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (Poster), 2016.}, }
