SIDATE – Sichere Informationsnetze bei kleinen und mittleren Energieversorgern
Laufzeit: 2015–2018
Förderung: Bundesministerium für Bildung und Forschung (BMBF)
Ansprechpartner: Dipl.-Wirt.Inform. Benedikt Ley –
Dipl.-Wirt. Inform. Julian Dax
Im Fokus des Forschungsprojekts SIDATE steht die technische Unterstützung kleiner und mittelgroßer Energieversorger bei der Selbsteinschätzung und Verbesserung ihrer IT-Sicherheit. Es werden verschiedene Konzepte und Werkzeuge in Zusammenarbeit von Universität Siegen, Goethe-Universität Frankfurt am Mein, TÜV Rheinland i-sec GmbH, regio iT gesellschaft für informationstechnologie mbh, und der Arbeitsgemeinschaft für sparsame Energie- und Wasserverwendung (ASEW) entwickelt und evaluiert. Das Projekt wird im Rahmen des Förderschwerpunkts „IT-Sicherheit für Kritische Infrastrukturen“ durch das Bundesministerium für Bildung und Forschung (BMBF) von August 2015 bis Juli 2018 gefördert.
Motivation
Eine reibungslos und sicher funktionierende Energieinfrastruktur ist für fast alle Lebensbereiche der heutigen Gesellschaft grundlegend. Der Schutz dieser Infrastrukturen liegt dementsprechend im Interesse der Allgemeinheit. Um den Anforderungen an eine sichere und nachhaltige Energieversorgung im Rahmen der Energiewende gerecht zu werden, wird auch im Energiesektor immer mehr Informations- und Kommunikationstechnik (IKT) eingesetzt. Durch die Entwicklung neuer Ansätze zur Steigerung von Effektivität und Effizienz unterliegt diese ständigen Veränderungen. Die Abwehr von Angriffen auf diese Kritischen Infrastrukturen ist darum eine ständig wachsende Herausforderung.
Die meist privatwirtschaftlichen Betreiber stehen dabei vor einer schwierigen Aufgabe: Sie müssen sowohl den Schutz als auch die Wirtschaftlichkeit ihrer Infrastrukturen sicherstellen. Ziel des Projektes ist es, hier Lösungsansätze aufzuzeigen.
Ziele und Vorgehen
Im Forschungsprojekt SIDATE werden Werkzeuge und Konzepte entwickelt, die einerseits eine bessere Einschätzung des vorhandenen Sicherheitsniveaus ermöglichen und gleichzeitig helfen, die Sicherheit der Infrastrukturen kleiner und mittlerer Betreiberfirmen selbst zu verbessern. Dabei liegt ein besonderes Augenmerk auf der Praxis-tauglichkeit der Werkzeuge und Konzepte, die unabhängig von wirtschaftlichen, organisatorischen und personellen Besonderheiten anwendbar sein sollen. Angestrebt sind unter anderem die Entwicklung von Kennzahlensystemen (Metriken) zur Erfassung des Sicherheitsniveaus, einer Beschreibungssprache zur Abbildung der grundlegenden Elemente und Abhängigkeiten der Infrastruktur sowie einer Wissensdatenbank und Kooperationsplattform zur Unterstützung organisationsinterner sowie überorganisationaler Kollaborations- und Austauschprozesse. Um eine möglichst große Anwenderfreundlichkeit zu erreichen, werden dabei kleine und mittlere Betreiber in den Prozess mit eingebunden.
Projektpartner CSCW
Im Forschungsprojekt SIDATE übernimmt die Professur die Verbundkoordination und bringt sich insbesondere bei der Gestaltung und Durchführung der Nutzerstudien, der Entwicklung von Kooperationsansätzen im Bereich IT-Sicherheit sowie bei Fragestellungen zum Thema Gebrauchstauglichkeit von IT-Sicherheitsmaßnahmen mit ein.
Weitere Informationen unter http://sidate.org/
Publikationen
2020
-
Pape, S., Schmitz, C., Kipker, D. & Sekulla, A. (2020)On the Use of Information Security Management Systems by German Energy Providers“
Fourteenth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection (ICCIP 2020. Arlington, Virginia, USA
[BibTeX]@inproceedings{pape_use_2020, address = {Arlington, Virginia, USA}, title = {On the {Use} of {Information} {Security} {Management} {Systems} by {German} {Energy} {Providers}"}, language = {en}, booktitle = {Fourteenth {Annual} {IFIP} {WG} 11.10 {International} {Conference} on {Critical} {Infrastructure} {Protection} ({ICCIP} 2020}, author = {Pape, Sebastian and Schmitz, Christopher and Kipker, Dennis-Kenji and Sekulla, André}, year = {2020}, keywords = {sidate}, } -
Schmitz, C., Sekulla, A. & Pape, S. (2020)Asset-Centric Analysis and Visualisation of Attack Trees“
Proceedings of the 7th International Workshop on Graphical Models for Security (GraMSec 2020. Boston, Massachusetts, USA
[BibTeX]@inproceedings{schmitz_asset-centric_2020, address = {Boston, Massachusetts, USA}, title = {Asset-{Centric} {Analysis} and {Visualisation} of {Attack} {Trees}"}, language = {en}, booktitle = {Proceedings of the 7th {International} {Workshop} on {Graphical} {Models} for {Security} ({GraMSec} 2020}, author = {Schmitz, Christopher and Sekulla, André and Pape, Sebastian}, year = {2020}, keywords = {sidate}, }
2019
-
Sekulla, A., Schmitz, C. & Pipek, V. (2019)Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur
@inproceedings{sekulla_demonstrator_2019, title = {Demonstrator zur {Beschreibung} und {Visualisierung} einer kritischen {Infrastruktur}}, author = {Sekulla, A. and Schmitz, C. and Pipek, V.}, year = {2019}, keywords = {sidate}, } -
Sekulla, A., Giatagantzidis, J., Dax, J. & Pipek, V. (2019)A Lightweight Tool for Measuring the Impact of IT Security Controls in Critical Infrastructures
doi:10.18420/ECSCW2019_P03
[BibTeX] [Abstract] [Download PDF]IT security is a cost-intensive aspect of SMEs. Critical infrastructures, in particular, are increasingly dependent on good IT security. Increasing security, however, can limit the usability of existing applications and work processes. Based on empirical studies inclusive workshops in the field, we designed a lightweight tool and integrated it into an inter-organizational knowledge exchange platform. With the tool, we want to offer an opportunity to get experience and feedback directly from those employees, who are directly affected by IT security controls. So, the IT security officer can react to it and gain more insight into the impact of IT security controls. They are in the position to administrate the tool’s backend company-internally, while chosen data can be exported and discussed on the inter-organizational platform. Hence, this tool supports a community building effect on organizational and inter-organizational level.
@article{sekulla_lightweight_2019, title = {A {Lightweight} {Tool} for {Measuring} the {Impact} of {IT} {Security} {Controls} in {Critical} {Infrastructures}}, issn = {2510-2591}, url = {https://dl.eusset.eu/handle/20.500.12015/3288}, doi = {10.18420/ECSCW2019_P03}, abstract = {IT security is a cost-intensive aspect of SMEs. Critical infrastructures, in particular, are increasingly dependent on good IT security. Increasing security, however, can limit the usability of existing applications and work processes. Based on empirical studies inclusive workshops in the field, we designed a lightweight tool and integrated it into an inter-organizational knowledge exchange platform. With the tool, we want to offer an opportunity to get experience and feedback directly from those employees, who are directly affected by IT security controls. So, the IT security officer can react to it and gain more insight into the impact of IT security controls. They are in the position to administrate the tool’s backend company-internally, while chosen data can be exported and discussed on the inter-organizational platform. Hence, this tool supports a community building effect on organizational and inter-organizational level.}, language = {en}, urldate = {2021-12-14}, author = {Sekulla, André and Giatagantzidis, Jiannis and Dax, Julian and Pipek, Volkmar}, year = {2019}, keywords = {sidate}, } -
Sekulla, A., Giatagantzidis, J., Dax, J. & Pipek (2019)V.: A Lightweight Tool for Measuring the Impact of IT Security Controls in Critical Infrastructures
Proceedings of the 17th European Conference on Computer-Supported Cooperative Work – Demos and Posters. Salzburg, Österreich
[BibTeX] [Download PDF]@inproceedings{sekulla_v_2019, address = {Salzburg, Österreich}, title = {V.: {A} {Lightweight} {Tool} for {Measuring} the {Impact} of {IT} {Security} {Controls} in {Critical} {Infrastructures}}, url = {https://dl.eusset.eu/handle/20.500.12015/3288,}, language = {en}, booktitle = {Proceedings of the 17th {European} {Conference} on {Computer}-{Supported} {Cooperative} {Work} - {Demos} and {Posters}}, author = {Sekulla, A. and Giatagantzidis, J. and Dax, J. and {Pipek}}, year = {2019}, keywords = {sidate}, } -
A., S., C., S., S., P. & V, P. (2019)Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur
Proceedings of the International Conference on Wirtschaftsinformatik (WI 2019), S. 1978. Siegen, Publisher: Deutschland
[BibTeX]@inproceedings{a_demonstrator_2019, address = {Siegen}, title = {Demonstrator zur {Beschreibung} und {Visualisierung} einer kritischen {Infrastruktur}}, language = {de}, booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI} 2019), {S}. 1978}, publisher = {Deutschland}, author = {A., Sekulla and C., Schmitz and S., Pape and V, Pipek}, year = {2019}, keywords = {sidate}, }
2018
-
Aladawy, D., Beckers, K. & Pape, S. (2018)PERSUADED: Fighting Social Engineering Attacks with a Serious Game
IN Trust, Privacy and Security in Digital Business – 15th International Conference, TrustBus 2018, Vol. 11033
[BibTeX]@article{aladawy_persuaded_2018, title = {{PERSUADED}: {Fighting} {Social} {Engineering} {Attacks} with a {Serious} {Game}}, volume = {11033}, language = {en}, journal = {Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018}, author = {Aladawy, D. and Beckers, K. and Pape, S.}, month = sep, year = {2018}, note = {ISBN: 978-3-319-98384-4 Place: Regensburg, Germany}, keywords = {sidate}, } -
Schmitz, C., Sekulla, A., Pape, S., Pipek, V. & K, R. (2018)Easing the Burden of Security Self-Assessments
Proceedings of the 12th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018. Dundee, Scotland
[BibTeX]@inproceedings{schmitz_easing_2018, address = {Dundee, Scotland}, title = {Easing the {Burden} of {Security} {Self}-{Assessments}}, language = {en}, booktitle = {Proceedings of the 12th {International} {Symposium} on {Human} {Aspects} of {Information} {Security} \& {Assurance} ({HAISA} 2018}, author = {Schmitz, C. and Sekulla, A. and Pape, S. and Pipek, V. and K, Rannenberg}, year = {2018}, keywords = {sidate}, } -
Dax, J., Hamburg, D., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C., Sekulla, A. & Terhaag, F. (2018)Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{dax_sichere_2018, address = {Neubiberg}, title = {Sichere {Informationsnetze} bei kleinen und mittleren {Energieversorgern} ({SIDATE}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Dax, J. and Hamburg, D. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A. and Terhaag, F.}, year = {2018}, keywords = {sidate}, pages = {29,}, } -
Dax, J., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Sekulla, A. (2018)Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{dax_stand_2018, address = {Neubiberg}, title = {Stand der {IT}-{Sicherheit} bei deutschen {Stromnetzbetreibern}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Dax, J. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A.}, year = {2018}, keywords = {sidate}, pages = {69--74,}, } -
Dax, J., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C., Sekulla, A. & Terhaag, F. (2018)Das SIDATE-Portal im Einsatz
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{dax_sidate-portal_2018, address = {Neubiberg}, title = {Das {SIDATE}-{Portal} im {Einsatz}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Dax, J. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A. and Terhaag, F.}, year = {2018}, keywords = {sidate}, pages = {145--150,}, } -
Hamburg, D., Niephaus, T., Noll, W., Pape, S., Rannenberg, K. & Schmitz, C. (2018)SIDATE: Gefährdungen und Sicherheitsmassnahmen
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{hamburg_sidate_2018, address = {Neubiberg}, title = {{SIDATE}: {Gefährdungen} und {Sicherheitsmassnahmen}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Hamburg, D. and Niephaus, T. and Noll, W. and Pape, S. and Rannenberg, K. and Schmitz, C.}, year = {2018}, keywords = {sidate}, pages = {51,}, } -
Kipker, D. -K., Pape, S., Wojak, S. & Beckers, K. (2018)Juristische Bewertung eines Social-Engineering-Abwehr Trainings
IN State of the Art: IT-Sicherheit für Kritische Infrastrukturen Neubiberg
[BibTeX]@incollection{kipker_juristische_2018, address = {Neubiberg}, title = {Juristische {Bewertung} eines {Social}-{Engineering}-{Abwehr} {Trainings}}, language = {de}, booktitle = {State of the {Art}: {IT}-{Sicherheit} für {Kritische} {Infrastrukturen}}, publisher = {Universität der Bundeswehr}, author = {Kipker, D.-K. and Pape, S. and Wojak, S. and Beckers, K.}, year = {2018}, keywords = {sidate}, pages = {112--115,}, }
2017
-
Beckers, K., Schosser, D., Pape, S. & Schaab, P. (2017)A Structured Comparison of Social Engineering Intelligence Gathering Tools
IN Trust, Privacy and Security in Digital Business – 14th International Conference, TrustBus 2017, Pages: 232–246,
[BibTeX] [Download PDF]@article{beckers_structured_2017, title = {A {Structured} {Comparison} of {Social} {Engineering} {Intelligence} {Gathering} {Tools}}, url = {http://link.springer.com/10.1007/978-3-319-64483-7_16.}, language = {en}, number = {ion 1}, journal = {Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017}, author = {Beckers, K. and Schosser, D. and Pape, S. and Schaab, P.}, month = aug, year = {2017}, note = {Place: Lyon, France}, keywords = {sidate}, pages = {232--246,}, } -
Dax, J., Ivan, A., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Sekulla, A. (2017)IT Security Status of German Energy Providers
@techreport{dax_it_2017, type = {Technical {Report},}, title = {{IT} {Security} {Status} of {German} {Energy} {Providers}}, language = {en}, institution = {Cornell University, arXiv}, author = {Dax, J. and Ivan, A. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A.}, year = {2017}, keywords = {sidate}, } -
Dax, J., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Sekulla, A. (2017)Stand zur IT-Sicherheit deutscher Stromnetzbetreiber : technischer Bericht
@techreport{dax_stand_2017, type = {Technical {Report},}, title = {Stand zur {IT}-{Sicherheit} deutscher {Stromnetzbetreiber} : technischer {Bericht}}, language = {de}, institution = {Universität Siegen}, author = {Dax, J. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Sekulla, A.}, year = {2017}, keywords = {sidate}, }
2016
-
Dax, J., Ley, B., Pape, S., Schmitz, C., Pipek, V. & Rannenberg, K. (2016)Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions
IN 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016
[BibTeX]@article{dax_elicitation_2016-1, title = {Elicitation of {Requirements} for an inter-organizational {Platform} to {Support} {Security} {Management} {Decisions}}, language = {en}, journal = {10th International Symposium on Human Aspects of Information Security \& Assurance, HAISA 2016}, author = {Dax, J. and Ley, B. and Pape, S. and Schmitz, C. and Pipek, V. and Rannenberg, K.}, month = jul, year = {2016}, note = {Place: Frankfurt, Germany}, keywords = {sidate}, } -
Beckers, K., Pape, S. & Fries, V. (2016)HATCH: Hack And Trick Capricious Humans – A Serious Game on Social Engineering
Proceedings of the 2016 British HCI Conference. Bournemouth, United Kingdom
[BibTeX]@inproceedings{beckers_hatch_2016, address = {Bournemouth, United Kingdom}, title = {{HATCH}: {Hack} {And} {Trick} {Capricious} {Humans} – {A} {Serious} {Game} on {Social} {Engineering}}, language = {en}, booktitle = {Proceedings of the 2016 {British} {HCI} {Conference}}, author = {Beckers, K. and Pape, S. and Fries, V.}, month = jul, year = {2016}, keywords = {sidate}, } -
Dax, J., Ley, B., Pape, S., Schmitz, C., Pipek, V. & Rannenberg, K. (2016)Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions
10th International Symposium on Human Aspects of Information Security & Assurance, \HAISA\. Frankfurt, Germany
[BibTeX] [Abstract]Due to new regulations energy providers are required to obtain IT security certificates. Especially small and medium-sized energy providers struggle to fulfill these new requirements. Since most of them are in the same situation, we aim to support their collaboration with a platform. We elicited criteria from energy providers how such a platform should be designed to support them. The main contribution is a set of requirements for the collaboration platform along with the implications for its construction. The focus of this work is not on technical innovation but on how existing technologies and best practices can be adopted for the needs of small and medium-sized energy providers.
@inproceedings{dax_elicitation_2016, address = {Frankfurt, Germany}, title = {Elicitation of {Requirements} for an inter-organizational {Platform} to {Support} {Security} {Management} {Decisions}}, abstract = {Due to new regulations energy providers are required to obtain IT security certificates. Especially small and medium-sized energy providers struggle to fulfill these new requirements. Since most of them are in the same situation, we aim to support their collaboration with a platform. We elicited criteria from energy providers how such a platform should be designed to support them. The main contribution is a set of requirements for the collaboration platform along with the implications for its construction. The focus of this work is not on technical innovation but on how existing technologies and best practices can be adopted for the needs of small and medium-sized energy providers.}, booktitle = {10th {International} {Symposium} on {Human} {Aspects} of {Information} {Security} \& {Assurance}, \{{HAISA}\}}, author = {Dax, Julian and Ley, Benedikt and Pape, Sebastian and Schmitz, Christopher and Pipek, Volkmar and Rannenberg, Kai}, year = {2016}, keywords = {CSCW, security, SIDATE}, } -
Dax, J., Hamburg, J., Kreusch, B., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Terhaag, F. (2016)Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger
Multikonferenz Wirtschaftsinformatik, Research-in-Progress., Pages: 59–65
[BibTeX] [Download PDF]@inproceedings{dax_sichere_2016, title = {Sichere {Informationsinfrastrukturen} für kleine und mittlere {Energieversorger}}, url = {http://www.smjp.org/files/publications/DHKLPPRST16mkwi.pdf https://www.researchgate.net/publication/299594666_Sichere_Informationsinfrastrukturen_fur_kleine_und_mittlere_Energieversorger}, booktitle = {Multikonferenz {Wirtschaftsinformatik}, {Research}-in-{Progress}}, author = {Dax, Julian and Hamburg, J. and Kreusch, B. and Ley, Benedikt and Pape, Sebastian and Pipek, Volkmar and Rannenberg, Kai and Schmitz, Christopher and Terhaag, F.}, year = {2016}, keywords = {CSCW, SIDATE}, pages = {59--65}, } -
Beckers, K. & Pape, S. (2016)A Serious Game for Eliciting Social Engineering Security Requirements
Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society.
[BibTeX]@inproceedings{beckers_serious_2016, title = {A {Serious} {Game} for {Eliciting} {Social} {Engineering} {Security} {Requirements}}, volume = {RE '16}, language = {en}, booktitle = {Proceedings of the 24th {IEEE} {International} {Conference} on {Requirements} {Engineering}, {IEEE} {Computer} {Society}}, author = {Beckers, K. and Pape, S.}, year = {2016}, keywords = {sidate}, }
-
Dax, J., Hamburg, D., Kreusch, M., Ley, B., Pape, S., Pipek, V., Rannenberg, K., Schmitz, C. & Terhaag, F. Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger
IN Multikonferenz Wirtschaftsinformatik (MKWI
[BibTeX]@incollection{dax_sichere_nodate, title = {Sichere {Informationsinfrastrukturen} für kleine und mittlere {Energieversorger}}, language = {de}, booktitle = {Multikonferenz {Wirtschaftsinformatik} ({MKWI}}, author = {Dax, J. and Hamburg, D. and Kreusch, M. and Ley, B. and Pape, S. and Pipek, V. and Rannenberg, K. and Schmitz, C. and Terhaag, F.}, keywords = {sidate}, }
