IT-Security

SUSI: Software-based Support of Security Risk Assessments in Industry

15.04.2023 bis 14.04.2026

Security is becoming more and more relevant for a secure and resilient operation of industrial production plants. Attacks using malware, for instance, pose an existential threat to enterprises of all sizes and domains. Additionally, security is an increasingly relevant sales argument for industrial components and systems.

An important key element in the area of security are security evaluations which are always based on security risk assessments performed by the manufacturer of the component or operator of the system. During such a risk assessment, all threats, vulnerabilities and resulting risks are identified, evaluated and reduced to an acceptable risk through risk mitigation. Due to the dynamic changes with regard to machines and plants as well as information concerning threats and vulnerabilities as a basis for risk assessments, performing security evaluations of industrial production plants is required more and more frequently and in shorter intervals. However, current analyses and certifications in the area of security are resource and time consuming since they are always performed manually by security experts and depend heavily on the expertise, knowledge and experience of the respective expert conducting the analysis. This also means that results might not be objective and of different quality.

Within the scope of the proposed project, a software- and machine-learning-based support tool for risk assessments of industrial production plants is developed which can reduce the effort for security certifications by up to 20% with regard to time and 50% with regard to financial costs. In order to achieve this, machine learning approaches for security risk assessment will be integrated and the level of automation will be increased so that security experts are supported during routine tasks. Additionally, this will allow for faster and well-founded decisions with regard to security.

This project is promoted by:
Ministerium für Wirtschaft, Industrie, Klimaschutz und Energie des Landes Nordrhein-Westfalen (MWIKE NRW)
Sponsors: Projektträger Jülich
Funding Code: 005-2211-0018
Funding Lines: it's OWL Spitzencluster
Employees: Lisa Gebauer, B. Sc., Dr.-Ing. Marco Ehrlich
Promoted by
Projektträger