Content and aim of the publication
In his work-in-progress paper entitled "Requirements Analysis for the Evaluation of Automated Security Risk Assessments", inIT employee Marco Ehrlich focussed on the development of an automated approach for security risk assessments in industrial automation and control systems (IACSs).
The increasing importance of end-to-end security technologies for industrial components, modules and systems is undeniable in view of the rapid development of Industry 4.0 and the growing threat situation. The assessment of security risks is crucial for the safe operation of IACS, but is often neglected due to a shortage of resources and experts. Methods for modelling information and processes have already been developed to automate security risk assessment, but comprehensive assessment is not yet a standard.
The paper describes the challenges and current state of research in this area and aims to evaluate the concept of automated security risk assessment. It analyses the related work and identifies the main shortcomings. The results include a detailed analysis of verification requirements and an outlook on future aspects of assessment.
The paper and Marco's participation in WFCS 2024 was funded by the SUSI project.
About the SUSI project
The SUSI project aims to automate security risk assessments in industry to significantly reduce time and cost. Given the increasing risk from cyber threats and the growing complexity of industrial automation systems, efficient risk assessment is becoming increasingly important.
The project was initiated by the research programme SUSI (Software-based Support of Security Risk Assessments in Industry) and is headed by Prof. Dr. Henning Trsek.
Further information on the SUSI project can be found here:https://www.init-owl.de/forschung/projekte/detail/software-basierte-unterstuetzung-von-security-risikobeurteilungen-in-der-industrie/