Abstract
IT security in critical infrastructures is one of the main challenges in informatics today. This contribution shares results and experiences from the research project VeSiKi. The discussion begins with the human factor in cybersecurity, with economic and strategic approaches to cybersecurity and presents selected results form a case study series on Cybersecurity and an eclectic summary of results from a Cybersecurity research program.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
BSI - Critical Infrastructure Protection in Germany. https://www.bsi.bund.de/EN/Topics/Criticalinfrastructures/criticalinfrastructures_node.html
Bundesgesetzblatt: Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz, Bundesgesetzblatt Jahrgang 2015 Teil I Nr. 31) (2015)
Loch, K.D., Carr, H.H., Warketin, M.E.: Threats to information systems: today’s reality, yesterday’s understanding evolution of computer security. MISQ. 16, 173–187 (1992)
VeSiKi: Monitor IT-Sicherheit Kritischer Infrastrukturen. Universität der Bundeswehr München, Neubiberg (2017)
Lechner, U.: Monitor 2.0 IT-Sicherheit Kritischer Infrastrukturen (2018)
Kipker, D.-K., Müller, S.: Internationale Cybersecurity-Regulierung (2018)
Rieb, A., Gurschler, T., Lechner, U.: A gamified approach to explore techniques of neutralization of threat actors in cybercrime. In: Schweighofer, E., Leitold, A., Mitrakas, A., Rannenberg, K. (eds.) APF 2017, vol. 10518, pp. 87–103. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-67280-9_5
Badke-Schaub, P., Hofinger, G., Lauche, K.: Human Factors - Psychologie sicheren Handels in Risikobranchen. Springer, Heidelberg (2012)
Thaler, R.H., Sunstein, C.R.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haeven (2008)
Norton, M., Mochon, D., Ariely, D.: The “IKEA Effect”: When Labor Leads to Love (2011)
Bhanu, Y., et al.: A cyberthreat search process and service. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP 2016 (2016)
Ponemon Institute and Accenture: 2017 Cost of Cyber Crime Study, p. 56 (2017)
McFarland, C., Paget, F., Samani, R.: The hidden data economy - the marketplace for stolen digital information (2015)
Brown, J.P.: Toward an economic theory of liability. J. Legal Stud. 2, 323–349 (1973)
Enisa: Introduction to Return on Security Investment, p. 18 (2012)
Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5, 438–457 (2002)
Gordon, L.A., Loeb, M.P., Zhou, L.: Investing in cybersecurity: insights from the Gordon-Loeb model. J. Inf. Secur. 07, 49–59 (2016)
Lechner, U., Dännart, S., Rieb, A., Rudel, S.: IT-Sicherheit in Kritischen Infrastrukturen: Fallstudien zur IT-Sicherheit in Kritischen Infrastrukturen. Logos Verlag, Berlin (2018)
Zetter, K.: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Broadway Books, Portland (2015)
Kipker, D.-K.: VPN-Tunnelabschaltung und „ Chinese Cybersecurity Law “ – wohl mehr Mythos als Realität. DuD - Datenschutz und Datensicherheit 42(9), 574–575 (2018)
Kipker, D.-K.: Pläne für ein Datenschutzgesetz in Indien: Untersuchung des White Paper des Expertenkomitees (2018, to appear)
Dännart, S., Diefenbach, T., Hofmeier, M., Rieb, A., Lechner, U.: IT-Sicherheit in Kritischen Infrastrukturen – eine Fallstudien-basierte Analyse von Praxisbeispielen. In: Drews, P., Burkhardt, F., Niemeyer, P., Xie, L. (eds.) Konferenzband Multikonferenz Wirtschaftsinformatik 2018: Data driven X - Turning Data into Value. Leuphana Universität Lüneburg, Lüneburg (2018)
Schubert, P., Wölfle, R.: The experience methodology for writing IS case studies. In: Americas Conference on Information Systems, pp. 19–30 (2006)
BSI: Industrial Control System Security: Top 10 Bedrohungen und Gegenmaßnahmen 2016 (2016)
Lechner, U., Rudel, S.: IT-Sicherheit für Kritische Infrastrukturen. Ergebnisse des Förderschwerpunkts IT-Sicherheit für Kritische Infrastrukturen ITS|KRITIS des BMBF. VeSiKi - Vernetzte IT-Sicherheit Kritischer Infrastrukturen (2018)
Rieb, A., Lechner, U.: Operation digital chameleon – towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, pp. 1–10 (2016)
Acknowledgements
This research is funded by the German Federal Ministry of Education and Research under Grant Number FKZ: 16KIS0213K.
I would like to thank all case study partners and interviewees for the insights as well as our project partners from VeSiKi and our fellow projects from ITS|KRITIS for their engagement in the collaborative research process of itskritis. I am indebted to the VeSiKi Team and in particular Steffi Rudel as well as Sebastian Dännart, Andreas Rieb, Thomas Diefenbach, Tamara Gurschler, Manfred Hofmeier, and Tim Reimers as well as Kathrin Möslein, Albrecht Fritzsche, Max Jalowski, Matthias Raß, Benedikt Buchner and Andreas Harner for their work on the research results of VeSiKi and itskritis. Dennis Kipker and Sven Müller contributed with their work on norms, standards and Cybersecurity law in VeSiKi to this article.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Lechner, U. (2019). IT-Security in Critical Infrastructures Experiences, Results and Research Directions. In: Fahrnberger, G., Gopinathan, S., Parida, L. (eds) Distributed Computing and Internet Technology. ICDCIT 2019. Lecture Notes in Computer Science(), vol 11319. Springer, Cham. https://doi.org/10.1007/978-3-030-05366-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-05366-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05365-9
Online ISBN: 978-3-030-05366-6
eBook Packages: Computer ScienceComputer Science (R0)