The IT systems of small and medium-sized enterprises (SMEs) are at particular risk of falling victim to cyberattacks. The advance of digitalization and a lack of financial resources and specialist knowledge make these enterprises a relatively easy target for attackers. To help SMEs protect themselves effectively against cyberattacks, partners from the worlds of science and industry have worked together on the IUNO Insec project, funded by the German Federal Ministry of Education and Research (BMBF), to develop easy-to-implement solutions. These include:

• easy-to-use threat modeling and automatic anomaly detection tools
• solutions for greater security when using industrial clouds
• secure remote access to machines, e.g. for secure remote maintenance
• verifiable, trustworthy usage management in distributed digitalized value creation networks

According to the IT association Bitkom, German businesses suffered €223 billion in losses due to cybercrime in 2020. That is more than double the losses from two years before. Many large businesses have since strengthened their security precautions, but small and medium-sized enterprises (SMEs) often lack the necessary financial resources and specialist knowledge. Because of this, they are increasingly being targeted by malicious hackers.

Between 2015 and 2018, the IUNO research project developed a sound basis of security concepts and solution modules for SMEs, implemented prototypes of these and used demonstrators to showcase their added value. As part of the successor project funded by the German Federal Ministry of Education and Research (BMBF), IUNO Insec, partners from the worlds of science and industry expanded on these basic concepts, developing them into easy-to-implement solutions to enable SMEs from the industrial environment in particular to raise their own level of IT security. The IUNO Insec partners are the Fraunhofer Institute for Applied and Integrated Security AISEC (project coordinator), accessec GmbH, axxessio GmbH, the German Research Center for Artificial Intelligence (DFKI), the Fraunhofer Institute for Secure Information Technology SIT and the Technical University of Darmstadt, Department of Data Processing in Construction (DiK).

The IUNO Insec project has given rise to tools that have helped SMEs to determine their own level of security, set their desired protection targets and put in place suitable measures to achieve those targets. This enables SMEs to continuously evaluate the status of their own IT security and adapt it early on, for example in response to new risks or new legislative or customer requirements:

 

IIoT security evaluation testbed (headed by Fraunhofer AISEC)

The testbed that has been developed enables dynamic configuration of industrial network components that can even be used by third parties. It can be used to simulate how the production environment will behave with or without security solutions if an attack takes place. The testbed only requires a web server, which makes it easier to implement in SMEs. The library of supported IIoT components is preconfigured and can be used dynamically with drag-and-drop. End users can also configure their own devices.

Data-based anomaly detection (headed by Fraunhofer AISEC)

This methodology can be used to expose anomalies in different data scenarios, for example in image files, network data flows and financial data. Undesirable situations caused by IT attacks on production components, for example, can be identified at an early stage so that countermeasures can be initiated. The method is particularly suitable for use in varied production landscapes and can be set up and executed without prior knowledge of possible anomalies.

Continuous threat modeling (headed by Fraunhofer SIT)

Threat and risk models are document-intensive and complex. A browser-based graphical user interface makes it easier to draw up architectural models as a basis for threat modeling. By using a modeling language and a graphical tool to draw up threat patterns, existing architectural models can be continuously analyzed in a simple, user-friendly way. 

BAScloud (headed by accessec)

BAScloud (Building Automation System) maps data from local infrastructure onto a digital twin in the cloud. This is done through digital capture, standardization, storage and provision of measurements. Target values can also be sent back securely into the infrastructure. It has an interface (API) to provide relevant data to third-party systems and services. A system of roles and rights allows permissions to be managed in fine detail. The technical network is separated from the internet, protecting it from possible cyberattacks. BAScloud is available through the software-as-a-service (SaaS) model.

Secure remote access to assets and machines on the business network (headed by axxessio)

This solution is specially designed for the use of secure remote management services. A combination of VPN and SDN technologies creates secure connections from outside to a specified end point on the business network. The necessary checks are managed automatically. For the purpose of user-friendly process design, the remote maintenance assignments are planned and executed via a cloud platform with an encrypted, authenticated connection. The technologies used are open source. This means they are not dependent on third-party providers and are continuously developed by the community.

Attribute-based usage management (headed by the Technical University of Darmstadt)

Digitalized value creation networks are characterized by a dynamic number of very different participants. Attribute-based usage management makes it possible to set up fine-grained usage rules, while the SDN technology allows usage or communication to be monitored and managed. The dynamic, flexible and differentiated authorization and usage control increases the confidentiality and integrity of digital communication. It can be operated on standard hardware; SDN switches are the only extra required.

Simulation-based usage control (headed by the Technical University of Darmstadt)

Optimizing the use of attribute-based usage control requires precise information about the system to be monitored. A digital twin can provide this information based on behavioral simulations originating from product development. Comparing simulated system statuses in the digital twin with permitted system statuses is particularly useful for refining usage control. The simulation model can be operated on standard hardware.

Anomaly detection and deception proxy (headed by DFKI)

Insider threats and advanced persistent threats (APTs) are often not discovered until too late, sometimes several months after they have infected the network. With deception-based anomaly detection, however, they can be detected at an early stage. An attacker searching the network for vulnerable servers is presented by the upstream deception proxy with a fabricated login page. Any interaction with this bait will expose the attacker. The proxy-based implementation makes it very easy for SMEs to use deception-based defense because the deception elements, known as honeytokens, do not need to be stored in the productive systems, but can be infiltrated into network traffic.

The IUNO Insec project ran from October 2018 to June 2022 and had a volume of €4.5 billion (85% of which was grant volume from the BMBF).