BMBF: SILK

SILK – Assessment of security incidents in critical infrastructure and generation of recommended actions for personnel by AI-based text mining.

Energy and water supply systems are of high importance for the economic and social well-being of the population. According to EU Directive 2008/114/EC, these are critical infrastructures, or KRITIS for short. In order to secure the standard of living and value creation in Germany, it is necessary to protect these KRITIS.

Energy and water supply systems consist of distributed and connected subsystems. These in turn are controlled and monitored by distributed automation components, such as actuators, sensors and controllers. To ensure reliable operation of these systems, the correct functioning of the communication networks is crucial. Network analysis systems enable the monitoring of communication between different network components and can detect security incidents.

When a security incident is detected, service staff from the KRITIS operator assess it and determine a course of action. Today, this process typically takes several hours, as service personnel must first travel to the location of the affected system and then obtain replacement parts if necessary.

Interpreting security incidents and drawing conclusions about the cause is difficult, especially in the case of network problems, and requires a high level of IT expertise. Today, the complexity often overwhelms the operating personnel and leads to long downtimes and a high threat level. IT structures in particular are vulnerable to outside threats, as disruptions often do not require direct physical system access.

The overall goal of the project is to research and develop an AI-based solution approach to automatically assess events and generate recommended actions for service personnel of KRITIS operators. To this end, the following steps will be taken:

  • Learning an event model from event reports (text documents are evaluated by machine and a mathematical representation is generated)
  • Learning a network model from network events
  • Correlation of the event model and the network model to evaluate security incidents (both models have to be correlated e.g. mapping of network address and location of the physical system)
  • Generation of recommended actions for service personnel
  • Automatic configuration adjustment of network analysis systems
  • Explainability of AI decisions

Duration: 01.08.2021 – 31.07.2024

Project partners

KASSELWASSER

SachsenEnergie

Achtwerk

Helmut-Schmidt-University / University of the Federal Armed Forces Hamburg

Fraunhofer IOSB-INA

The SILK project is funded by the German Federal Ministry of Education and Research under the “Research for Civil Security 2018 to 2023” funding program.

HSU

Letzte Änderung: 20. November 2023