KIRAS Security Research

2017

ACCSA – Austrian Cyber Crises Support Activities

The variety of news items, cyber security bulletins and crime reports (on, e.g., Ransomware, phishing, DDoS, CEO Fraud) in 2016 showed how complex cyber incidents can be. These attacks exploited both known and unknown attack vectors in course of highly developed APT attacks affecting both SMEs and large enterprises.

The occurrence of a nationwide cyber incident due to multiple simultaneous cyber attacks on e.g. critical infrastructure providers is therefore only a matter of time. In this case it is planned to activate the national cyber crisis management (CKM). While the structure of the CKM is currently mainly discussed in working groups of the affected ministries (BMI, BKA, BMLVS), an EU-wide cyber PPP is also being developed within the framework of the ECSO (European Cyber Security Organization) to prepare in the best possible way for future cyber incidents. Further documents, such as the EU NIS Directive or the Austrian Strategy for Cyber Security (ÖSCS) explicitly propose preparation through cyber exercises with real-time security simulations, or training. Similar developments regarding cyber exercises are already carried out in various circles (for example, KSÖ cybersecurity planning game, ENISA Cyber Europe, NATO CCD CoE). Even in “traditional” crisis and catastrophe management regular exercises (for example, the practice of a chemical accident) have proved to be a feasible means to enable all parties involved to practice. However, a similar use of training and exercise concepts, especially for CKM with technical and organizational support is not yet available. Current exercises often focus on non-dynamic and linear exercises. Technical products for training are currently only commercially offered, available only to members of certain specialist circles and not open to the public.  

ACCSA aims to close this gap and to prepare for cyber crises with comprehensive training, exercise and evaluation concepts for all CKM stakeholders, thereby reducing response times and error rates in the event of a real cyber crisis. The CKM concepts, processes, and methods are supported by the implementation of a CKM Toolbox, a system for software- supported training and exercise that spans over several CKM communication levels (e.g., engineering, management, first responder, policy makers). For the first time CKM training and practice concepts for all relevant stakeholders will be thoroughly analyzed in the project as well as technical and organizational support measures implemented based on the state of the art and previous project results. For this purpose, the processes and methods are implemented in demonstrators / extensions based on defined CKM requirements so that, for example, the exercise control can playback cyber incidents in real-time and evaluate actions semi-automatically. For the first time, the toolbox supports the analysis and validation of a wide range of options through non-linear and dynamic exercise paths based on the exploratory scenario analysis. These and a large number of innovations contribute to the preparation for the emergency case and thus also to increase the long-term increase in national cybersecurity. In addition, legal experts examine and evaluate the options of course of actions developed in complex CKM scenarios and assess whether these options also comply with the applicable legal framework (e.g. NIS Directive, GDPR). 

After the end of the project, the results of the project will be further developed in a variety of target groups. In the medium term, this will lead to new business segments among the economic partners involved (and additional important economic impact beyond these partners). This expectation is also supported by the requirements of the NIS RL, as well as relevant standards (BSI), according to which only regular training and exercise can actually adequately prepare for major CKM events. This would make any company with a greater need for cyber security a potential customer of training and training services developed based on ACCSA results. 

Project Coordinator
Dr. Dr. Florian Skopik, AIT Austrian Institute of Technology 

Project Partners
Secure Business Austria
REPUCO Unternehmensberatung GmbH
Infraprotect GmbH
T-Systems Austria
Universität Wien, Rechtswissenschaftliche Fakultät
Computer Emergency Response Team CERT.at / NIC.at
Bundesministerium für Inneres
Bundeskanzleramt
Bundesministerium für Landesverteidigung und Sport 

Contact:
Dr. Dr. Florian Skopik
Senior Scientist ICT Security
Center for Digital Safety & Security
Business Unit Information Management

AIT Austrian Institute of Technology GmbH
Donau-City-Straße 1 | 1220 Wien | Austria
M +43 664 8251495 | F +43(0) 50550-4150
florian.skopik@ait.ac.at  |  http://www.ait.ac.at 

print