Advanced persistent threats (APT) are complex, targeted and effective attacks on critical IT infrastructures (CIs) and confidential data from government agencies, large and medium-sized enterprises. The establishment of an APT Competence Center (APT-CC) for monitoring and investigating espionage and sabotage in state-security-relevant organizations and critical infrastructures is a declared goal of the Austrian security ministries in terms of increasing national resilience (e.g., BMI's Security Doctrine for 2017-2020). In order to be able to set up an APT-CC effectively, it is essential to work out the foundational basis with respect to resources, equipment and relevant services of such an APT-CC in advance. This project is to be carried out as part of the KIRAS study APT-CC.
The project is pursuing several goals. In a first investigation of well-known APT cases in Austria and other European countries, the similarities (in terms of attack vectors used, procedures, but also subsequent investigations, etc.) should be identified. The goal is to come up with a consolidated definition of an Advanced Persistent Threat case wrt the situation in Austrian, and define under which conditions an APT-CC would become active; which clearly differs from the competences of the Cyber Crime Competence Center and other governmental bodies, e.g. national defense.
Another goal is to investigate the applicability of various technologies in the regular operation of an APT-CC. Cyber security sensor networks, which are already in use internationally, also play a role in authorities and possibly critical infrastructures, as do highly complex forensic methods for dealing with events after a complex incident. The use of such complex technical resources also requires the establishment of the necessary processes and appropriate training of the employees. These aspects are considered in closer detail based on established CERT processes.
Parallel to the technical-organizational investigations, the legal situation is also in scope of this studies. In particular, the applicability of the investigated technologies (sensor networks, forensics wrt. GDPR), as well as the current legal framework for setting up an APT-CC (intelligence services and their competencies) will be developed.
The planned result of APT-CC is therefore a study, which sheds light on the implementation variants of an APT competence center. The aim is to improve cyber security for security-related businesses (especially those in the area of critical infrastructures) and the exchange between state and non-state cyber security agencies. In particular, this concerns possible services of such a center (especially within the authorities), as well as the implementation variants of these and coexistence with initiatives/activities of other authorities or existing structures.
Dr. Dr. Florian Skopik, AIT Austrian Institute of Technology
REPUCO Unternehmensberatung GmbH
Technische Universität Wien
Bundesministerium für Inneres
Dr. Dr. Florian Skopik
Thematic Coordinator Cyber Security
Security & Communication Technologies
Center for Digital Safety & Security
AIT Austrian Institute of Technology GmbH