In Austria and Germany, the number of cyber threats is on the rise and there have been cyber incidents in both countries that threaten the security of civil society. Cyber threats have the potential to cause long-lasting disruptions to businesses and entire supply chains; recovery is not always easy. As a result, such events can have serious consequences for individuals, businesses, and government organizations. Therefore, both Germany and Austria have invested significantly in corporate IT security in recent years, especially in critical infrastructure, partly under the influence of the EU's NIS Directive. The next step for both countries is to create awareness of how to respond to cyber incidents and to build competencies in this regard to restore the availability of services or critical infrastructures as quickly as possible in the event of a threat.
The CONTAIN project aims to raise awareness of incident response topics and their subsequent processes, as well as their corresponding reference processes. It aims at the following three main aspects: (1) to reduce the impact of cyber-attacks, (2) to reduce the number and criticality of successful cyber-attacks, and (3) to increase the efficiency of cyber-attack detection. CONTAIN focuses on processes and procedures that are necessary to respond resiliently to IT security incidents, minimize their impact, remediate vulnerabilities, and increase the robustness and sovereignty of systems. For this purpose, CONTAIN plans to use serious games, i.e., games with a serious purpose, to challenge the behaviors of users and to analyze, define, and validate both operational and decision-making processes. In addition, there is a focus on developing and validating crisis management and coordinating actors together with their responsibilities within the supply chains. This information will be integrated into a simulation model to identify critical processes as well as potential bottlenecks in resources and capacity. Further, relevant possibilities to optimize processes will be derived, which are especially suitable for small and medium-sized enterprises (SMEs).
Accordingly, joint research between Austria and Germany can help to establish the capabilities to be developed efficiently and effectively and to learn from each other in the course of this process. In this respect, the Austrian side benefits especially from the provision of scenarios and serious games by the German consortium as well as from the analytical competencies on virtual currencies and liquidity in crises. The German side benefits from a related analysis of cascading effects as well as perspectives from crisis management and crisis communication. Both consortia benefit from joint activities on the design and validation of serious games. Ultimately, the bilateral collaboration should help to identify and reflect on national procedures in crisis preparedness in order to achieve at better solutions. The application domains of the project are transport and traffic, which are classified as critical infrastructure in Germany, Austria and on an European level.
Gregor Langner, MSc
AIT Austrian Institute of Technology
- Bundesministerium für Landesverteidigung (BMLV)
- Gartner KG
- KWIZDA HOLDING GMBH
- Roland Spedition GmbH
- team Technology Management GmbH
- Universität für Bodenkultur Wien
- Universität Wien
- VICESSE Research GmbH