IT-Security
Stratgic Security Orchestration, Automation & Response for Digitizing Mid-sized Towns
Digitalization is a twofold challenge for small municipalities and mid-sized towns: On the one hand, processes within the town should be handled digitally and citizens should be given access to digitalized municipal services; on the other hand, resources for implementing digitalization are scarce outside metropolitan regions. In this setting, IT security takes on an essential role as municipal systems must be protected against security incidents and also citizens must trust these systems in order to use them. The paradigm of Security Orchestration, Automation and Response (SOAR) offers great potential for small and mid-sized towns to counter security threats with a clear strategy as well as a high degree of automation, using the scarce resources effectively, e.g. in the events of cyberattacks or malware infections. Here, machine learning techniques are increasingly utilized to protect the infrastructure and detect incidents. But the specific requirements and implementation options for the digitization of small and mid-sized towns are still largely unexplored. This sub-project aims to fill this research gap by specifically exploring the threat landscape for municipal IT infrastructure, creating methods to detect vulnerable and critical systems, and developing a SOAR strategy for small and mid-sized towns. This strategy includes AI-powered automation through machine learning and response plans for potential security incidents. While parts of previous SOAR strategies may be transferred, for example from the logistics sector, small and mid-sized towns require their own adapted IT security mechanisms as their structure differs from that of companies. This sub-project will ultimately present a SOAR platform, to make potential attack targets visible and enable rapid responses under scarce resource availability. In addition, the aim is to strengthen trust in municipal IT systems by making the security gained through SOAR clearly visible and understandable to administrative employees and citizens alike. Therefore, this sub-project makes its own contribution to the IT security of small and mid-sized towns by researching SOAR methods and at the same time integrates itself into the context of the overall project goal, through joint work on energy infrastructure and city administration, as well as by gaining knowledge on trust and competences in dealing with IT security.