Project SILK: Security incident assessment through AI-based text mining

Welcome to the website of the SILK project. Here you will find information about the project as well as current event information and contact persons.

Challenge

Energy and water supply systems safeguard the economic and social well-being of the population and are critical infrastructures (KRITIS for short) according to EU Directive 2008/114/EC. Protecting critical infrastructures from threats is therefore one of the essential basic requirements for quality of life and value creation in Germany.

Energy and water supply systems consist of distributed and interconnected subsystems that are largely controlled and monitored by automation components that are also distributed, such as controllers, sensors and actuators. The reliable operation of these systems depends, among other things, directly on the functioning of the communication networks, i.e., these networks are becoming the focus of measures to maintain KRITIS. Today, network analysis systems can be used to monitor communication between components and detect security incidents. Such a security incident, like the failure of a communication link, can result in a disruption of the energy and water supply.

A security incident detected by the network analysis system is then first evaluated by the KRITIS operator's service personnel and a course of action is determined, e.g., "replace the failed communication system." Today, this process usually takes several hours, since the service personnel must first travel to the location of the affected system (systems distributed over a large area in cities and rural regions) and, if necessary, obtain replacement parts.

In any case, interpreting the warning messages and drawing conclusions about the cause, especially in the case of network problems, is generally very difficult on the one hand and requires a high level of IT expertise on the other. In other words, such errors and threats today usually overwhelm the operating personnel and therefore lead to long downtimes and a high threat level. In addition, IT structures in particular are susceptible to remote threats, as most malfunctions do not require physical system access.

 

Solution approach



The overall goal of the project is to research and develop an AI-based solution approach to automatically assess events and generate recommended actions for service personnel of KRITIS operators (see Figure 1). This is composed of several components:

  • Learning of an event model from event reports (text documents are evaluated by machine and a mathematical representation is generated)
  • Learning a network model from network events
  • Correlation of the event model and the network model for the assessment of security incidents (both models have to be correlated e.g. mapping of network address and location of the physical system)
  • Generation of recommendations for action for the service personnel
  • Automatic configuration adjustment of network analysis systems
  • Explainability of AI decisions

Profile

Project title: Assessing security incidents in critical infrastructure and generating recommended actions for personnel using AI-based text mining.
Runtime: 01.08.2021 – 31.07.2024
Funding: Bundesministerium für Bildung und Forschung (BMBF)
Goal: Research and development of an AI-based solution approach to automatically assess events and generate recommended actions for service personnel of KRITIS operators.

Partner

KASSELWASSER was created in 2012 from the Kassel drainage company. KASSELWASSER is responsible for the planning, construction and operation of all wastewater facilities. KASSELWASSER now also bears responsibility for the water supply. The associated fixed assets were leased. Städtische Werke Netz + Service GmbH (NSG) is entrusted with the technical management of the water supply. This includes construction, operation and maintenance of the water supply facilities.

SachsenEnergie is the regional performance leader in the energy sector and ensures the best quality of life in Saxony with modern, market-driven solutions for electricity, gas, heating, water, telecommunications, electromobility and smart services. Every day, around 3,300 employees are committed to providing a comprehensive range of services for the people and companies in Dresden and the region.

Achtwerk is the manufacturer of the IRMA security appliance for critical infrastructures and networked automation in production plants.

Helmut Schmidt University was founded in Hamburg in 1972 at the instigation of the then Federal Minister of Defense, Helmut Schmidt (SPD). The Bundeswehr uses the university for the academic training of soldiers in the career of military officers. Like the Universität der Bundeswehr München, the university is part of the civilian organizational area of personnel and the portfolio of the Federal Ministry of Defense.

Stimmen zum Projekt

"As KASSELWASSER, we expect the project to lead to the development of an AI prototype that supports us in detecting a cyber attack and guarantees the operation of our critical infrastructure with recommendations for action in the event of a threat. This is a particularly high priority for us, as our processes have a high degree of automation and the cyber threat situation will continue to intensify in the future."

Andreas Studemund

Head of the Automation and Information Technology Staff Unit

KASSELWASSER

"Participation in this project gives DREWAG, a SachsenEnergie company, the opportunity to collaborate on the development of practical solutions for AI-assisted assessment of security incidents. We expect future AI-assisted recommendations to help service personnel more quickly identify and isolate security incidents and take initial action."

DREWAG - Stadtwerke Dresden GmbH