Digitalization is a twofold challenge for small municipalities and mid-sized cities: On the one hand, processes within the city should be handled digitally and citizens should be given access to digitalized municipal services; on the other hand, resources for implementing digitalization are scarce outside metropolitan regions. In this setting, IT security takes on an essential role as municipal systems must be protected against security incidents and also citizens must trust these systems in order to use them. The paradigm of Security Orchestration, Automation and Response (SOAR) offers great potential for small and medium-sized cities to counter security threats with a clear strategy as well as a high degree of automation, using the scarce resources effectively, e.g. in the events of cyberattacks or malware infections. Here, machine learning techniques are increasingly utilized to protect the infrastructure and detect incidents. But the specific requirements and implementation options for the digitization of small and medium-sized cities are still largely unexplored. This subproject aims to fill this research gap by specifically exploring the threat landscape for municipal IT infrastructure, creating methods to detect vulnerable and critical systems, and developing a SOAR strategy for small and mid-sized cities. This strategy includes AI-powered automation through machine learning and response plans for potential security incidents. While parts of previous SOAR strategies may be transferred, for example from the logistics sector, small and medium-sized cities require their own adapted IT security mechanisms as their structure differs from that of companies. This subproject will ultimately present a SOAR platform, to make potential attack targets visible and enable rapid responses under scarce resource availability. In addition, the aim is to strengthen trust in municipal IT systems by making the security gained through SOAR clearly visible and understandable to administrative employees and citizens alike. Therefore, this subproject makes its own contribution to the IT security of small and medium-sized cities by researching SOAR methods and at the same time integrates itself into the context of the overall project goal, through joint work on energy infrastructure and city administration, as well as by gaining knowledge on trust and competences in dealing with IT security.
Hupperich, Thomas | Junior professorship of Cyber Security (Prof. Hupperich) (IT-Security) |
Hupperich, Thomas | Junior professorship of Cyber Security (Prof. Hupperich) (IT-Security) |
Scholta, Hendrik | Chair of Information Systems and Information Management (IS) |