IT-Security in Critical Infrastructures Experiences, Results and Research Directions

  • Ulrike LechnerEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11319)


IT security in critical infrastructures is one of the main challenges in informatics today. This contribution shares results and experiences from the research project VeSiKi. The discussion begins with the human factor in cybersecurity, with economic and strategic approaches to cybersecurity and presents selected results form a case study series on Cybersecurity and an eclectic summary of results from a Cybersecurity research program.


Critical infrastructures IT security Case studies Serious games State-of-the-Art Risk Risk perception 



This research is funded by the German Federal Ministry of Education and Research under Grant Number FKZ: 16KIS0213K.

I would like to thank all case study partners and interviewees for the insights as well as our project partners from VeSiKi and our fellow projects from ITS|KRITIS for their engagement in the collaborative research process of itskritis. I am indebted to the VeSiKi Team and in particular Steffi Rudel as well as Sebastian Dännart, Andreas Rieb, Thomas Diefenbach, Tamara Gurschler, Manfred Hofmeier, and Tim Reimers as well as Kathrin Möslein, Albrecht Fritzsche, Max Jalowski, Matthias Raß, Benedikt Buchner and Andreas Harner for their work on the research results of VeSiKi and itskritis. Dennis Kipker and Sven Müller contributed with their work on norms, standards and Cybersecurity law in VeSiKi to this article.


  1. 1.
  2. 2.
    Bundesgesetzblatt: Gesetz zur Erhöhung der Sicherheit informationstechnischer Systeme (IT-Sicherheitsgesetz, Bundesgesetzblatt Jahrgang 2015 Teil I Nr. 31) (2015)Google Scholar
  3. 3.
    Loch, K.D., Carr, H.H., Warketin, M.E.: Threats to information systems: today’s reality, yesterday’s understanding evolution of computer security. MISQ. 16, 173–187 (1992)Google Scholar
  4. 4.
    VeSiKi: Monitor IT-Sicherheit Kritischer Infrastrukturen. Universität der Bundeswehr München, Neubiberg (2017)Google Scholar
  5. 5.
    Lechner, U.: Monitor 2.0 IT-Sicherheit Kritischer Infrastrukturen (2018)Google Scholar
  6. 6.
    Kipker, D.-K., Müller, S.: Internationale Cybersecurity-Regulierung (2018)Google Scholar
  7. 7.
    Rieb, A., Gurschler, T., Lechner, U.: A gamified approach to explore techniques of neutralization of threat actors in cybercrime. In: Schweighofer, E., Leitold, A., Mitrakas, A., Rannenberg, K. (eds.) APF 2017, vol. 10518, pp. 87–103. Springer, Heidelberg (2017). Scholar
  8. 8.
    Badke-Schaub, P., Hofinger, G., Lauche, K.: Human Factors - Psychologie sicheren Handels in Risikobranchen. Springer, Heidelberg (2012)Google Scholar
  9. 9.
    Thaler, R.H., Sunstein, C.R.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haeven (2008)Google Scholar
  10. 10.
    Norton, M., Mochon, D., Ariely, D.: The “IKEA Effect”: When Labor Leads to Love (2011)Google Scholar
  11. 11.
    Bhanu, Y., et al.: A cyberthreat search process and service. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP 2016 (2016)Google Scholar
  12. 12.
    Ponemon Institute and Accenture: 2017 Cost of Cyber Crime Study, p. 56 (2017)Google Scholar
  13. 13.
    McFarland, C., Paget, F., Samani, R.: The hidden data economy - the marketplace for stolen digital information (2015)Google Scholar
  14. 14.
    Brown, J.P.: Toward an economic theory of liability. J. Legal Stud. 2, 323–349 (1973)CrossRefGoogle Scholar
  15. 15.
    Enisa: Introduction to Return on Security Investment, p. 18 (2012)Google Scholar
  16. 16.
    Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. 5, 438–457 (2002)CrossRefGoogle Scholar
  17. 17.
    Gordon, L.A., Loeb, M.P., Zhou, L.: Investing in cybersecurity: insights from the Gordon-Loeb model. J. Inf. Secur. 07, 49–59 (2016)Google Scholar
  18. 18.
    Lechner, U., Dännart, S., Rieb, A., Rudel, S.: IT-Sicherheit in Kritischen Infrastrukturen: Fallstudien zur IT-Sicherheit in Kritischen Infrastrukturen. Logos Verlag, Berlin (2018)CrossRefGoogle Scholar
  19. 19.
    Zetter, K.: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. Broadway Books, Portland (2015)Google Scholar
  20. 20.
    Kipker, D.-K.: VPN-Tunnelabschaltung und „ Chinese Cybersecurity Law “ – wohl mehr Mythos als Realität. DuD - Datenschutz und Datensicherheit 42(9), 574–575 (2018)CrossRefGoogle Scholar
  21. 21.
    Kipker, D.-K.: Pläne für ein Datenschutzgesetz in Indien: Untersuchung des White Paper des Expertenkomitees (2018, to appear)Google Scholar
  22. 22.
    Dännart, S., Diefenbach, T., Hofmeier, M., Rieb, A., Lechner, U.: IT-Sicherheit in Kritischen Infrastrukturen – eine Fallstudien-basierte Analyse von Praxisbeispielen. In: Drews, P., Burkhardt, F., Niemeyer, P., Xie, L. (eds.) Konferenzband Multikonferenz Wirtschaftsinformatik 2018: Data driven X - Turning Data into Value. Leuphana Universität Lüneburg, Lüneburg (2018)Google Scholar
  23. 23.
    Schubert, P., Wölfle, R.: The experience methodology for writing IS case studies. In: Americas Conference on Information Systems, pp. 19–30 (2006)Google Scholar
  24. 24.
    BSI: Industrial Control System Security: Top 10 Bedrohungen und Gegenmaßnahmen 2016 (2016)Google Scholar
  25. 25.
    Lechner, U., Rudel, S.: IT-Sicherheit für Kritische Infrastrukturen. Ergebnisse des Förderschwerpunkts IT-Sicherheit für Kritische Infrastrukturen ITS|KRITIS des BMBF. VeSiKi - Vernetzte IT-Sicherheit Kritischer Infrastrukturen (2018)Google Scholar
  26. 26.
    Rieb, A., Lechner, U.: Operation digital chameleon – towards an open cybersecurity method. In: Proceedings of the 12th International Symposium on Open Collaboration (OpenSym 2016), Berlin, pp. 1–10 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Fakultät für InformatikUniversität der Bundeswehr MünchenNeubibergGermany

Personalised recommendations