@misc{11915, abstract = {{With the human factor being identified as the weakest link in the chain of information security, we investigate the effects of the COVID-19 pandemic on approaches to develop awareness trainings. Following the literature approach of vom Brocke, we identify five focus areas in recent literature which we are able to divide further into supporting effects and human factors for information security awareness trainings. Furthermore, we identify research gaps in current literature which can inspire future investigations.}}, author = {{Meister, Robin and Guhr, Nadine}}, booktitle = {{Wirtschaftsinformatik 2024 Proceedings}}, keywords = {{Information Security, Literature Review, Human Factor, Education, Awareness}}, location = {{Würzburg}}, pages = {{16}}, publisher = {{WI}}, title = {{{Recent Insights in Information Security Awareness Training: A Systematic Literature Review }}}, year = {{2024}}, } @misc{12831, abstract = {{The overall Industry 4.0 developments and the highly dynamic threat landscape enhance the need for continuous security engineering of industrial components, modules, and systems. Security risk assessments play a major role to ensure a secure operation of Industrial Automation and Control Systems (IACSs) but are mostly neglected due to missing resources and a lack of human experts for the sophisticated manual tasks. Therefore, a method for information and process modelling regarding the automation of security risk assessments has been previously designed, but not yet evaluated. This work in progress begins the evaluation of the automated security risk assessment concept by investigating the related work and identifying the main deficits. The results include a requirements analysis for the verification and an outlook towards future evaluation aspects.}}, author = {{Ehrlich, Marco and Lukas, Georg and Trsek, Henning and Jasperneite, Jürgen and Kastner, Wolfgang and Diedrich, Christian}}, booktitle = {{2024 IEEE 20th International Conference on Factory Communication Systems (WFCS)}}, isbn = {{979-8-3503-1935-4}}, issn = {{2835-8511}}, keywords = {{Industry 4.0, Security, Risk Assessment, Automation, Requirements, Evaluation, Verification}}, location = {{Toulouse, FRANCE}}, pages = {{180--183}}, publisher = {{IEEE}}, title = {{{Requirements Analysis for the Evaluation of Automated Security Risk Assessments}}}, doi = {{10.1109/wfcs60972.2024.10540830}}, year = {{2024}}, } @misc{12875, abstract = {{Manufacturing systems based on Industry 4.0 concepts provide a greater availability of data and have modular characteristics enabling frequent changes. This raises the need for new security engineering concepts that cover the increasing complexity and frequency of mandatory security risk assessments. In contrast, the current standardization landscape used for the assessment of these systems only offers abstract, static, manual, and resource-intensive procedures. Therefore, this work proposes a method that further specifies the IEC 62443 aiming to automate the security risk assessments in such a way that manual efforts can be reduced and a consistent quality can be achieved. The methodology is presented using network segmentation as a guiding example and consists of four main steps: Information collection based on a process analysis, information formalisation with a semi-formal model, information usage applying first order logic to extract expert knowledge, and information access using the concept of the digital twin. In addition, the applicability of the IEC 62443 standard to the risk assessment of modular manufacturing systems is evaluated.}}, author = {{Ehrlich, Marco and Bröring, Andre and Diedrich, Christian and Jasperneite, Jürgen}}, booktitle = {{Automatisierungstechnik : AT }}, issn = {{2196-677X}}, keywords = {{sasset administration shell, automation, information model, modular manufacturing system, risk assessment, security}}, number = {{6}}, pages = {{453--466}}, publisher = {{Walter de Gruyter GmbH}}, title = {{{Towards automated risk assessments for modular manufacturing systems}}}, doi = {{10.1515/auto-2022-0098}}, volume = {{71}}, year = {{2023}}, } @misc{12995, abstract = {{Due to Industry 4.0 developments, the demanded modularity of manufacturing systems generates additional manual efforts for security experts to guarantee a secure operation. The rising utilization of information and the frequent changes of system structures necessitate a continuous and automated security engineering, especially by application of the mandatory security risk assessments. Collecting the required information for these assessments and formalising expert knowledge shall improve the security of modular manufacturing systems in the future. In order to automate the security risk assessment process, this work proposes a method to determine the Target Security Level (SL-T) in conformance to the IEC 62443 standard based on the MITRE ATT&CK framework and the Intel Threat Agent Library (TAL).}}, author = {{Ehrlich, Marco and Bröring, Andre and Diedrich, Christian and Jasperneite, Jürgen and Kastner, Wolfgang and Trsek, Henning}}, booktitle = {{2023 IEEE 21st International Conference on Industrial Informatics : INDIN 2023 : 17-20 July 2023, Lemgo, Germany}}, editor = {{Jasperneite, Jürgen}}, isbn = {{978-1-6654-9314-7}}, keywords = {{Integrated circuits, Industries, Libraries, Security, Risk management, IEC Standards, Interviews}}, location = {{Lemgo}}, publisher = {{IEEE}}, title = {{{Determining the Target Security Level for Automated Security Risk Assessments}}}, doi = {{10.1109/indin51400.2023.10217902}}, year = {{2023}}, } @article{6932, abstract = {{n order to ensure the safety and security of industrial systems with regard to all life cycle phases from development through operation to disposal, specific regulatory and normative requirements are imposed. Due to the digitalization, interconnection, and constantly increasing complexity of manufacturing systems in the context of Industrie 4.0, the manual effort necessary to achieve the required safety and security is becoming ever greater and almost impossible to manage, especially for small and medium-sized enterprises. Therefore, this paper examines the existing challenges in this area in more detail and gives an outlook on the possible solutions to ensure safety and security much quicker and with less manual effort. The overall vision is a (partially) automated risk assessment of modular systems with respect to safety and security, including the alignment of the corresponding processes from both domains and the formalization of the information models needed.}}, author = {{Ehrlich, Marco and Bröring, Andre and Harder, Dimitri and Auhagen-Meyer, Torben and Kleen, Philip and Wisniewski, Lukasz and Trsek, Henning and Jasperneite, Jürgen}}, issn = {{1613-7620}}, journal = {{Elektrotechnik und Informationstechnik : e & i}}, keywords = {{safety, security, alignment, automation, processes, models}}, number = {{6}}, pages = {{454--461}}, publisher = {{Springer}}, title = {{{Alignment of safety and security risk assessments for modular production systems}}}, doi = {{10.1007/s00502-021-00927-9}}, volume = {{138}}, year = {{2021}}, } @inproceedings{11147, abstract = {{The current developments towards the visions of Industrie 4.0 will create open and dynamic architectures being supervised by Industrial Automation and Control Systems. Due to this new connectivity and flexibility, future industrial production systems need to be inspected during all phases of the whole lifecycle from a security point of view as well. Frequent reconfiguration and adaptation based on smart services impose advanced requirements on the audits and certification with regard to security. To facilitate that, this work presents an approach for the modeling of security requirements and capabilities within the Industrial Reference Architecture and evaluates it based on the concrete system architectures of a number of industrial use cases. The result is the Sec4ICS tooling-based concept for the automated assessment of security-related functionalities within industrial systems.}}, author = {{Ehrlich, Marco and Gergeleit, Martin and Trsek, Henning and Lukas, Georg}}, booktitle = {{25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)}}, isbn = {{978-1-7281-8957-4}}, issn = {{1946-0759}}, keywords = {{Security, Automation, OT, Sec4ICS, iRefA}}, location = {{Wien}}, pages = {{1640--1647}}, publisher = {{IEEE}}, title = {{{Towards Automated Security Evaluation within the Industrial Reference Architecture}}}, doi = {{10.1109/ETFA46521.2020.9211883}}, year = {{2020}}, } @inproceedings{4756, abstract = {{Due to the dynamic nature of the Industrie 4.0 developments, future production systems will be reconfigured more frequently and new system configurations will be deployed automatically. In order to keep pace with this development, it will be required to observe and ensure the needed security functionalities and corresponding certifications in an automated way. This implies an improvement of today's static procedures and manual efforts as much as possible in favor of a dynamic standard establishment. Therefore, this paper evaluates the state of the art of the industrial security standardization landscape and proposes a concept for the automated support of certification processes with information from industrial communication networks in order to enhance the usability of the standards establishments and the certifications within organizations and companies, especially small and medium-sized enterprises.}}, author = {{Ehrlich, Marco and Trsek, Henning and Wisniewski, Lukasz and Jasperneite, Jürgen}}, booktitle = {{IECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society (IES)}}, isbn = {{978-1-7281-4879-3}}, issn = {{1553-572X}}, keywords = {{Industrial Automation, Security, Toolchain, Standardization, Communication Networks}}, location = {{Lisbon, PORTUGAL}}, pages = {{2849--2854}}, publisher = {{IEEE}}, title = {{{Survey of Security Standards for an automated Industrie 4.0 compatible Manufacturing}}}, year = {{2019}}, } @inproceedings{4331, abstract = {{When a user enters a personal identification number (PIN) into an automated teller machine or a point of sale terminal, there is a risk of some one watching from behind, trying to guess the PIN code. Such shoulder-surfing is a major security threat. In order to overcome this problem different PIN entry methods have been suggested. In this regard, gaze interaction methods are receiving attention in recent years, owing to the lowering cost of eye tracking technology. In this paper, we present SafetyPIN - an eye tracking based PIN entry system - which is aimed at making the PIN entry more secure with the help of an eye tracking device. We discuss the implementation and the initial evaluation of this system.}}, author = {{Seetharama, Mythreya and Paelke, Volker and Röcker, Carsten}}, booktitle = {{Human Aspects of Information Security, Privacy, and Trust}}, editor = {{Tryfonas, Theo and Askoxylakis, Ioannis}}, isbn = {{978-3-319-20375-1}}, keywords = {{PIN entry, Eye tracking, Security, Usability, Point of sale terminals}}, location = {{Los Angeles, CA, USA}}, pages = {{426--435}}, publisher = {{Springer}}, title = {{{SafetyPIN: Secure PIN Entry through Eye Tracking}}}, doi = {{10.1007/978-3-319-20376-8_38}}, volume = {{9190}}, year = {{2015}}, } @book{5601, abstract = {{Das Projekt SEC_PRO verfolgte die Möglichkeit der Erarbeitung einer neuartigen IT-Sicherheitslösung für Automatisierungssysteme. Die Ermittlung des Stands der Technik zeigte, dass die IT-Sicherheit in der Automatisierungstechnik von Lösungen der Standard-IT in Büronetzwerken geprägt ist, ohne auf spezielle Anforderungen der Automatisierungstechnik einzugehen. Eine Anforderungsanalyse erbrachte, dass IT-Sicherheitslösungen benötigt werden, die sich mit dem zunehmenden Vernetzungsgrad von Automatisierungssystemen in Einklang bringen lassen. Dazu ist eine IT-Sicherheitsschicht für das PROFINET-Protokoll konzipiert und implementiert worden, die einen integrierten Schutz der Kommunikation und der Komponenten selbst ermöglicht. Dabei kommen gezielt Security Token Technologien zum Einsatz. Eine Evaluierung der kryptografischen Funktionen zeigte, dass deren Verwendung unter gewissen Voraussetzungen möglich ist. Mit Hilfe eines Demonstrators ist konnte die Echtzeitfähigkeit der IT-Sicherheitsschicht validiert und dessen Schutzwirkung nachgewiesen werden. SEC_PRO kann als Ausgangspunkt für weitere Vorhaben bezüglich integrierter IT-Sicherheitsmaßnahmen gesehen werden, die auf eine Anwendung der Kryptografie in der Automatisierungstechnik abzielen.}}, author = {{Runde, Markus and Hausmann, Stefan and Tebbe, Christopher and Czybik, Björn and Niemann, Karl-Heinz and Heiss, Stefan and Jasperneite, Jürgen}}, keywords = {{Automatisierungstechnik, IT-Sicherheit, PROFINET, SEC_PRO IT Security}}, pages = {{99}}, publisher = {{Hochschule Hannover }}, title = {{{SEC_PRO : sichere Produktion mit verteilten Automatisierungssystemen}}}, doi = {{https://doi.org/10.25968/opus-499}}, year = {{2014}}, } @article{4381, abstract = {{This article reports on two user studies exploring the knowledge of end users about technical processes of technology-enhanced home environments, which are often assumed to play an important role for attitudes such as privacy and security. In the first study (n=12 participants between 19-71 years of age), we analyzed user knowledge about technical processes using the teach-back methodology. In the second study, we additionally applied new developed questionnaires and analyzed participants’ data (n=24 participants between 19-76 years of age) regarding relations of user factors, users’ knowledge about technical processes and attitudes such as privacy and security of technology-enhanced environments. In contrast to existing assumptions, the results showed that general structural knowledge about technical processes was not related with attitudes such as privacy and security. Additionally, we found that most participants had only relatively superficial knowledge about technical processes, which was further influenced by age and technology experience.}}, author = {{Sack, Oliver and Röcker, Carsten}}, isbn = {{2332-3477}}, issn = {{2332-3485 }}, journal = {{Universal Journal of Psychology}}, keywords = {{Technology-enhanced Environment, Ambient Assisted Living, Mental Model, Teach Back, Privacy, Security}}, number = {{2}}, pages = {{72 -- 83}}, publisher = {{Horizion }}, title = {{{Privacy and Security in Technology-Enhanced Environments: Exploring Users’ Knowledge about Technological Processes of Diverse User Groups}}}, doi = {{10.13189/ujp.2013.010207}}, volume = {{1}}, year = {{2013}}, } @inproceedings{2068, abstract = {{The production of printing goods is laborious. Furthermore, the print quality, especially in banknotes, must be assured. It is accepted, that print defects are generated because printing parameters, also machine parameters can change unnoticed. Therefore, a combined concept for a multi-sensory learning and classification model based on new adaptive fuzzy-pattern-classifiers for data inspection is proposed. This inspection concept, which combines optical, acoustical and other machine information, comes up with a large amount of data, which leads to multivariate methods for data analysis. Multivariate methods are useful for analysis of large and complex data sets that consist of many variables measured on large numbers of physical data.}}, author = {{Dyck, Walter and Türke, Thomas and Schaede, Johannes and Lohweg, Volker}}, isbn = {{978-1-4244-1565-6}}, issn = {{1551-2541 }}, keywords = {{Sensor fusion, Inspection, Optical sensors, Printing machinery, Data security, Data analysis, Production, Degradation, Principal component analysis, Karhunen-Loeve transforms}}, pages = {{accepted for publication}}, publisher = {{MLSP 2007 - International Workshop on MACHINE LEARNING FOR SIGNAL PROCESSING}}, title = {{{A Fuzzy-Pattern-Classifier-Based Adaptive Learning Model for Sensor Fusion}}}, doi = {{10.1109/MLSP.2007.4414320}}, year = {{2007}}, } @inproceedings{2062, abstract = {{Bank note inspection is a complex task. As more and more print techniques and new security features are established, total quality security and bank note printing must be assured. Therefore, this factor necessitates change of a sensorial concept in general. We propose an optical-acoustical inspection method based upon the concepts of information fusion and fuzzy interpretation of data measures. Furthermore, we present a simplified scheme for information fusion for pattern recognition and data classification based on parametrical unimodal potential functions and a Sugeno-type score value analysis. Digital Object Identifier: 10.1109/ICIF.2006.301779
}}, author = {{Dyck, Walter and Schaede, Johannes and Türke, Thomas and Lohweg, Volker}}, booktitle = {{ 2006 9th International Conference on Information Fusion}}, isbn = {{ 1-4244-0953-5}}, keywords = {{Information security, Inspection, Printing machinery, Optical sensors, Data security, Personnel, Fuzzy systems, Sensor systems, Expert systems, Ink}}, pages = {{1--8}}, publisher = {{9th International Conference on Information Fusion, 2006. ICIF '06}}, title = {{{Information Fusion Application On Security Printing With Parametrical Fuzzy Classification}}}, doi = {{10.1109/ICIF.2006.301779}}, year = {{2006}}, }