On 11th and 12th October, 2017 the congress of the German Federal Ministry for Education and Research (BMBF)’s funding programme ‚IT Security for Critical Infrastructures‘ (ITS|KRITIS) was held in Berlin, Germany. On this occasion, the PortSec project as well as first research results were presented.
The following topics concerning IT security for critical infrastructures were discussed:
- Cyber attacks
- Certification and standards
- Secure identities
- Management of information security
- Security of platforms, firmware and operating systems
- IT-security, ethics and legislation
The consortium consisting of the Institute of Shipping Economics and Logistics (ISL), Technologie-Zentrum Informatik (TZI) of the Bremen University, dbh Logistics IT AG and datenschutz cert GmbH presented its contribution within the PortSec Project.
The structure of the port-IT-infrastructure in general was outlined as well as the interaction of individual parties involved in the port processes. A given example demonstrated that stolen or manipulated data can cause considerable damage. The presentation focused on the attack scenarios „Sabotage by spoofing“ and „Spying of confidential data for criminal actions“.
Berhard Berger and Rodrique Wete Nguempnang of TZI presented relevant PortSec project results, which include threat assessment, semi-automated assessment of the port software, the development of a branch specific security standard, as well as evaluation and transfer. The German Federal Office for Information Security (BSI) is interested in a branch specific security standard for risk management of information and communication technologies in ports which is developed within the PortSec project.
The congress with its presentations, networks, workshops and panel discussions about IT security for critical infrastructures was very successful from the PortSec perspective and generated interesting impulses for future project work.