Jump to content
Symbolfoto: Das AIT ist Österreichs größte außeruniversitäre Forschungseinrichtung

Cyber Security Consulting & Risk Management

Today, organizations – in particular critical infrastructures – need to be prepared against various threats originating from multiple domains. Hence, these organizations need to implement a structured and comprehensive approach for risk management to tackle such threats. In particular, the interdependencies among critical assets need to be taken into account when a risk analysis for an infrastructure is performed. However, it is difficult to describe the cascading effects an incident could have on the entire network of critical infrastructures. Often, such cascading effects remain undetected just until an incident is happening and the consequences are affecting depending infrastructures are affected.

AIT consults on the implementation of a holistic risk management approach for critical infrastructures. Besides best practices from standard risk frameworks, this particularly includes the methodologies for covering the interdependencies on a microscopic (within an infrastructure) and macroscopic (among infrastructures) scale.  
AIT provides a novel approach to model the interdependencies among critical infrastructures using mathematical methodologies. In particular, these methods build upon stochastic processes to describe these interdependencies as well as a state-machine model to describe the functional status of an infrastructure. The approach is implemented in a tool, which allows to run a large number of simulations to obtain an estimation of the cascading effects of an incident.
Besides risk analysis, the approach can also be used as part of a situational awareness system. With our approach, operators are not only able to model the interdependencies among physical and cyber assets within their infrastructure but can also simulate potential consequences of an incident across the different physical and cyber domain.

Challenges/Key Questions

  • What are the key factors for risk analysis and risk management in critical infrastructures?
  • How can critical infrastructures implement a structured approach towards risk management?
  • How can the interdependencies among critical infrastructures (e.g., on a national level) be characterized?
  • How can the interdependencies among critical physical and cyber assets within critical infrastructures be characterized?
  • How can cascading effects be modelled and estimated?
  • How can a holistic risk analysis and risk management be implemented?


Further Material

Demonstrator: SAURON Propagation Engine Editor

Scalable multidimensionAl sitUation awaReness sOlution for protectiNg european ports.

Under the following link we are showcasing the web application focuses on the Propagation Engine used in SAURON. The underlying approach uses probabilistic simulations at scale to determine potential outcomes of any event or alert that might threaten infrastructure:

SAURON Propagation Engine Editor