The CERBERUS project ("Cross Sectoral Risk Management for Object Protection of Critical Infrastructures") is concerned with the structured recording and visualisation of critical infrastructures and their relevant information in relation to object protection. The interdependencies between critical infrastructures are a central aspect here in order to be able to analyse the spread of threats and possible cascading effects of events.

Based on the information on critical infrastructures available from the users, the security-relevant property protection data is processed in a structured manner and incorporated into a data model. This structured recording makes it possible to logically map the interdependencies between critical infrastructures in a dependency model. These dependencies are used to identify and evaluate potential cascading effects, using innovative evaluation methods based on stochastic models (percolation theory and Markov chains). This descriptive and derived information on the individual critical infrastructures is summarised in a new type of risk model. On the one hand, this model consistently maps static data from a gap analysis (comparison of threats and measures implemented in the infrastructure) across the critical infrastructure objects. On the other hand, dynamic data on the dependencies and their potential effects are used to carry out stochastic simulations and statistical analyses in order to obtain the most accurate and realistic estimate possible of the potential risk of an incident for the entire infrastructure network. In addition, opinion pooling provides a method for harmonising the inherent subjectivity of risk managers' assessments in order to implement a more objective risk assessment.

The information obtained is expanded to include resilience indicators from which statements can be derived about the resilience of certain critical infrastructures and their operating organisations. Parallel to the static and dynamic risk model, the resilience indicators are subsequently incorporated into a resilience model. The development of best practices based on international norms and standards subsequently creates a reference guideline for critical infrastructures, which provides a basis for deriving specific protective measures.

This new perspective on critical infrastructure objects offers users a previously unavailable holistic view of critical infrastructure objects in the course of their governmental task of protecting critical infrastructures, in particular their inherent dependencies. The application of novel theoretical models for the risk management of existing critical infrastructure objects supports the safeguarding of the security of these infrastructure objects. As a result, the users can precisely focus on new challenges and optimally support the operators of critical infrastructures. In terms of methodology, the focus is therefore on new modelling concepts, the recognition of dependencies through the identification of interrelationships and the preparation and mapping in a structured form. The project results can therefore be used by all project partners involved, by the ministries (BVT and BMLV) and by the participating infrastructure operators from the End User Group and can be directly integrated into their organisational tasks.

• Partner: AIT Austrian Institute of Technology GmbH (Koordinator), IFES - Institut für Empirische Sozialforschung GmbH, Universität Wien, Multimedia Information Systems, Universität Klagenfurt, Forschungsgruppe Systemsicherheit, Bundesministerium für Inneres, Bundesministerium für Landesverteidigung, avedos business solutions GmbH
• Projektlaufzeit: 09/2016-11/2018
• Förderprogramm: KIRAS Sicherheitsforschung -  Ausschreibung 2015/16, Schutz kritischer Infrastrukturen