Economical and effective security design
Operators of infrastructures such as power grids and airports are expected to ensure a high level of security – but their financial means are limited. Fraunhofer researchers have developed an analysis tool for evaluating the effectiveness and economic viability of different security measures as part of an EU-funded project.
Storms are capable of paralyzing entire cities. Only recently, in the first week of April, large parts of Germany were deprived of power due to hurricane-force winds. Rail services were cancelled, elevators were blocked, and computer screens went blank. Such extreme weather events often subside as quickly as they arrive but their effects reveal the Achilles heel of modern society, namely our dependence on critical infrastructures such as the power grid. Hence the urgent need for effective security measures. Other public infrastructures, such as airports and road networks, are similarly in need of increased security. "Quite simply, all operators of critical infrastructures want to increase security in order to ward off acts of sabotage and other malicious attacks. At the same time, they also have to make sure such measures are cost effective," says Prof. Jan Jürjens of the Fraunhofer Institute for Software and Systems Engineering ISST, describing the basic dilemma.
Researchers at the Dortmund-based institute have teamed up with international partners in the EU's SECONOMICS project to develop an analysis tool that will enable infrastructure operators to evaluate existing and planned security measures in terms of their effectiveness and cost-efficiency. "Our system provides a founded basis for decisions that will enable users to optimize their security without over-stretching their financial resources," says Jürjens.
Software provides a graphical map of security-related weak points
The starting point is a customized risk analysis of the current situation. The ISST researchers have developed a model-based software solution containing scenarios for different infrastructures. "After studying the security-related aspects identified during site visits, we put together a set of mathematical algorithms that allow us to determine their interrelationship," explains Jürjens. In the case of airports, for example, relevant parameters include the number of security checks, the human resources available, and imposed security regulations such as the presence of liquids in carry-on baggage. In order to tailor the analysis to specific circumstances, the user enters data concerning each of these factors via the user interface – for example staffing levels at the security gate. The risk analysis software uses these data to create a model scenario and present the results in the form of a graphical diagram. As well as revealing existing weak points, this simulation can also be used to verify the effectiveness and cost-efficiency of planned security measures by varying different parameters, for instance by increasing the number of available personnel. This type of walk-through analysis helps to predict the effect of individual measures on overall security and calculate the necessary investments.
In addition to finding a smart way of correlating the various security aspects, the scientists were also faced with the challenge of managing large quantities of heterogeneous data. "Evaluating the effectiveness of security measures involves factoring in a large number of individual components – a process that, in order to be user-friendly, requires fast processing speeds," says Jürjens. This is where the ISST's many years of experience in big data management has proved to be an advantage.
The analysis tool has already demonstrated its practical use in case studies conducted by the project partners, including the evaluation of a U.K. power supply network, Barcelona's subway system, and a Turkish airport. The software has also been in use for many years at Fraunhofer ISST for consultations with research clients. The project's final results were recently presented in Brussels. A number of new scenarios are being prepared and, in a next step, the project partners aim to produce a marketable version of their virtual toolbox.