Trailblazers in IT security

January 24, 2017

Applied Security GmbH (apsec) successfully finishes CyberWiz pilot project to improve the IT security at municipal works Aschaffenburg.

More than 70.000 persons in over 26.000 households rely on it: energy, gas and clean water 24/7, public transportation systems arriving securely on time, the garbage gets collected every week and for leisure there are public swimming pools and an indoor ice rink. All this and more is provided by the municipal works Aschaffenburg, Germany. They focus on services for energy, water supply, disposal, public transportation and leisure. Failure of their critical infrastructure for energy and water supply would have severe effects on all inhabitants of the lower Main region in Bavaria. Hence, it goes without saying that the municipal works Aschaffenburg have only the highest quality standards that could not be met without a fully functional IT.

To protect the IT of critical infrastructures is the goal of the EU-funded project CyberWiz. CyberWiz aims at the development and implementation of the software securiCAD® and corresponding consulting services. The software securiCAD® is manufactured by the Stockholm-based company foreseeti AB. It has the ability to model complex networks and to proactively simulate Cyber-attacks to the network. It discovers all vulnerabilities, the critical attack paths and estimates the time it takes an attacker to seriously compromise the security of the network. The algorithms within securiCAD® are based on several years of research and development both at foreseeti and at the Royal Institute of Technology Stockholm. securiCAD® was entitled “disruptive technology” by the EU commission, which funds the development of the software under the Horizon 2020 program. The German IT security specialist apsec, based in Großwallstadt, is the project coordinator and is responsible for the development of the consulting concept and for the conducting of several pilot projects with customers from the energy sector within CyberWiz. The first milestone is now reached with having finished the project in Aschaffenburg, which is only 10 kilometers from Großwallstadt and whose municipal works are the largest energy provider in the region.

Dr. Michael Konik, who, as Head of IT, was responsible for the project for the Aschaffenburg municipal works, is convinced by the outcome of the project: “Being a fully-trained mathematician I liked the idea of a scientific simulation approach from the start. Hence, the Aschaffenburg municipal works gladly agreed when apsec offered to investigate the security of our network in this pilot project. It proved really useful to be provided with a “big picture” of our network security. In particular, I like the possibility to proactively check how future alterations to our network may affect its security. The cooperation with apsec was very satisfying and I am sure this wasn’t the last project we conducted together.”

CEO Frank Schlottke from apsec, one of the masterminds in the CyberWiz project, adds: “We are more than happy about the pilot project with the Aschaffenburg municipal works. It provided us with valuable insights into the IT infrastructure of an energy and water provider. Dr. Konik was a very constructive partner and provided us with very good feedback and useful hints how to further improve our performance. I am deeply thankful to him.”


securiCAD® and the Cyberwiz project will be presented at the E-World Energy & Water fair in Essen from 07.-09. February

January 20, 2017

The E-World Energy & Water is the leading trade fair in Germany for the energy and water sectors.
apsec’s Dr. Volker Scheidemann will join the speaker panel at the fair’s Smart Tech Forum on February 9th with a speech on “Agenda 2018 – the future of IT security for energy and water providers”


Round table session: Man or Machine - who is better at doing security analysis?

October 20, 2016

Threat modeling software such as ThreatModeler, securiCAD® or Microsoft Threat Modeling Tool promise to perform vulnerability and risk assessments for IT networks faster and more reliable than human experts and penetration testers. In a round table discussion hosted by apsec’s Dr. Volker Scheidemann, the threat modeling approach will be presented using securiCAD® as an example. Afterwards, expert will discuss whether threat modeling software is going to be the future of vulnerability assessment or whether companies will rather go on trusting in the experience of network administrators and security consultants.

EU-funded project CyberWiz  to secure critical infrastructures

February 22, 2016

German security specialist Applied Security GmbH and Swedish risk management firm foreseeti AB work together in a Horizon 2020 programme funded by the European Commission.

The Horizon 2020 programme funded by the European Commission supports small and medium-sized enterprises, which develop disruptive technologies in different lines of business.
One of the most beneficial and important fields of technology in this programme is information security.

One of the key tasks in the struggle of defending computer networks against antagonistic threats such as malicious intruders and cyber terrorists is to find the weak spots in a network and to answer the question: “how long would it withstand an attack?” As there are networks whose failure could have catastrophic consequences – the so-called critical infrastructures like, for instance, power and water distribution, health care and food supply – it is of the utmost importance to find reliable and unbiased answers to the above questions.

The project CyberWiz aims to answer these questions. It combines the knowledge of the Stockholm-based risk management experts of foreseeti AB and of the German information security specialist Applied Security GmbH (apsec). Scientific support to the project is given by the Paluno Institute of Software Technology of the University Essen-Duisburg. Within the project the three participants develop the software securiCAD and a corresponding consulting concept, which gives the operators of critical infrastructures the opportunity to model their networks and to do an unbiased risk analysis by advanced simulation techniques. These simulation techniques are based on the well-known mathematical theory of Bayesian networks. In the simulation risks, vulnerabilities  and the time until an attacker may succeed are estimated.

There are two clear benefits of this approach: the first is that the results are objective, based on mathematical rigorousness. The second is that the outcome of changes in the network, for instance, the introduction of a new firewall, can be simulated before actually doing so. Hence, the software helps to identify whether an investment in a new technique is justified or not and, thus, helps to save expenses.

The Horizon 2020 grants are designated to push disruptive technologies into the European market and CyberWiz is one of the most promising candidates to succeed.

20160222_Press release CyberWiz_final.pdf