IUNO InSec – Integration and Migration Strategies for Industrial IT Security – is a BMBF-funded joint research project which aims to put the IUNO results for SMEs into practice. From 2015-18, IUNO has been developing an IT security reference architecture for industry 4.0. Within this framework, IUNO has identified methodological approaches for the threat and risk assessment of industrial environments as well as solution concepts, implemented them prototypically and illustrated their added value using demonstrators.
For IUNO solutions to be transferred into productive operation by users, especially SMEs, their level of readiness must first be improved. From the intensive cooperation of IUNO InSec's partners with small and medium-sized enterprises (SMEs) in the manufacturing industry, requirements have already been identified that have to be fulfilled in order to design the IUNO results in a practical manner and to enable them to be used by SMEs. A major hurdle with regard to the use of security solutions is that SMEs still have great difficulties in assessing and understanding their own security level and, based on this, in deriving a strategy for the systematic, risk-based improvement of their security level in order to arrive at sustainably robust infrastructures. In spite of the wide range of commercial tools available, SMEs are often unable to make a qualified decision on which IT security solutions can be integrated into their existing enterprise infrastructures without methodological support tailored to their needs. It is even more difficult for SMEs today to assess which measures are sensible and necessary to migrate from an existing, inadequate security level to a higher security level, which is necessary, for example, to meet existing standards. Existing models and tools for security assessment can hardly be used by SMEs, as their use requires expert knowledge and a high technical and monetary effort, and existing tools are also designed for use in complex infrastructures.
Therefore, a model including tools for security assessment and migration (SIM) will be developed in the InSec project as a consequent development of the risk analysis developed in the IUNO project. This model allows SMEs to analyse and evaluate the status of their own IT security. In addition, the developed tools should enable them to identify migration paths to an adequate level of protection. They will also receive recommendations for the sensible use of solution modules. The implementation of these migration paths requires flexibly adaptable and easily integrated security solutions. For this reason, selected solutions from IUNO that have already been developed to a prototype level of maturity are to be developed further and designed with practical relevance. The model can be used to systematically demonstrate the contribution of these individual solutions or in combination with other security solutions to improving the security level.