The investigation of threats and the development of required IT security technologies are among the research fields that the Fraunhofer Center Digital Energy addresses with priority. This is particularly pertinent as the digitalization of infrastructures, such as electricity or gas supply, opens these up to an array of new attack vectors, and reliable supply of energy to industries and consumers must remain secured. Organized IT attacks on industrial and critical infrastructures are often multi-stage and usually feature long observation periods for information gathering in the context of Advanced Persistent Threats (APT). In static networks with deterministic traffic, such as electricity supply or other industries, coordinated information gathering can enable the planning of complex, distributed and synchronized attacks.

Especially in critical grid situations and operation close to the stability limit, targeted attacks can lead to cascading equipment failures and therby cause supply outages with far-reaching consequences. To prevent such scenarios, approaches to resilience and reliability of power systems must be intertwined with IT security.

Development of Methods, Technologies & Tools

At the Fraunhofer Center for Digital Energy, we develop application-oriented IT security technologies based on the following three pillars: 

  • Prevention: Research and development of targeted measures to prevent IT security incidents (e.g., testing, acceptance, and hardening of systems and networks).
  • Detection: developing technologies and processes to minimize the time between an attack occurring and its detection through continued monitoring of the status of systems and networks (network monitoring, log data management, intrusion detection systems, security information and event management, decoy systems, threat intelligence)
  • Reaction: If an IT security incident is detected, the subsequent aim is to minimize the damage to the victim as far as possible, to understand the attackers' modus operandi and to gain knowledge for attributing the attackers. To this end, we develop technologies in the areas of incident response, IT forensics and malware analysis.

Application-oriented Development

Technologies, concepts and methods for preventing, detecting and responding to IT security incidents are developed within the Fraunhofer Center Digital Energy in close proximity to applications, using physical operating equipment or within process and control technology, and in close cooperation with authorities, leading industrial companies and infrastructure operators.