ELITE: Mobile experience for IT security
News from Apr. 01, 2021
Small and medium-sized enterprises (SMEs) and micro-enterprises make a significant contribution to Germany's economic performance. However, the information security of companies often lags behind the opportunities of the digital transformation. Dangers are not recognized or are incorrectly assessed. As part of the new ELITE research project, which is funded by the German Federal Ministry for Economic Affairs and Energy, the aim is to create experiential sites for “ErLebbare IT-SichErheit durch mobile IT-Sec.PopUp-Labs”.
SMEs in particular often lack the financial resources and competencies to introduce and establish an adequate IT security management system. Possible damage scenarios of a security incident are complex and affect all business areas: Economic damage due to industrial espionage, disruption or failure of production due to cyber sabotage, damage to the reputation of companies due to hacker attacks on customer data, CEO fraud, etc. The human factor is now the most prominent gateway for attackers on companies (e.g., through social engineering, phishing).
As part of the ELITE (ErLebbare IT-SichErheit) research project, a mobile IT security experience environment (IT-Sec.PopUp-Lab) is to be designed, implemented as a prototype, and validated in practical operation. Within the PopUp-Labs, IT attacks and IT security measures will be made tangible. Visitors to the IT-Sec.PopUp-Labs can try out typical IT attacks, such as phishing attacks or the dangers of websites prepared with malware, on demonstrators in a mobile experience landscape.
The PopUp Labs are designed to reflect a familiar working environment in the form of a typical office environment. As part of a gamification approach, an architecture for mobile IT security experience sites will be tested. Interested users will be shown how little effort it takes for an attacker to inject executable malicious code into a website or email attachment in such a way that an innocent click on a button or a supposed link on the page or in the mail results in an apparent infection of the computer. In corresponding learning modules, Lab visitors learn how to protect themselves against cyber-attacks and which offers users should introduce in their organization, for example from the Sec-O-Mat of the Transferstelle IT-Sicherheit im Mittelstand (TISiM), to defend against precisely such attack variants.
Fraunhofer FOKUS is significantly involved in the development of the platform and the demonstrators with its two business units Digital Public Services (DPS) and Networked Security (ESPRI). The work focuses in particular on the conception, design, and realization of the immersive IT-Sec.PopUp-Labs, the conception, and implementation of demonstrators, as well as the creation of matching storylines.
The overall project management is in the hands of Fraunhofer IAO, further project partners besides Fraunhofer FOKUS are the University of Applied Sciences Darmstadt and the University of Hamburg. ECO, the Association of the Internet Industry, is an associated partner. ELITE is being funded by the German Federal Ministry for Economic Affairs and Energy for a project period of three years as part of the “Field of action 2” under the “IT Security in the Economy” announcement.