June 2022 issue

Laboratory infrastructure: Capture the Flag

The Capture the Flag (CTF) competition format enjoys great popularity among hackers and IT security specialists. As individual players or in teams, they compete to find vulnerabilities and/or protect information systems. Various game modes exist to confirm and expand one's skills. "Attack/Defend" (also called "BLUE-RED-CTF" or "Purple-CTF") is played in teams and focuses on both conquering the opponent's flags and defending your own. Flags are snippets of information or parts of infrastructures, such as the name of the running program of a PLC. In the "king-of-the-hill" variant, several teams try to capture an infrastructure that can be reached by all participants and defend it against the competition. Whoever holds it the longest also scores the most points.

In the learning lab we mainly use the third well-known variant: "Jeopardy-CTF" in combination with "Attack/Defend" (RED/BLUE). Player- or team-based, flags are captured by completing tasks. These require actions in a playing field infrastructure with real IT services such as web applications and OT components such as PLCs, network devices and control processes. However, for better knowledge transfer, the competitive situation for the sovereignty of the infrastructure is defused. Thus, we prevent, for example, Team BLUE from using firewalls to completely lock Team RED out of the infrastructure and prevent them from performing their other tasks.

Competition is maintained through reward points and indirect time pressure. Playful elements such as the purchase of access data and technical information through the points earned as well as entertaining mini-games increase the entertainment factor and contribute to the knowledge transfer, which is the focus of our CTF format.

Whether as the final module of one of our intensive technical training courses or as a full-day event, participants can show how experienced they are in securing their own infrastructure and whether they know how real attackers operate.

Fraunhofer | Capture the Flag
© Fraunhofer | Capture the Flag

Research: 5G forest guardians - how drones can save the forest

Fraunhofer | Graphic 5G Forest Guard
© Fraunhofer | Graphic 5G Forest Guard

Forest health is threatened by many factors. In addition to global warming, forest fires and pest infestations are among the greatest threats. As part of the 5G Forest Guard project, a new technological and methodological approach is being tested that will make it possible to detect both forest fires and pest infestations in the formation phase. This should enable fire departments and forest owners to take appropriate countermeasures at an early stage and thus minimize potential damage to the forest. The concept includes two complementary applications for forest fire source identification and bark beetle detection.

 

To identify a potential forest fire source, the project area will be monitored using stationary and mobile camera technology in different spectral ranges. In addition to existing fire watch towers, UAVs will be equipped with appropriate technology. Image and thermal data will be collected at regular intervals and stored on a server. As soon as the data is received there, it is automatically examined on the server using AI algorithms with regard to any deviations from the "normal state". The project area is further equipped with sensor technology. The deviations detected can thus be compared with the data from the sensors. At the same time, a UAV goes to the location of the potential fire source and continuously collects up-to-date data. If the AI detects a potential source of fire in the deviation, corresponding information is issued to the fire department for a decision on further measures. The subsequent firefighting operation can then be monitored using the technology on the UAVs.

 

The same technology and data infrastructure are used to detect bark beetle infestations. However, image data from multiple spectral regions are processed here. Using the red edge method, a deviation of the chlorophyll content in the trees can be detected. Special sensor technology that detects odors indicating bark beetle infestation can support this system. In the end, the forest owner receives information on the potential infestation. This methodology can indicate an infestation earlier and in a more targeted manner than the visual examination by forestry staff during a forest inspection, which is common today.

Both applications are characterized by their ability to detect the threat earlier than conventional methods. This enables the timely effect of appropriate control approaches and the minimization of damage to the forest. The overall concept includes the use of already existing infrastructures (e.g. fire watchtowers), which are optimized in terms of their technical equipment for the project purposes. The success of the project depends on stable high bit-rate data transmission. The 5G Forest Guard project therefore relies consistently and without alternative on 5G.

The 5G standard is designed for industrial and business use cases. Advantages such as the high data rate, very low latency or low energy consumption (relative to the amount of data) are always emphasized. In the project, the measurement data from a large number of sensors are the basis for data evaluation and are therefore essential for decision-making to take action (e.g. sending out the fire department in the event of a detected forest fire). Fundamentally, therefore, sensors significantly influence the decisions made and the behavior of personnel based on them, as well as the control and coordination of resulting actions. Availability, integrity and confidentiality of sensor data are therefore the protection goals to be achieved in the context of information security.

The focus of Fraunhofer IOSB-AST in the project work is on the security aspects. On the one hand, this means the secure integration of the sensors and sensor data. It is examined which measures are necessary and feasible within the framework of the requirements in order to counteract misuse of these. On the other hand, securing the data communication between the drone and the base station is necessary. In the application context, for example, direct access to the drone is envisaged (image data, position) as well as the connection of terminal stations to a central evaluation server for the purpose of data updates. High security standards must also be met for real-time control of the drone over long distances. It is therefore being evaluated which security features are already included in the 5G standard and for which use cases they are suitable. In addition, established IT security measures will be analyzed and integrated into the system, especially with regard to available resources and performance parameters.

Funding is provided as part of the 5G Innovation Competition of the Federal Ministry of Digital Affairs and Transport (BMDV). The 5G Forest Guard project builds on the cooperation of various partners with different core competencies and is composed of administration, companies and research institutions in an interdisciplinary manner. These include the district of Görlitz as consortium leader, Fraunhofer IOSB-AST, Zittau/Görlitz University of Applied Sciences, Brandenburg University of Technology Cottbus - Senftenberg (BTU) and GGS - Geotechnik, Geoinformatik & Service GmbH. In addition to these project partners, two mobile communications companies, Telekom and Vodafone, have been acquired as associated partners. Furthermore, the military training area Oberlausitz supports the project, among other things by providing the project area.

Blog post: Cyber Attacks on Critical Infrastructure - Malware Threatens Power Supply

Fraunhofer | Blogbeitrag
© Fraunhofer | Blogbeitrag

"It's not just storms or technical problems that cause power outages. Malware can also paralyze the power supply networks. In December 2016, the Industroyer malware caused households to be cut off from the power supply. Recently, there was another Industroyer2 attack in Ukraine: a cyberattack was intended to affect power grids in the country and cripple substations - the attack was prevented before any damage was done. A scenario that could theoretically affect any utility. With hands-on training for their employees, they can secure their grids."

 

Read more in our latest blog post:

Introduction of the staff of the cyber security learning lab for energy and water supply.

Fraunhofer | M.Sc. Marcel Kühne
© Fraunhofer | M.Sc. Marcel Kühne

In this section we would like to introduce you to our colleagues. Today we introduce you to Marcel Kühne - our research associate. Marcel has been working in the Learning Laboratory Cybersecurity (LLCS) for energy and water supply for almost 3 years. In this interview, he explains what makes his job as a research associate in the learning lab particularly exciting.

 

What exactly do you do at the learning lab as a research associate?

My tasks are exciting and varied. They can be divided into three areas:

  • Gathering information and expanding knowledge: Observing and understanding the current cybersecurity situation; catching up and reading up on guidelines, standards, norms and laws in the areas of IT security and energy and water supply; research work in the area of cyber resilience.
  • Developing and delivering training: Here, the relevant knowledge is processed for the training participants in an informative and easily accessible manner. In practical exercises, the knowledge gained can be applied immediately and in greater depth.
  • Setting up the laboratory infrastructure at the Görlitz site: This serves as the basis for training courses, technical training and research questions. The range of tasks includes the design, planning, procurement and construction of six laboratory walls and two IT control stations, among other things. However, I also receive active support from my colleagues during implementation.

What do you think makes the learning lab so unique?

There are several aspects: On the one hand, the close exchange with companies in the energy and water supply sector to better understand their current situation and challenges. In parallel, a broad research activity of the scientific staff on current and future issues of cybersecurity in IT and OT. These two sources of information and knowledge form the basis for our practical training courses and help to provide content that is optimally tailored to our target group. On the other hand, the possibility for our training participants to directly apply the knowledge they have just learned in our learning labs in Ilmenau and Görlitz or location-independently using the mobile training platform in a practical technical environment. Components and systems used in industry are also used, so that we can address specific questions from participants about their working environment.

 

Where do you see the biggest challenges for energy and water utilities in the context of cybersecurity today?

One major challenge is the energy transition and the associated restructuring of the infrastructure. In particular, the increasing level of digitalization has to be managed. The reason for this is the ever-evolving decentralized structures and the associated necessary "breaking up" of previously established approaches such as the strict separation of IT and OT or "air gap" systems. The required effort as well as the high costs can easily lead to cutting back on certain aspects - and unfortunately this very often includes cyber security. This problem is exacerbated by the increasing shortage of skilled workers. Security, whether in information technology or operational technology, can only be implemented if the appropriate skilled personnel are available in the company.

 

What personal strengths do you bring to the learning lab?

I originally come from the IT sector and have gradually familiarized myself with OT issues. I think that gives me a good feel for processing and conveying unknown content for a target group that has previously had little or no contact with it. Such topics include, for example, cyber security or the ever-increasing use of IT approaches in OT. I am also a very creative person. I can bring that to bear very well in designing new and innovative learning and training formats as well as building the lab infrastructure.

 

Describe the LLCS for Energy and Water Supply at Fraunhofer IOSB-AST in three words.

Challenging, Supporting, Fascinating

Next training dates

You can find the current training dates here: