Progress college "Design of flexible working enviroonment - human-centric use of cyber physical systems"

In this field of work, threat modeling and architectural security analysis methods for CPS developed in the Fortschrittskolleg have been extended so that they are applicable to cyber-physical-social systems (CPSS). Here, for the first time, inherently humans are considered as important factors of the overall system. Using a digital twin, people are modeled in different roles. For example, they can promote IT security by implementing countermeasures against attacks, but conversely, as internal perpetrators, they can also trigger security incidents. Previous methods of architectural security analysis usually do not consider such factors. As a result, important attack vectors are neglected; for example, statistically about 40% of all cybersecurity incidents are the fault of inside perpetrators. Systematic modeling of the human factor should therefore provide a realistic assessment of the threat situation, as well as result in architectures that can securely defend against these threats.