Project

Funding

FKZ 13N16581-13N16587

FKZ FO999902707

Motivation

What to do if

• …ransomware takes over a personal device such as a smartphone?
• …data is encrypted in a company or public authority; critical systems are no longer available and data flows out?
• …partners, suppliers, authorities, or customers in the value chain are affected by ransomware?

After a cyber incident, the road back to normality is sometimes long, costly, and risky. Expectations regarding costs and duration, as well as technology, capacities, and capabilities, are vague. Too often it is not possible to fully recover the data, or it remains unclear what data has been stolen and what the consequences are.

Good preparation is the key to successfully overcoming a crisis. This is where CONTAIN comes in. The CONTAIN framework will be a starting point for companies and authorities in preparing for and managing a cyber incident. With serious games and simulations, the management of a cyber incident can be thought through in concrete terms and the documentation is incorporated into a script that is tailored to the specific technologies, organization and critical business processes in a company or authority. Important topics such as security-by-design solutions, logistics and cloud services as well as liquidity in a crisis are specifically considered.

Research

The CONTAIN research project considers three security scenarios

• Ransomware on a personal device such as a smartphone
• Ransomware in a company or public authority and
• Ransomware in a supply chain

Serious games, simulation models and reference processes are being developed in a scenario-driven process. Topics such as digital currencies and their protection against threats from the digital space, cloud services and their role in the effective management of crises, such as logistics services, are intended to demonstrate secure-by-design principles and options for dealing with threats from the digital space.

Objectives and Results

The overall goal of the CONTAIN project is to increase the effectiveness and efficiency of the response of IT security incidents.

The central result is the CONTAIN framework. It will include reference scenarios, policies and processes as well as tools such as serious games and simulation models to prepare an organization for dealing with cyber incidents.

Research on serious games and simulations is a central activity. Three serious games have the purpose of demonstrating, training and concretizing the procedure for dealing with a cyber incident for an organization. The simulations depict scenarios and allow quantitative evaluations of the procedure and the possibility of interactive training.

Other topics in CONTAIN’s research include the protection of digital currencies, liquidity in a crisis and the role of cloud and logistics service providers. Key performance indicators and a balanced scorecard enable management to prepare for dealing with a cyber incident, and a roadmap for auditing and certification brings the research results into practice.

With a study monitor and analyses of the social dimensions of coping with cyber incidents, the needs of both companies and society will be identified and taken into account in the simulations, the serious games and the CONTAIN framework.

CONTAIN’s research results are published in a toolbox with open source licences on the CONTAIN website.

The research takes place in an ongoing dialogue with practitioners aiming for raising society’s awareness of the issue of managing cyber incidents and addressing needs. Target group-specific formats for start-ups, SMEs and public authorities as stakeholders as well as a demonstration exercise in the form of a federated exercise are the focal points of this dialogue.

The research results will be presented in a
large-scale international demonstration exercise.