Project review and partnership meeting 

October 27, 2017

The 27th October, Großwallstadt in Germany was guested by visitors from London, Stockholm and Brussels. The EU project officer from Brussels, Cathy Pouret, and the technical reviewer for the CyberWiz project from London, Steven Paul, came to conduct a review of the work and deliverables within the project together with the project coordinator from apsec, Monika Goedicke.

In conjunction with this, the CEO of foreseeti, Joakim Nydrén and the Head of Global Sales and Marketing, Frank Stolpe, flew in from Stockholm to assist in the review and discuss future partnership planes and sales activities together with the CEO of apsec, Frank Schlottke, the Head of Sales and Marketing, Helmut Oppitz, and Consultant for Information Security, Klaus Zoll.

 

The participants from the 27th of October – from left to right:

Klaus Zoll, Frank Schlottke, Frank Stolpe, Helmut Opptiz, Joakim Nydrén, Cathy Pouret, Steven Paul and Monika Goedicke.

CyberWiz project finishes successfully!

August 31, 2017

Summary of the context and overall objectives

Information & Communication Technology (ICT) is today central in our society. In critical infrastructures, ICT handle management of critical data as well as control of physical processes such as the power grid. Cyber security is thus crucial, and the number of cyber-attacks is rapidly increasing.

Managing cyber security is however very challenging. ICT architectures are typically composed of a large number of systems, processes and individuals connected to form a complex system-of-systems. Enterprise cybersecurity decision maker cannot be expected to have the deep understanding of all types of ICT security vulnerabilities and their dependencies that is needed in order to make insightful proactive decisions. As a result, they struggle to get an objective and fact-based overview of where they are more or less vulnerable and what investments to prioritize. This is where enhanced tool support - as securiCAD - can provide significant value to enterprises.

The purpose of this project is to help enterprise decision makers analyse their cybersecurity posture in a meaningful and understandable way. The project among other improves and adapts the tool securiCAD to the need of critical infrastructure operators, and test in realistic condition with two critical infrastructure operators in Germany. The project objectives have been structured in 3 key areas, supported by specific exploitable results: 

- Adapt and improve the solution based on customer feedback

- Validate the practical value of the solution

- Develop best practices guidelines and methodologies and encourage widespread adoption of the solution

Work performed and results achieved

In summary, the project was a success. The software solution has been adapted and improved for the analysis of critical infrastructures, and has been packaged for various sales opportunities and for use by consultants. Additional value has been created by developing supporting material such as components, manuals, and documentation of guidance, best practices, and methodologies. The value of the approach and toolset has been shown and validated by two major pilot projects in the electric power generation and distribution industry. Further, a “Turing test” has validated securiCAD®’s ability to make security assessments as good as human security experts. As part of establishing commercial viability, various events with experts were performed. The approach of CyberWiz was very well received.

Project work has included the following:

Improving the solution, including both securiCAD® Professional and Enterprise Edition.

Demonstrating the practical value of securiCAD®. Two pilot projects in the energy sector were conducted. These were well received by the customers. Further, a Turing test of the securiCAD® software has been carried out to benchmark it with domain experts. It was found that securiCAD® performed at least as good as domain experts.

To support consultants in securiCAD® projects, a set of documents called “Guidance and best practice” were developed. Further, a partner certification scheme was developed. Being certified implies that the consultant knows how to properly leverage the securiCAD® solution and provide the outmost quality to the end customer.

A large number or communication activities were performed to ensure good dissemination about the project and the solution. This includes issuing press releases, writing and submitting articles in reputable magazines, attending conferences, driving social media communication, and more.

For commercialization activities, the project has developed and executed on a commercialization plan. Execution activities includes development of sales material and proof of concept, conducting customer sales meetings, defining processes for support, training, and delivery, attracting funding, and more.

Progress beyond state of the art

CyberWiz introduces a tool and methods with distinct advances compared to the commercial state of the art. In short, the tool is a threat modeling and proactive risk management tool based on the concepts of attack graphs and Bayesian Networks. A Bayesian Network is a graphical representation of cause-and-effect relationships within a problem domain. A Bayesian network is a powerful tool for security analysis, especially for the proactive, forward looking “what-if” analyses. However, it is not trivial to make it practical and valid. Challenges that have been solved in the tool, include setting the right taxonomy and model to make it practically viable, proving that the output is valid, providing the ability to model the uncertainty inherited in security analysis, and more. It employs a taxonomy that couple attacks and defenses to objects in a way end-users can easily model and understand and provide actionable decision support as output.

 

securiCAD for electronics industry with IoT and embedded systems
 

Elektroniktidningen - a magazine for the electronics industry - explores securiCAD in an article published here. A great article that explores the tangible values of using securiCAD in general and in an IoT and embedded systems environment in particular.

 

Professor Johnson speaks to Swedish Members of Parliament
 

Professor Pontus Johnson, Head of Cyber Security R&D / Technology at foreseeti, spoke to Swedish Members of Parliament on the vulnerability of the digital infrastructure during a lunch seminar at the House of Parliament organized by the Royal Academy of Engineering Sciences on Thursday, April 6.

 

Awarded the title as one of Sweden’s 33 hottest tech companies in 2017!
 

We are proud to announce that foreseeti has been awarded the title as one of Sweden’s 33 hottest tech companies in 2017 by NyTeknik and Affärsvärlden.

Today for the tenth anniversary of 33-listan the winners of 33-listan were presented at Münchenbryggeriet in Stockholm. It is now the second time that foreseeti has been awarded this prestigious title with the first time being in 2016.

The work to find tomorrow’s most promising tech companies started in January when the jury of 33-listan began touring the country. The jury was on the lookout for companies that offered an innovative product or service with great international potential – innovations that could become a game changer within the tech industry.

foreseeti’s CEO Joakim Nydrén comments: “I’m very pleased with foreseeti once again claiming the title as one of Sweden’s 33 hottest tech companies. This clearly indicates that we are on the cutting edge of our field and that our innovative products are highly competitive. A great continuation of a very exciting 2017.”

 

Probabilistic is the way to go
 

 

PwC recently publish the "Operation Cloud Hopper" report. From the report we learn: "This report is an initial public release of research PwC UK and BAE Systems have conducted into new, sustained global campaigns by an established threat actor against managed IT
service providers and their clients..."

In order to convey their confidence in their assements, they have resorted to use probabilistic language as can be seen in the picture above. We at foreseeti are determined that this is the right way to go, and advocates the of use probablistics to quantify threat modelling.

 

Security testing of SCADA systems with foreseeti
 

On the 4th of April you will have the opportunity to participate in a sought after advanced course about security testing of SCADA systems together with foreseeti and F-Secure. For half a day you will receive new and practical knowledge that you will have great use of when you want to identify and mitigate security flaws in your SCADA system. The advanced course also gives a unique opportunity to discuss your questions with likeminded people that have an extra interest in SCADA security and security testing.


To learn more about the conference and to participate in the advanced course visit - http://insightevents.se/events/scada/

Have you seen our new product movies? Find out how securiCAD Professional works on - https://www.foreseeti.com/products

 

CeBIT 2017
 

March 20-24, 2017

At the CeBIT 2017 in Hannover, Germany, apsec’s Dr. Volker Scheidemann gave a speech in the Business Security Forum where he introduced securiCAD to the audience

http://www.cebit.de/veranstaltung/man-or-machine-who-is-better-at-analyzing-security/VOR/74882

Figure 1: Speech at the CeBIT 2017 given by apsec

 

TakeAware 2017
 

March 16, 2017

apsec participated in the TakeAware conference on Security Awareness in March 2017 in Neuss, Germany, raising interest in securiCAD, since securiCAD can take a user’s security awareness into consideration as a security measure.

 

DKI Conference 2017
 

March, 2017

In March 2017 apsec CEO Frank Schlottke gave a speech on Cyberwiz at the DKI Conference 2017 on IT security for hospitals in Düsseldorf. Hospitals belong to the critical infrastructures according to the German IT security law.


 

Breakfast Seminar - March 17 Register now!
 

Welcome to our first breakfast seminar with the theme: "2017 - the year of the cyber security technology leap"


Our purpose with this cost free breakfast seminar is to share community knowledge and leading research that benefits us all. During this morning we will be listening to leading experts from different areas in cyber security.

Breakfast will be served from 08:30 and we start the talks at 09:00.
After the seminar you are all welcome to join us at our office next doors to a touch and feel session together with our experts.

Welcome!
Best regards,
The friends at foreseeti

 

foreseeti at KTH Tech Talk
 

Listen to the KTH Tech Talk where Robert Lagerström and Jacob Henricson explain what securiCAD is and what foreseeti is about.

 

 

E-World energy and water
 

February 09, 2017

The E-World fair is the largest trade fair for the energy sector in Germany. It includes several conferences. In 2016 apsec participated as a visitor making contacts with exhibitors. In 2017 apsec participated at the fair with its own booth, exclusively presenting securiCAD. apsec also participated in the smart tech forum and gave a speech on securiCAD the future of IT security for energy and water providers.  Moreover, apsec participated in a panel discussion on IT security for the energy sector.

https://www.e-world-essen.com/de/kongress/programm/smart-tech-forum/


 

Trailblazers in IT security
 

January 24, 2017

Applied Security GmbH (apsec) successfully finishes CyberWiz pilot project to improve the IT security at municipal works Aschaffenburg.

More than 70.000 persons in over 26.000 households rely on it: energy, gas and clean water 24/7, public transportation systems arriving securely on time, the garbage gets collected every week and for leisure there are public swimming pools and an indoor ice rink. All this and more is provided by the municipal works Aschaffenburg, Germany. They focus on services for energy, water supply, disposal, public transportation and leisure. Failure of their critical infrastructure for energy and water supply would have severe effects on all inhabitants of the lower Main region in Bavaria. Hence, it goes without saying that the municipal works Aschaffenburg have only the highest quality standards that could not be met without a fully functional IT.

To protect the IT of critical infrastructures is the goal of the EU-funded project CyberWiz. CyberWiz aims at the development and implementation of the software securiCAD® and corresponding consulting services. The software securiCAD® is manufactured by the Stockholm-based company foreseeti AB. It has the ability to model complex networks and to proactively simulate Cyber-attacks to the network. It discovers all vulnerabilities, the critical attack paths and estimates the time it takes an attacker to seriously compromise the security of the network. The algorithms within securiCAD® are based on several years of research and development both at foreseeti and at the Royal Institute of Technology Stockholm. securiCAD® was entitled “disruptive technology” by the EU commission, which funds the development of the software under the Horizon 2020 program. The German IT security specialist apsec, based in Großwallstadt, is the project coordinator and is responsible for the development of the consulting concept and for the conducting of several pilot projects with customers from the energy sector within CyberWiz. The first milestone is now reached with having finished the project in Aschaffenburg, which is only 10 kilometers from Großwallstadt and whose municipal works are the largest energy provider in the region.

Dr. Michael Konik, who, as Head of IT, was responsible for the project for the Aschaffenburg municipal works, is convinced by the outcome of the project: “Being a fully-trained mathematician I liked the idea of a scientific simulation approach from the start. Hence, the Aschaffenburg municipal works gladly agreed when apsec offered to investigate the security of our network in this pilot project. It proved really useful to be provided with a “big picture” of our network security. In particular, I like the possibility to proactively check how future alterations to our network may affect its security. The cooperation with apsec was very satisfying and I am sure this wasn’t the last project we conducted together.”

CEO Frank Schlottke from apsec, one of the masterminds in the CyberWiz project, adds: “We are more than happy about the pilot project with the Aschaffenburg municipal works. It provided us with valuable insights into the IT infrastructure of an energy and water provider. Dr. Konik was a very constructive partner and provided us with very good feedback and useful hints how to further improve our performance. I am deeply thankful to him.”

http://cordis.europa.eu/news/rcn/137915_en.html

 

securiCAD® and the Cyberwiz project will be presented at the E-World Energy & Water fair in Essen from 07.-09. February


https://www.e-world-essen.com/de/aktuelles/

January 20, 2017

The E-World Energy & Water is the leading trade fair in Germany for the energy and water sectors.
apsec’s Dr. Volker Scheidemann will join the speaker panel at the fair’s Smart Tech Forum on February 9th with a speech on “Agenda 2018 – the future of IT security for energy and water providers”

https://smartenergy.e-world-essen.com/de/fachforen/programm-smart-tech-forum/

 

foreseeti announces SEK 9 million in funding led by experienced entrepreneurs and InnoEnergy
 

foreseeti announce a 9 million SEK in funding led by experienced entrepreneurs and investors Michael Lantz and Simon Josefsson together with InnoEnergy.

“ We are excited to bring in Michael and Simon as investors and board members. Their expertise is perfectly in line with our road ahead; Michael has built Accedo, a global B2B software business with pioneering products, from scratch to a turnover of +300 MSEK, and Simon is one of the key persons behind the global cyber security success company Yubico. In addition, this funding round includes InnoEnergy, a leader in innovation in energy market, experienced venture capitalists Patrik Westerberg and Anders Ösund and company employees. In short, a perfect mix of skilled capital that, together with our innovation and commercialization funding, will provide a very solid ground for our continued growth journey in the strategic niche of the cyber security market”, says Joakim Nydrén, CEO and co-founder, foreseeti.

“foreseeti has a unique, leading solution which perfectly responds to a huge and fast growing market need. Furthermore, the team has a very strong mix of deep technical skills, including professors, PhDs and military security experts, as well as extensive commercial market knowledge and experience, including business strategists, operational IT security executives and cyber security consultants ”, says Michael Lantz. “I am thrilled to invest and contribute to their future success.”

”The need of foreseeti’s solution is immense” says, Simon Josefsson. “Managing cyber security in a proactive and business minded way is extremely challenging in a world of complex and interconnected systems of systems. The devils are both in the details and in the large. Today, this work is typically done through manual expertise, which is scarce, expensive, and subjective. securiCAD® boost your organization with automated, objective capabilities, improving your security work in the same revolutionizing way as CAD tools have improved work in other engineering domains.”

 

DIDigital recognizes the foreseeti investment round
 


 

DAGSA Cybersecurity Conference 2016 in Berlin
 

December 06, 2016

On December 6th 2016 apsec’s Dr.Volker Scheidemann hosted a round table discussion on a comparison of manual penetration testing and the use of threat modeling tools.

https://www.dagsa.eu/tagungen/cyber-security/programm



 

Round table session: Man or Machine - who is better at doing security analysis?
 

October 20, 2016

Threat modeling software such as ThreatModeler, securiCAD® or Microsoft Threat Modeling Tool promise to perform vulnerability and risk assessments for IT networks faster and more reliable than human experts and penetration testers. In a round table discussion hosted by apsec’s Dr. Volker Scheidemann, the threat modeling approach will be presented using securiCAD® as an example. Afterwards, expert will discuss whether threat modeling software is going to be the future of vulnerability assessment or whether companies will rather go on trusting in the experience of network administrators and security consultants.

https://www.dagsa.eu/tagungen/cyber-security/programm

foreseeti researchers attend conference and workshop
 

During the period September 5-9, the 11th TEAR workshop was organized in conjunction with IEEE EDOC 2016, in Vienna, Austria. Prof. Pontus Johnson from foreseeti attended the workshop where he presented an article.

Assoc. Prof. Robert Lagerström from foreseeti attended the PICMET '16 Conference "Technology Management for Social Innovation" September 4 - 8, Honolulu, Hawaii, USA. At this conference, he presented four articles where of three with regard to cyber security.

 

Learn more about securiCAD®? - Check out this film!
 

 

 


Cyber Wiz an EU-Project to protect critical infrastructure


Dr. Volker Scheidemann
July 12, 2016

The German online magazine "Informatik aktuell" published an article on the CyberWiz project. It describes the project and the benefits of the software securiCAD in detail. You can read the full article (in German) here:

https://www.informatik-aktuell.de/betrieb/sicherheit/cyberwiz-ein-eu-projekt-zum-schutz-kritischer-infrastrukturen.html

 

foreseeti published in Swedish security magazine ”Aktuell Säkerhet”
 

foreseeti has been published in the Swedish security magazine ”Aktuell Säkerhet”. The article refers to foreseeti securing a 250 000 SEK investment prize from Almi Invest in conjunction with the 33 hottest tech companies 2016 event. 

Read the article online here or have a look at page 12 at the ePaper version here

 

Bitkom AK Sicherheitsanwendungen
 

May, 2016

In May 2016 apsec CEO Frank Schlottke gave a speech on Cyberwiz in the AK Sicherheitsanwendungen of the Bitkom, the German association for the IT and telecommunications industry.


 

IT-Trends Sicherheit
 

April 20, 2016

apsec participated in 2016 and 2017 in the IT-Trends Sicherheit conference and fair in Bochum with a booth and giving speeches; the 2016 speech was given by apsec’s subcontractor in the Cyberwiz project, the  paluno Institute for Software Technology of the University Duisburg-Essen:

https://www.it-trends-sicherheit.de/vortraege/vortragdetail/agenda-2018-die-zukunft-der-it-sicherheit-bei-energie-und-wasserversorgern/

https://www.it-trends-sicherheit.de/vortraege/vortragdetail/cyberwiz-managemententscheidungen-zum-gezielten-schutz-technischer-infrastrukturen-beschleunigen/

In an image trailer for the 2017 conference showing the apsec booth with a securiCAD banner at 0:49 can be found here: https://www.youtube.com/watch?v=b30sINXUvJM

 

Congress for IT-Security
 

April 20, 2016

On Wednesday 20.4.2016 Cyberwiz and SecuriCAD will be presented on the 12th Congress for IT-Security (https://www.it-trends-sicherheit.de). Michael Goedicke will present the work of Cyberwiz (https://www.it-trends-sicherheit.de/vortraege/vortragdetail.html?vortrags_id=71).

 

One of Sweden’s 33 hottest tech companies 2016
 

April 12, 2016

We are proud to announce that foreseeti one of the members of the CyberWiz consortium together with apsec and paluno, is one of Sweden’s 33 hottest tech companies 2016 according to Swedish magazines NyTeknik and Affärsvärlden. foreseeti was also awarded the largest add-on prize in the event.

Yesterday, for the ninth year in a row, the winners of 33-listan were presented at Münchenbryggeriet in Stockholm. The work to find tomorrow’s most promising tech companies started in January when the jury of 33-listan began touring the country. The jury was on the lookout for companies that offered an innovative product or service with great international potential – innovations that could become a game changer within the tech industry.

foreseeti is one of the winners in 2016. See the full list of companies here and the text on foreseeti here.

In addition, foreseeti was awarded the biggest add-on prize in the event; the prize from Almi Invest. A great honour.

 

EU-funded project CyberWiz  to secure critical infrastructures
 

February 22, 2016

German security specialist Applied Security GmbH and Swedish risk management firm foreseeti AB work together in a Horizon 2020 programme funded by the European Commission.

The Horizon 2020 programme funded by the European Commission supports small and medium-sized enterprises, which develop disruptive technologies in different lines of business.
One of the most beneficial and important fields of technology in this programme is information security.

One of the key tasks in the struggle of defending computer networks against antagonistic threats such as malicious intruders and cyber terrorists is to find the weak spots in a network and to answer the question: “how long would it withstand an attack?” As there are networks whose failure could have catastrophic consequences – the so-called critical infrastructures like, for instance, power and water distribution, health care and food supply – it is of the utmost importance to find reliable and unbiased answers to the above questions.

The project CyberWiz aims to answer these questions. It combines the knowledge of the Stockholm-based risk management experts of foreseeti AB and of the German information security specialist Applied Security GmbH (apsec). Scientific support to the project is given by the Paluno Institute of Software Technology of the University Essen-Duisburg. Within the project the three participants develop the software securiCAD and a corresponding consulting concept, which gives the operators of critical infrastructures the opportunity to model their networks and to do an unbiased risk analysis by advanced simulation techniques. These simulation techniques are based on the well-known mathematical theory of Bayesian networks. In the simulation risks, vulnerabilities  and the time until an attacker may succeed are estimated.

There are two clear benefits of this approach: the first is that the results are objective, based on mathematical rigorousness. The second is that the outcome of changes in the network, for instance, the introduction of a new firewall, can be simulated before actually doing so. Hence, the software helps to identify whether an investment in a new technique is justified or not and, thus, helps to save expenses.

The Horizon 2020 grants are designated to push disruptive technologies into the European market and CyberWiz is one of the most promising candidates to succeed.

20160222_Press release CyberWiz_final.pdf