The research project led by the University of Göttingen in Germany develops an assessment method of information technology security for businesses

How can companies evaluate whether specific measures taken will strengthen their Information Technology (IT) security? How can they find out what the real costs to their business will be? Researchers are addressing these questions in their research collaboration "Processor-Informed Economic Evaluation and Selection of IT Security Measures" (ProBITS), led by the University of Göttingen. The Federal Ministry of Education and Research (BMBF) has funded the project for three years with a total of around 1.4 million euros.

Due to the constantly changing level of threat, whether due to cyber-attacks or new legal requirements, companies are increasingly required to implement complex bundles of different computer programs and other measures to ensure IT security. "In practice, we see that it is not only costly to implement such measures: in fact, as we have observed, these measures have a significant impact on everyday business. They can lead to business processes taking longer and can drive up costs. In addition, they can make business processes more complex and thus less flexible when they have to suddenly adapt to a new situation," explains Professor Simon Trang, Junior Professor for Information Security and Compliance at the University of Göttingen. Classic evaluation models of investment costing, such as the Return on Security Investment, fall short when it comes to evaluating other business costs, apart from the immediate financial impact of IT security measures. In addition, companies often do not have the relevant data on how vulnerable they really are to cyber-attacks and how serious the damage is likely to be in the event of an attack. "In small and medium-sized enterprises, there is usually no dedicated employee for IT security, and there is often a lack of knowledge and experience regarding IT security," says Trang.

The ProBITS team aims to develop a scalable method that companies can use to economically evaluate and select IT security measures. The focus will be on the business process: "Companies should be able to include the effects on the process, which are currently difficult to calculate, in their evaluation," says Trang. "We want to detect the barriers to the introduction and use of IT security measures and reduce possible obstacles. The project thus makes a significant contribution to increasing IT security while not ignoring other business pressures."

Partners in the ProBITS project are: University of Halle-Wittenberg, msu solutions GmbH, and Rezept-prüfstelle Duderstadt GmbH. There is also a sub-project - "ProBITS made simple" - led by the University of Göttingen for the development of the ProBITS method. The focus of the sub-project is to identify obstacles to the introduction of IT security measures and to support companies in introducing the ProBITS method. The BMBF is funding the sub-project with around 486,000 euros.

This Air Force Civil Engineer Center task order reinforces the Air Force Installation Imagery and Lidar Program, which collects geospatial data at USAF installations worldwide for multiple applications.

Woolpert has been selected to provide geospatial data acquisition and production services, as well as related training, in Alaska in support of the U.S. Air Force’s Combat Support Geospatial Information and Services (GeoBase) Program. GeoBase is an Enterprise Program operating at Installations and contingency locations worldwide. It is led from Joint Base San Antonio under the direction of the Air Force Civil Engineer Center.

Woolpert was awarded this one-year task order to collect lidar data and high-resolution orthoimagery at USAF installations in Alaska, where Woolpert has been collecting geospatial data for the last four years. Woolpert Vice President Greg Fox, the program director for the GeoBase Installation Imagery Program, said these nine Alaska sites are among the 36 that Woolpert will collect worldwide this year under the program. The firm has a fleet of more than two dozen manned and unmanned aircraft and owns and operates more than 50 sensors and systems. Since 2016, Woolpert has collected more than 39,000 square kilometers of airborne imagery and lidar data at 190 USAF sites in 15 countries on five continents. That’s the equivalent of Massachusetts and Connecticut combined.

Fox said the USAF GeoBase Program collects airborne imagery at USAF installations on a three- to five-year cycle to achieve up-to-date geospatial data for the Common Installation Picture.

“This comprehensive, digitally accessible CIP data supports each installation, accurately and efficiently managing its built and natural infrastructure,” Fox said. “Instead of roaming the installation in a truck, Air Force staff can access precise, quantifiable, and defensible data from the office for multiple applications. Everything on the base can be checked and verified with this imagery.”

Applications for these data include but are not limited to planimetric updates, construction management, flood analyses, emergency response and evacuation, national security, utility mapping, modeling and simulation, and flight safety. The data also are used to conduct installation inventory and site compliance, like ensuring buildings have ramps that meet Americans with Disabilities Act regulations.

Woolpert and teaming partner Kodiak Mapping Inc., a local Alaskan aerial survey firm, will collect high-resolution, four-band RGB/NIR imagery and linear-mode lidar data. Woolpert will establish accurate, three-dimensional coordinates for the photogrammetric ground control survey in support. The imagery and data collected will be immediately processed, and an ISO 9001:2015 quality control review will be conducted. Woolpert also will provide training classes and materials on-site, as desired.

Woolpert Geospatial Specialist Dana Dwyer-Torres said prior to the USAF Installation Imagery and Lidar Program, each USAF installation had to purchase its own imagery. Some relied on satellite imagery alone, which does not provide the required precision and accuracy.

“It was difficult for them each to understand the accuracies needed, and some would pay way too much for the imagery they received,” Dwyer-Torres said. “This program is a great value for the Air Force. As the technology is getting better, the datasets are getting better. In the early stages of the program, we were providing lidar data at 2 points per square meter, however, we are now providing lidar data at 8ppsm or better, depending on data needs. This increase in lidar density has enhanced the installation’s ability to support its mission through improved data feature extraction, elevation modeling, 3D building modeling, and 1-foot contour generation. The workflow is streamlined, and the products continue to advance.”

Fox lauded Air Force GeoBase Program Manager Scott Ensign and the AFCEC Geospatial Integration Office for starting this program and for supporting the USAF, as well as other branches of the U.S. Armed Forces.

“This data goes into a repository at the National Geospatial-Intelligence Agency’s GRiD, helping other U.S. Department of Defense organizations, including the Army and Navy,” Fox said. “GeoBase provides consistent data that can be compared across installations, and it supports specific requests at each installation depending on requirements and needs. The AFCEC and AFSOC had the foresight and acumen to pursue and implement a strategic, cost-effective solution, which continually benefits the nation on both a micro and macro level.”

Woolpert has been under contract in support of GeoBase for much of the program’s 20 years. The firm currently has more than 80 staff members who support GeoBase worldwide.