In the picture (from left to right): KR Alfred Harl (Fachverband UBIT), Peter Lieber (Sparx Services Central Europe), Salome Wagner (Sparx Services Central Europe), Martin Stierle (AIT Austrian Institute of Technology), BM Univ.-Prof. Dr. Martin Kocher – Image: BMAW/Silveri
The innovative cyber security management system ThreatGet was awarded runner-up to the Austrian State Prize Consulting 2022 in the category “Management Consulting and IT”. The system and the associated risk management consulting for highly secure IT and electronic systems were jointly developed by the AIT Austrian Institute of Technology and Sparx Services CE, a business unit of the Lieber.Group, and have already won several awards.
ThreatGet was first introduced in 2019 as a new approach to the development of highly secure digital systems. It supports developers of digital systems in avoiding threats – supported by Artificial Intelligence (AI) – through smart development approaches in system design. The special concept of the system is that security analyses are not only carried out on the finished product through test processes, but accompany the entire development process from the conception of the system to its implementation (security-by-design).
As early as 2020, ThreatGet’s special innovation was confirmed by the Austrian eAward in the category “Industry 4.0” and has since been further developed and tested in the field. Sparx Services CE, for example, developed a comprehensive consulting approach together with AIT to embed the use of the new development tool in a holistic risk management system. This concept was awarded 1st prize at the Constantinus Award 2021 in the Digitalisation / Internet of Things (IoT) category and now also runner-up to the State Prize Consulting “Management Consulting and IT” 2022. ThreatGet thus prevailed among 191 projects in the various preliminary rounds.
Helmut Leopold, Head of Center for Digital Safety & Security at the AIT, says: “We congratulate Sparx Services CE on their nomination for the State Prize for Consulting. In order to master our increasingly complicated and comprehensive digitalisation, new concepts for the secure development of digital systems are absolutely necessary. The combination of Sparx Services CE’s risk management consulting approach with the Security by Design tool ThreatGet developed at AIT sets new standards in the development of resilient digital systems in markets with high security requirements, such as the automotive or manufacturing industries.”
ThreatGet’s field of application greatly expanded
Initially, ThreatGet was focused on system development in the automotive sector, as the new regulation UN R155 on cyber security became mandatory for all new vehicle types in the EU in July 2022. This requires a risk analysis for the vehicle and a security-by-design approach, prerequisites that can be implemented in an exemplary manner with ThreatGet.
Building on the experience gained from the use of ThreatGet in the automotive sector and the increasing interest in the innovative security system across all industries, the AIT experts published another AI supported database of known cyber threats for the industrial sector in the spring of 2022. This means that “Security by Design” is now also available for the development of safety-critical systems in the area of the Industrial Internet of Things (IIoT), for example, and was presented at the joint stand of the Austrian Federal Economic Chamber at the Hannover Messe 2022.
Peter Lieber, founder and owner of Sparx Services CE: “We are very proud of the nomination for the State Prize Consulting “Management Consulting and IT” 2022 for ThreatGet and the associated holistic consulting approach. Thanks to the successful and long-standing cooperation with AIT, the ThreatGet Cyber Security Management System is now so broadly positioned that we can reach all industrial sectors, even banks and insurance companies. With the practical experience we have gained, the system’s set of rules can be used for practically all cyber security requirements and we are thus delivering a comprehensive solution for security-by-design.”
ThreatGet also covers the requirements for ISO/IEC27001 certification and provides companies and organisations with clear guidelines for cyber security. There are also plans to expand the knowledge bases to include threat potentials for areas such as health and safety-critical infrastructures. Other risk analyses will also be possible soon, and last but not least, the NIS Directive (EU-wide legislation on cyber security for network and information security) will also be fulfilled.
Partner model bears fruit and creates new jobs
With the holistic consulting approach developed by Sparx Services CE for ThreatGet, the target group of IT security consultants with end customers in the field of security-critical infrastructure is specifically addressed and supported. Thus, consultants no longer address the security department exclusively, but introduce the process model as early as the system development stage. This means that new target groups – people from the enterprise or system architecture and those responsible for quality – are reached. At the same time, the consultants get to know a methodology that will become established in many industrial sectors in the coming years: Model-based system development.
The partner model presented in 2021 has already triggered a positive employment effect due to its clear commercial orientation. At msg Plaut, for example, a team of specialists has been created in Austria alone with and through ThreatGet. msg Plaut is a corporate group with independent companies in Austria, CEE and CIS and employs around 600 people in seven countries. The company combines business management and strategic consulting with future-oriented, sustainable value-creating IT solutions.
Sparx Systems CE supports its partners in selling the system on the market through a wide range of activities. Using practical examples, ThreatGet was presented by AIT, Sparx Systems CE and msg Plaut in a lecture at the Swiss-Austrian-Liechtenstein Chamber of Commerce in May 2022. Fritz Mehl, ThreatGet project manager at Sparx Systems CE and responsible for partner management: “We not only convey the holistic approach, but also provide very individual support for market access. After all, it is clear that the great leverage in both the personnel and sales areas comes primarily from the participating consulting companies. ThreatGet’s innovative methodology offers new and expanded approaches to serving clients. At the same time, technical expertise in the area of cyber security is boosted in the consulting company. With the expansion of ThreatGet to many sectors, it is now important to extend our network into these new areas in order to be able to quickly roll out the already successful approach in the face of increasing cyber dangers.” Stefan Schauer, Thematic Coordinator “Dependable Systems Engineering” at AIT: “Due to the increased system complexity in the automotive industry, but also in many safety-critical products in other industries, it is becoming increasingly important to consider safety and cyber security in an efficient software development process. ThreatGet is a helpful tool here, especially because it does not require every software developer to be retrained as a cyber security expert. This is an immense advantage, especially in times when the job market for software developers and cyber security experts is highly competitive”.
The AIT Austrian Institute of Technology is Austria’s largest non-university research institution and sees itself as a highly specialised research and development partner for industry. In the Center for Digital Safety & Security, state-of-the-art information and communication technologies (ICT) and systems are developed to make critical infrastructures secure and reliable in the context of comprehensive and global networking and digitalisation. In the Dependable Systems Engineering (DSE) research area, experts have been investigating the interactions between safety, security and reliability for many years and developing new methods and tools to ensure the holistic safety of systems. The experts play a leading role in the industry standards of tomorrow, e.g. ISO TC 22 (automotive sector), ISO TC 299 (robotics), IEC TC 56 (dependability), IEC TC 62 (medicine), IEC TC 65 (control technology for industrial processes) and AIOTI WG03 (M2M). These many years of experience and expertise are also made available to customers in the form of training and consulting.
Read more about ThreatGet
Helmut Leopold (AIT; left) and Peter Lieber (Lieber.Group; right)
Image: Wolfgang Franz