Internet Early Warning System: The Global View - Prof. Dr. Norbert Pohlmann
Internet Early Warning System: The Global View
N. Pohlmann, M. Proest:,
We have all experienced the situation: you are sitting in a traffic jam and all you can see is a long line of cars in front of and behind you. In this situation, without any assistance, you do not have an overview of the problem. There is no direct information concerning why the traffic jam has come about, how long it is, at what point the traffic jam you are located or – the most important information – when the traffic jam will be over. As this is a problem faced on a day-to-day basis by thousands of motorists, solutions have been developed to overcome the lack of information. In Germany there is a close network of traffic counter loops which record the traffic volume and situation on the motor-ways/freeways. Important information about traffic jams is provided by means of radio announce-ments, SMS, telephone and the Internet, while modern navigation systems process the information directly when planning the route to be taken. Through the use of these resources, motorists are “liberated” from their constricted local view of the situation and can take decisions in good time on the basis of the global information available, e.g. leaving by the next exit and using an alternative route. This situation can also be applied to the perspective that the network operators have today of the Internet. As a rule they have only a local perspective, i.e. an overview of their own network segments and the communication data that are transferred. If problems occur here and are detected, they can be rectified quickly and systematically. However, if it becomes apparent that a problem has occurred that is not within their own domain of action, or if the required perspective is lacking, the situation is more difficult. It is often not clear where the problem comes from, and for the correction of the problem we are reliant on third parties. The global view required in order to detect the problem and select the correct solutions is missing. Such a global perception is difficult to achieve on the Internet as people like to play their cards close to their chest. The precise internal network structure, communication connections and topologies are often treated confidentially by the network operators. Furthermore, in order to achieve a global perspective, there are a few challenges that have to be solved: communication data are relevant in principle to data protection, the quantities of data are enormous, the datarates are sometimes so large that they cannot always be analyzed “live”, while long-term storage of the communication data in order to observe long-term developments appears to be impossible. Moreover, the question also arises of who feels responsible for creating a global perspective? Nevertheless, the Internet has developed into an omnipresent medium over the past few years, without which very large areas of the economy, research and private life would be unimaginable today. For this reason the analysis and knowledge of the medium known as the Internet in its totality is of particular significance in order to be able to assess its development and guarantee the future functioning of all the services it provides. The constantly growing importance of the Internet for our knowledge and information society makes it necessary to analyze and be acquainted with its status beyond the limits of the individual network operators. Only precise knowledge of the normal status makes it possible to detect anomalies which influence the functionality of the Internet. With the help of the probe-based Internet Analysis System, which is currently being implemented as a research and development project of the Institute for Internet Security at the University of Applied Sciences in Gelsenkirchen in collaboration with the German Federal Office for Information Security (BSI), it is intended to create and analyze local and above all global perspectives in order to make the generation of early warnings possible. Particular focal points of the project are the collection of information in compliance with data protec-tion regulations and optimization of the amount of information, so as to be able to store information in the long term and therefore allow the analysis of trends and developments over long periods.
Weitere Informationen zum Thema “Cyber-Sicherheits-Frühwarn- und Lagebildsystem”:
Glossareintrag: “Cyber-Sicherheits-Frühwarn- und Lagebildsystem”
Informationen über das Lehrbuch: „Cyber-Sicherheit“