ISNS Institute for Secure Networked Systems

Industrial plants and critical infrastructures place particularly high demands on IT security: they are often operated over decades, consist of heterogeneous components, and must meet strict availability and real-time requirements. The ISNS conducts research and develops security mechanisms that address these constraints and can be integrated into existing industrial and OT networks.

Our work focuses, among other aspects, on segmented and fault-tolerant network architectures, secure communication concepts, and mechanisms for attack detection and mitigation in live systems. We consider both classical industrial fieldbus and automation protocols as well as modern IP-based approaches, edge computing architectures, and highly available systems. The goal is to sustainably strengthen the resilience of industrial and critical infrastructures without jeopardizing their operation or safety.

Real-world networks are complex, large-scale, and often time-critical systems whose characteristics can only be captured to a limited extent through analytical methods. At the ISNS, we employ model-based approaches and realistic simulation platforms to systematically study such networks. Using algorithmically generated topologies, we replicate typical structures of industrial and deterministic communication networks and investigate the interplay of topology, traffic patterns, synchronization mechanisms, and configuration parameters.

A particular focus lies on analyzing time-critical communication and security mechanisms under controlled, reproducible conditions. Our approaches allow us to study network behavior under load, misconfigurations, or targeted disruptions, and to assess the impact on latency, synchronization, and availability. The results obtained provide robust foundations for the design and protection of complex network architectures before they are deployed in real-world systems.

Many networked systems – such as those in the IoT, embedded, or real-time domains – have limited computational power, memory, and energy resources. At the same time, they must meet strict timing requirements. The ISNS researches security solutions that operate reliably under these constraints while preserving the deterministic properties of the systems.

Our work ranges from optimizing classical security mechanisms, such as firewalls and filtering rules, to developing novel architectural and isolation concepts for time-critical systems. Special attention is given to predictable latencies, the efficient use of scarce resources, and the formal assurance of security-critical functions. The goal is to achieve a high level of security even in highly constrained environments.

Advances in quantum computing are calling established cryptographic methods into question over the long term. The ISNS is deeply engaged in the post-quantum transition, that is, the shift to quantum-resistant cryptographic techniques. We analyze the impact of this transition on industrial communication systems, protocols, and existing infrastructures.

A particular focus lies on systems with very long lifecycles, as commonly found in industry and critical infrastructures. Here, we develop and evaluate cryptographic solutions that are both future-proof and practical. This includes the integration of post-quantum cryptographic methods, hybrid approaches, and migration strategies that enable a gradual and low-risk transition.