Definition und ausgewählte Publikationen

Benutzbare Sicherheit und Privatheit beschäftigt sich mit der Nutzbarkeit von Sicherheits- und Privatheitskonzepten, zum Schutz vor gezielten Angriffen (Usable Security/Privacy) und unbeabsichtigten Fehlfunktionen (Safety).

Zur Definition des Bereichs

Christian Reuter (2021) Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (Zweite Auflage), S. 1-695, Wiesbaden: Springer Vieweg, url

Ausgewählte Publikationen

  • Franz Kuntke, Marc-André Kaufhold, Sebastian Linsner, Christian Reuter (2024)
    GeoBox: Design and Evaluation of a Tool for Resilient and Decentralized Data Management in Agriculture
    Behaviour & Information Technology (BIT) ;43(4):764–786. doi:10.1080/0144929X.2023.2185747
    [BibTeX] [Abstract] [Download PDF]

    Farm Management Information Systems (FMIS) are an important core component of modern farming companies as they allow, e.g., to document activities, create fertilization plans, and feed digital equipment with required data. Since the entire agricultural sector is an essential component of food production, high standards of resilience should be established in the involved companies. Accordingly, the used software should also be designed with high standards on reliability and crisis capability. Based on a literature review, we found that software for farmers with certain resilience needs is lacking. Thus, we designed and evaluated a new FMIS concept with the user-centered design method. By conducting focus groups (two rounds, total N=57) in 2017 and 2019, we raised specific front-end and back-end requirements of farmers. Based on the requirements, we developed our concept for both front- and back-end in terms of a decentralized and offline-working FMIS. Through the evaluation with practitioners (N=16) of the implemented concept, we derived findings and implications, highlighting the need for privacy, stability, and offline-capability, as well as the UI-requirement to be supportive, e.g., with easy to understand icons and terms.

    @article{kuntke_geobox_2024,
    title = {{GeoBox}: {Design} and {Evaluation} of a {Tool} for {Resilient} and {Decentralized} {Data} {Management} in {Agriculture}},
    volume = {43},
    issn = {0144-929X},
    url = {https://peasec.de/paper/2023/2023_KuntkeKaufholdLinsnerReuter_GeoBox_BIT.pdf},
    doi = {10.1080/0144929X.2023.2185747},
    abstract = {Farm Management Information Systems (FMIS) are an important core component of modern farming companies as they allow, e.g., to document activities, create fertilization plans, and feed digital equipment with required data. Since the entire agricultural sector is an essential component of food production, high standards of resilience should be established in the involved companies. Accordingly, the used software should also be designed with high standards on reliability and crisis capability. Based on a literature review, we found that software for farmers with certain resilience needs is lacking. Thus, we designed and evaluated a new FMIS concept with the user-centered design method. By conducting focus groups (two rounds, total N=57) in 2017 and 2019, we raised specific front-end and back-end requirements of farmers. Based on the requirements, we developed our concept for both front- and back-end in terms of a decentralized and offline-working FMIS. Through the evaluation with practitioners (N=16) of the implemented concept, we derived findings and implications, highlighting the need for privacy, stability, and offline-capability, as well as the UI-requirement to be supportive, e.g., with easy to understand icons and terms.},
    number = {4},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Kuntke, Franz and Kaufhold, Marc-André and Linsner, Sebastian and Reuter, Christian},
    month = mar,
    year = {2024},
    note = {Publisher: Taylor \& Francis},
    keywords = {UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, AuswahlUsableSec, Projekt-GeoBox, Projekt-AgriRegio},
    pages = {764--786},
    }

  • Tom Biselli, Laura Utz, Christian Reuter (2024)
    Supporting Informed Choices about Browser Cookies: The Impact of Personalised Cookie Banners
    Proceedings on Privacy Enhancing Technologies (PoPETs) (1):171–191. doi:https://doi.org/10.56553/popets-2024-0011
    [BibTeX] [Abstract] [Download PDF]

    Browser cookies, especially those from third parties, pose a threat to individual privacy. While it is possible in principle to control the number of cookies accepted, this choice is often neither usable nor truly informed. To address this issue, this study used semi-structured interviews (N=19) to identify attitudes and user requirements to develop an alternative personalised cookie banner, which was evaluated in an online experiment (N=157). The cookie banner explanations were tailored to the privacy knowledge of three groups of users: low, medium and high. The online experiment measured cookie choices and perceived usability of the cookie banner across three groups: an experimental group that viewed the novel cookie banner with personalisation (personalised privacy assistant), a control group that viewed the novel cookie banner without personalisation (privacy assistant) and a control group that viewed the standard cookie banner provided by the website. The results indicate that the novel cookie banner (with or without personalisation) generally resulted in significantly fewer accepted cookies and increased usability compared to the standard cookie window. In addition, the personalised cookie banner resulted in significantly fewer accepted cookies and higher usability than the non-personalised cookie banner. These results suggest that tailoring cookie banners to users‘ privacy knowledge can be an effective approach to empowering users to make informed choices and better protect their privacy.

    @article{biselli_supporting_2024,
    title = {Supporting {Informed} {Choices} about {Browser} {Cookies}: {The} {Impact} of {Personalised} {Cookie} {Banners}},
    url = {https://petsymposium.org/popets/2024/popets-2024-0011.pdf},
    doi = {https://doi.org/10.56553/popets-2024-0011},
    abstract = {Browser cookies, especially those from third parties, pose a threat to individual privacy. While it is possible in principle to control the number of cookies accepted, this choice is often neither usable nor truly informed. To address this issue, this study used semi-structured interviews (N=19) to identify attitudes and user requirements to develop an alternative personalised cookie banner, which was evaluated in an online experiment (N=157). The cookie banner explanations were tailored to the privacy knowledge of three groups of users: low, medium and high. The online experiment measured cookie choices and perceived usability of the cookie banner across three groups: an experimental group that viewed the novel cookie banner with personalisation (personalised privacy assistant), a control group that viewed the novel cookie banner without personalisation (privacy assistant) and a control group that viewed the standard cookie banner provided by the website. The results indicate that the novel cookie banner (with or without personalisation) generally resulted in significantly fewer accepted cookies and increased usability compared to the standard cookie window. In addition, the personalised cookie banner resulted in significantly fewer accepted cookies and higher usability than the non-personalised cookie banner. These results suggest that tailoring cookie banners to users' privacy knowledge can be an effective approach to empowering users to make informed choices and better protect their privacy.},
    number = {1},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Utz, Laura and Reuter, Christian},
    year = {2024},
    keywords = {HCI, Selected, Student, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CROSSING, AuswahlUsableSec},
    pages = {171--191},
    }

  • Marc-André Kaufhold, Thea Riebe, Markus Bayer, Christian Reuter (2024)
    ‚We Do Not Have the Capacity to Monitor All Media‘: A Design Case Study on Cyber Situational Awareness in Computer Emergency Response Teams
    Proceedings of the Conference on Human Factors in Computing Systems (CHI) .
    [BibTeX] [Abstract]

    Computer Emergency Response Teams (CERTs) have been established in the public sector globally to provide advisory, preventive and reactive cybersecurity services for government agencies, citizens, and businesses. Nevertheless, their responsibility of monitoring, analyzing, and communicating cyber threats and security vulnerabilities have become increasingly challenging due to the growing volume and varying quality of information disseminated through public and social channels. Based on a design case study conducted from 2021 to 2023, this paper combines three iterations of expert interviews (N=25), design workshops (N=4) and cognitive walkthroughs (N=25) to design an automated, cross-platform and real-time cybersecurity dashboard. By adopting the notion of cyber situational awareness, the study further extracts user requirements and design heuristics for enhanced threat intelligence and mission awareness in CERTs, discussing the aspects of source integration, data management, customizable visualization, relationship awareness, information assessment, software integration, (inter-)organizational collaboration, and communication of stakeholder warnings.

    @inproceedings{kaufhold_we_2024,
    series = {{CHI} '24},
    title = {'{We} {Do} {Not} {Have} the {Capacity} to {Monitor} {All} {Media}': {A} {Design} {Case} {Study} on {Cyber} {Situational} {Awareness} in {Computer} {Emergency} {Response} {Teams}},
    abstract = {Computer Emergency Response Teams (CERTs) have been established in the public sector globally to provide advisory, preventive and reactive cybersecurity services for government agencies, citizens, and businesses. Nevertheless, their responsibility of monitoring, analyzing, and communicating cyber threats and security vulnerabilities have become increasingly challenging due to the growing volume and varying quality of information disseminated through public and social channels. Based on a design case study conducted from 2021 to 2023, this paper combines three iterations of expert interviews (N=25), design workshops (N=4) and cognitive walkthroughs (N=25) to design an automated, cross-platform and real-time cybersecurity dashboard. By adopting the notion of cyber situational awareness, the study further extracts user requirements and design heuristics for enhanced threat intelligence and mission awareness in CERTs, discussing the aspects of source integration, data management, customizable visualization, relationship awareness, information assessment, software integration, (inter-)organizational collaboration, and communication of stakeholder warnings.},
    booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI})},
    publisher = {Association for Computing Machinery},
    author = {Kaufhold, Marc-André and Riebe, Thea and Bayer, Markus and Reuter, Christian},
    year = {2024},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A*, Projekt-CYWARN, AuswahlUsableSec, AuswahlKaufhold, Projekt-CYLENCE, Projekt-ATHENE-CyAware},
    }

  • Thea Riebe, Tom Biselli, Marc-André Kaufhold, Christian Reuter (2023)
    Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey
    Proceedings on Privacy Enhancing Technologies (PoPETs) (1):477–493. doi:https://doi.org/10.56553/popets-2023-0028
    [BibTeX] [Abstract] [Download PDF]

    The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

    @article{riebe_privacy_2023,
    title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
    url = {https://petsymposium.org/popets/2023/popets-2023-0028.pdf},
    doi = {https://doi.org/10.56553/popets-2023-0028},
    abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
    number = {1},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
    year = {2023},
    keywords = {HCI, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN, Projekt-ATHENE-FANCY, AuswahlUsableSec},
    pages = {477--493},
    }

  • Leon Würsching, Florentin Putz, Steffen Haesler, Matthias Hollick (2023)
    FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones
    Proceedings of the Conference on Human Factors in Computing Systems (CHI) (Best Paper Award) New York, NY, USA. doi:10.1145/3544548.3580993
    [BibTeX] [Abstract] [Download PDF]

    Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.

    @inproceedings{wursching_fido2_2023,
    address = {New York, NY, USA},
    series = {{CHI} '23},
    title = {{FIDO2} the {Rescue}? {Platform} vs. {Roaming} {Authentication} on {Smartphones}},
    url = {https://peasec.de/paper/2023/2023_WuerschingPutzHaeslerHollick_PlatformvsRoamingAuthenticationonSmartphones_CHI.pdf},
    doi = {10.1145/3544548.3580993},
    abstract = {Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.},
    booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI}) ({Best} {Paper} {Award})},
    publisher = {Association for Computing Machinery},
    author = {Würsching, Leon and Putz, Florentin and Haesler, Steffen and Hollick, Matthias},
    year = {2023},
    note = {event-place: Hamburg, HH, Germany},
    keywords = {HCI, UsableSec, Security, A-Paper, Ranking-CORE-A*, AuswahlUsableSec, Projekt-emergenCITY},
    }

  • Tom Biselli, Enno Steinbrink, Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2022)
    On the Challenges of Developing a Concise Questionnaire to Identify Privacy Personas
    Proceedings on Privacy Enhancing Technologies (PoPETs) (4):645–669. doi:10.56553/popets-2022-0126
    [BibTeX] [Abstract] [Download PDF]

    Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.

    @article{biselli_challenges_2022,
    title = {On the {Challenges} of {Developing} a {Concise} {Questionnaire} to {Identify} {Privacy} {Personas}},
    url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
    doi = {10.56553/popets-2022-0126},
    abstract = {Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.},
    number = {4},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Steinbrink, Enno and Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
    pages = {645--669},
    }

  • Katrin Hartwig, Christian Reuter (2022)
    Nudging Users Towards Better Security Decisions in Password Creation Using Whitebox-based Multidimensional Visualizations
    Behaviour & Information Technology (BIT) ;41(7):1357–1380. doi:10.1080/0144929X.2021.1876167
    [BibTeX] [Abstract] [Download PDF]

    Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users‘ perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.

    @article{hartwig_nudging_2022,
    title = {Nudging {Users} {Towards} {Better} {Security} {Decisions} in {Password} {Creation} {Using} {Whitebox}-based {Multidimensional} {Visualizations}},
    volume = {41},
    url = {https://peasec.de/paper/2022/2022_HartwigReuter_WhiteboxMultidimensionalNudges_BIT.pdf},
    doi = {10.1080/0144929X.2021.1876167},
    abstract = {Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users' perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.},
    number = {7},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Hartwig, Katrin and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-FANCY, AuswahlUsableSec},
    pages = {1357--1380},
    }

  • Sebastian Linsner, Franz Kuntke, Enno Steinbrink, Jonas Franken, Christian Reuter (2021)
    The Role of Privacy in Digitalization – Analysing the German Farmers‘ Perspective
    Proceedings on Privacy Enhancing Technologies (PoPETs) ;2021(3):334–350. doi:10.2478/popets-2021-0050
    [BibTeX] [Abstract] [Download PDF]

    Technological progress can disrupt domains and change the way we work and collaborate. This paper presents a qualitative study with 52 German farmers that investigates the impact of the ongoing digitalization process in agriculture and discusses the implications for privacy research. As in other domains, the introduction of digital tools and services leads to the data itself becoming a resource. Sharing this data with products along the supply chain is favored by retailers and consumers, who benefit from traceability through transparency. However, transparency can pose a privacy risk. Having insight into the business data of others along the supply chain provides an advantage in terms of market position. This is particularly true in agriculture, where there is already a significant imbalance of power between actors. A multitude of small and medium-sized farming businesses are opposed by large upstream and downstream players that drive technological innovation. Further weakening the market position of farmers could lead to severe consequences for the entire sector. We found that on the one hand, privacy behaviors are affected by adoption of digitalization, and on the other hand, privacy itself influences adoption of digital tools. Our study sheds light on the emerging challenges for farmers and the role of privacy in the process of digitalization in agriculture.

    @article{linsner_role_2021,
    title = {The {Role} of {Privacy} in {Digitalization} – {Analysing} the {German} {Farmers}' {Perspective}},
    volume = {2021},
    url = {https://www.petsymposium.org/2021/files/papers/issue3/popets-2021-0050.pdf},
    doi = {10.2478/popets-2021-0050},
    abstract = {Technological progress can disrupt domains
    and change the way we work and collaborate. This paper presents a qualitative study with 52 German farmers
    that investigates the impact of the ongoing digitalization process in agriculture and discusses the implications for privacy research. As in other domains, the introduction of digital tools and services leads to the data
    itself becoming a resource. Sharing this data with products along the supply chain is favored by retailers and
    consumers, who benefit from traceability through transparency. However, transparency can pose a privacy risk.
    Having insight into the business data of others along the
    supply chain provides an advantage in terms of market
    position. This is particularly true in agriculture, where
    there is already a significant imbalance of power between actors. A multitude of small and medium-sized
    farming businesses are opposed by large upstream and
    downstream players that drive technological innovation.
    Further weakening the market position of farmers could
    lead to severe consequences for the entire sector. We
    found that on the one hand, privacy behaviors are affected by adoption of digitalization, and on the other
    hand, privacy itself influences adoption of digital tools.
    Our study sheds light on the emerging challenges for
    farmers and the role of privacy in the process of digitalization in agriculture.},
    number = {3},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Linsner, Sebastian and Kuntke, Franz and Steinbrink, Enno and Franken, Jonas and Reuter, Christian},
    year = {2021},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, AuswahlUsableSec, Projekt-GeoBox, Projekt-GRKPrivacy, Projekt-HyServ},
    pages = {334--350},
    }

  • Anjuli Franz, Gregor Albrecht, Verena Zimmermann, Katrin Hartwig, Christian Reuter, Alexander Benlian, Joachim Vogt (2021)
    SoK: Still Plenty of Phish in the Sea — A Review of User-Oriented Phishing Interventions and Avenues for Future Research
    USENIX Symposium on Usable Privacy and Security (SOUPS) .
    [BibTeX] [Abstract] [Download PDF]

    Phishing is a prevalent cyber threat, targeting individuals and organizations alike. Previous approaches on anti-phishing measures have started to recognize the role of the user, who, at the center of the target, builds the last line of defense. However, user-oriented phishing interventions are fragmented across a diverse research landscape, which has not been systematized to date. This makes it challenging to gain an overview of the various approaches taken by prior works. In this paper, we present a taxonomy of phishing interventions based on a systematic literature analysis. We shed light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction. Furthermore, we highlight shortcomings and challenges emerging from both our literature sample and prior meta-analyses, and discuss them in the light of current movements in the field of usable security. With this article, we hope to provide useful directions for future works on phishing interventions.

    @inproceedings{franz_sok_2021,
    title = {{SoK}: {Still} {Plenty} of {Phish} in the {Sea} — {A} {Review} of {User}-{Oriented} {Phishing} {Interventions} and {Avenues} for {Future} {Research}},
    isbn = {978-1-939133-25-0},
    url = {https://www.usenix.org/system/files/soups2021-franz.pdf},
    abstract = {Phishing is a prevalent cyber threat, targeting individuals and
    organizations alike. Previous approaches on anti-phishing
    measures have started to recognize the role of the user, who,
    at the center of the target, builds the last line of defense.
    However, user-oriented phishing interventions are fragmented
    across a diverse research landscape, which has not been
    systematized to date. This makes it challenging to gain an
    overview of the various approaches taken by prior works.
    In this paper, we present a taxonomy of phishing interventions
    based on a systematic literature analysis. We shed light
    on the diversity of existing approaches by analyzing them
    with respect to the intervention type, the addressed phishing
    attack vector, the time at which the intervention takes place,
    and the required user interaction. Furthermore, we highlight
    shortcomings and challenges emerging from both our literature
    sample and prior meta-analyses, and discuss them in
    the light of current movements in the field of usable security.
    With this article, we hope to provide useful directions for
    future works on phishing interventions.},
    booktitle = {{USENIX} {Symposium} on {Usable} {Privacy} and {Security} ({SOUPS})},
    author = {Franz, Anjuli and Albrecht, Gregor and Zimmermann, Verena and Hartwig, Katrin and Reuter, Christian and Benlian, Alexander and Vogt, Joachim},
    year = {2021},
    keywords = {UsableSec, Security, Ranking-CORE-B, Projekt-CROSSING, AuswahlUsableSec},
    }

  • Thea Riebe, Marc-André Kaufhold, Christian Reuter (2021)
    The Impact of Organizational Structure and Technology Use on Collaborative Practices in Computer Emergency Response Teams: An Empirical Study
    Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing ;5(CSCW2). doi:10.1145/3479865
    [BibTeX] [Abstract] [Download PDF]

    Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.

    @article{riebe_impact_2021,
    title = {The {Impact} of {Organizational} {Structure} and {Technology} {Use} on {Collaborative} {Practices} in {Computer} {Emergency} {Response} {Teams}: {An} {Empirical} {Study}},
    volume = {5},
    url = {https://www.peasec.de/paper/2021/2021_RiebeKaufholdReuter_ComputerEmegencyResponseTeams_CSCW.pdf},
    doi = {10.1145/3479865},
    abstract = {Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.},
    number = {CSCW2},
    journal = {Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing},
    author = {Riebe, Thea and Kaufhold, Marc-André and Reuter, Christian},
    year = {2021},
    keywords = {Crisis, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-CYWARN, AuswahlUsableSec, AuswahlKaufhold},
    }

  • Enno Steinbrink, Lilian Reichert, Michelle Mende, Christian Reuter (2021)
    Digital Privacy Perceptions of Asylum Seekers in Germany – An Empirical Study about Smartphone Usage during the Flight
    Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing ;5(CSCW2). doi:10.1145/3479526
    [BibTeX] [Abstract] [Download PDF]

    Since 2015, an increased number of asylum seekers is coming to Europe. These migration movements increasingly rely on digital infrastructure, such as mobile internet access and online services, in order to reach their targeted destination countries. Asylum seekers often use smartphones for information and communication purposes. Even though there are many positive aspects in the use of such technologies, researchers have to consider the perceived risks of this specific user group. This work aims at investigating the use of mobile information technologies by asylum seekers during their flight, especially taking privacy into account. Thus, it examines asylum seekers’ digital privacy perceptions and identifies privacy protection behaviors by conducting a qualitative interview study with 14 asylum seekers who applied for asylum in Germany. The results show that asylum seekers are often aware of the various risks deriving from the use of smartphones and ICT, such as surveillance and persecution by state or non-state actors as well as extortion by criminals. Based on this, this work furthermore outlines different strategies used to manage these risks. Since the lack of privacy and trust leads to avoidance behavior, the insights of this study provide valuable information for the design of assistance apps and collaboration platforms, which appropriately address the specific needs for digital privacy in the context of flight, or for the conception of privacy-enhancing technologies helping to achieve this.

    @article{steinbrink_digital_2021,
    title = {Digital {Privacy} {Perceptions} of {Asylum} {Seekers} in {Germany} - {An} {Empirical} {Study} about {Smartphone} {Usage} during the {Flight}},
    volume = {5},
    url = {https://www.peasec.de/paper/2021/2021_SteinbrinkReichertMendeReuter_DigitalPrivacyPerceptionAsylumSeekers_CSCW.pdf},
    doi = {10.1145/3479526},
    abstract = {Since 2015, an increased number of asylum seekers is coming to Europe. These migration movements increasingly rely on digital infrastructure, such as mobile internet access and online services, in order to reach their targeted destination countries. Asylum seekers often use smartphones for information and communication purposes. Even though there are many positive aspects in the use of such technologies, researchers have to consider the perceived risks of this specific user group. This work aims at investigating the use of mobile information technologies by asylum seekers during their flight, especially taking privacy into account. Thus, it examines asylum seekers’ digital privacy perceptions and identifies privacy protection behaviors by conducting a qualitative interview study with 14 asylum seekers who applied for asylum in Germany. The results show that asylum seekers are often aware of the various risks deriving from the use of smartphones and ICT, such as surveillance and persecution by state or non-state actors as well as extortion by criminals. Based on this, this work furthermore outlines different strategies used to manage these risks. Since the lack of privacy and trust leads to avoidance behavior, the insights of this study provide valuable information for the design of assistance apps and collaboration platforms, which appropriately address the specific needs for digital privacy in the context of flight, or for the conception of privacy-enhancing technologies helping to achieve this.},
    number = {CSCW2},
    journal = {Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing},
    author = {Steinbrink, Enno and Reichert, Lilian and Mende, Michelle and Reuter, Christian},
    year = {2021},
    keywords = {Student, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
    }

  • Christian Reuter (2018)
    Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (Erste Auflage)
    Wiesbaden: Springer Vieweg. doi:10.1007/978-3-658-19523-6
    [BibTeX] [Abstract] [Download PDF]

    Dieses Lehr- und Fachbuch gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie Soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety- bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.

    @book{reuter_sicherheitskritische_2018-1,
    address = {Wiesbaden},
    title = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Erste} {Auflage})},
    isbn = {978-3-658-19522-9},
    url = {http://www.springer.com/de/book/9783658195229},
    abstract = {Dieses Lehr- und Fachbuch gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie Soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety- bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian},
    year = {2018},
    doi = {10.1007/978-3-658-19523-6},
    keywords = {HCI, SocialMedia, Projekt-EmerGent, UsableSec, Security, Projekt-KontiKat, Peace, Infrastructure, RSF, AuswahlUsableSec},
    }

  • Christian Reuter, Thomas Ludwig, Volkmar Pipek (2014)
    Ad Hoc Participation in Situation Assessment: Supporting Mobile Collaboration in Emergencies
    ACM Transactions on Computer-Human Interaction (TOCHI) ;21(5):1–26. doi:10.1145/2651365
    [BibTeX] [Abstract] [Download PDF]

    Emergencies are characterized by high complexity and unpredictability. In order to assess and manage them successfully, improvisation work and informal communication, even beyond local and organizational boundaries, is needed. Such informal practices can facilitate ad hoc participation of units in situation assessment, but this may lack overall situation awareness. This paper presents a study on how emergent ‘collaboration needs‘ in current work of response teams, who are located on-site and in the control center, could be supported by mobile geo-collaboration systems. First, we present the results of an empirical study about informal work and mobile collaboration practices of emergency services. Then we describe the concept of a mobile geo-collaboration system that addresses the aspects detected in the empirical study and that was implemented as an Android application using web sockets, a technology enabling full-duplex ad hoc communication. Finally we outline the findings of its evaluation in practice and its implications.

    @article{reuter_ad_2014,
    title = {Ad {Hoc} {Participation} in {Situation} {Assessment}: {Supporting} {Mobile} {Collaboration} in {Emergencies}},
    volume = {21},
    url = {http://www.wineme.uni-siegen.de/paper/2014/2014_reuterludwigpipek_adhocparticipation_tochi.pdf},
    doi = {10.1145/2651365},
    abstract = {Emergencies are characterized by high complexity and unpredictability. In order to assess and manage them successfully, improvisation work and informal communication, even beyond local and organizational boundaries, is needed. Such informal practices can facilitate ad hoc participation of units in situation assessment, but this may lack overall situation awareness. This paper presents a study on how emergent ‘collaboration needs' in current work of response teams, who are located on-site and in the control center, could be supported by mobile geo-collaboration systems. First, we present the results of an empirical study about informal work and mobile collaboration practices of emergency services. Then we describe the concept of a mobile geo-collaboration system that addresses the aspects detected in the empirical study and that was implemented as an Android application using web sockets, a technology enabling full-duplex ad hoc communication. Finally we outline the findings of its evaluation in practice and its implications.},
    number = {5},
    journal = {ACM Transactions on Computer-Human Interaction (TOCHI)},
    author = {Reuter, Christian and Ludwig, Thomas and Pipek, Volkmar},
    month = nov,
    year = {2014},
    note = {Publisher: ACM},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, Selected, UsableSec, A-Paper, Ranking-CORE-A*, Ranking-ImpactFactor, Ranking-VHB-B, Ranking-WKWI-A, AuswahlUsableSec},
    pages = {1--26},
    }

  • Christian Reuter (2014)
    Emergent Collaboration Infrastructures: Technology Design for Inter-Organizational Crisis Management (Ph.D. Thesis)
    University of Siegen, Institute for Information Systems, Germany: Springer Gabler. doi:10.1007/978-3-658-08586-5
    [BibTeX] [Abstract] [Download PDF]

    Using the domain of crisis management, Christian Reuter explores challenges and opportunities for technology design in emergent environments. He therefore empirically analyzes collaborative work in inter-organizational crisis – such as the police, fire departments, energy network operators and citizens – in order to identify collaboration practices that reveal work infrastructure limitations. He also designs, implements and evaluates novel concepts and ICT artifacts towards the support of emergent collaboration. Besides the discovery of potential organizational effects on the ability to deal with emergence he presents methodological implications for technology design.

    @book{reuter_emergent_2014,
    address = {University of Siegen, Institute for Information Systems, Germany},
    title = {Emergent {Collaboration} {Infrastructures}: {Technology} {Design} for {Inter}-{Organizational} {Crisis} {Management} ({Ph}.{D}. {Thesis})},
    isbn = {978-3-658-08585-8},
    url = {http://www.springer.com/springer+gabler/bwl/wirtschaftsinformatik/book/978-3-658-08585-8},
    abstract = {Using the domain of crisis management, Christian Reuter explores challenges and opportunities for technology design in emergent environments. He therefore empirically analyzes collaborative work in inter-organizational crisis – such as the police, fire departments, energy network operators and citizens – in order to identify collaboration practices that reveal work infrastructure limitations. He also designs, implements and evaluates novel concepts and ICT artifacts towards the support of emergent collaboration. Besides the discovery of potential organizational effects on the ability to deal with emergence he presents methodological implications for technology design.},
    publisher = {Springer Gabler},
    author = {Reuter, Christian},
    year = {2014},
    doi = {10.1007/978-3-658-08586-5},
    note = {Backup Publisher: University of Siegen},
    keywords = {HCI, Projekt-InfoStrom, Selected, SocialMedia, Projekt-EmerGent, UsableSec, Infrastructure, AuswahlUsableSec, Dissertation},
    }

    Alle Publikationen

    2024

  • Franz Kuntke, Marc-André Kaufhold, Sebastian Linsner, Christian Reuter (2024)
    GeoBox: Design and Evaluation of a Tool for Resilient and Decentralized Data Management in Agriculture
    Behaviour & Information Technology (BIT) ;43(4):764–786. doi:10.1080/0144929X.2023.2185747
    [BibTeX] [Abstract] [Download PDF]

    Farm Management Information Systems (FMIS) are an important core component of modern farming companies as they allow, e.g., to document activities, create fertilization plans, and feed digital equipment with required data. Since the entire agricultural sector is an essential component of food production, high standards of resilience should be established in the involved companies. Accordingly, the used software should also be designed with high standards on reliability and crisis capability. Based on a literature review, we found that software for farmers with certain resilience needs is lacking. Thus, we designed and evaluated a new FMIS concept with the user-centered design method. By conducting focus groups (two rounds, total N=57) in 2017 and 2019, we raised specific front-end and back-end requirements of farmers. Based on the requirements, we developed our concept for both front- and back-end in terms of a decentralized and offline-working FMIS. Through the evaluation with practitioners (N=16) of the implemented concept, we derived findings and implications, highlighting the need for privacy, stability, and offline-capability, as well as the UI-requirement to be supportive, e.g., with easy to understand icons and terms.

    @article{kuntke_geobox_2024,
    title = {{GeoBox}: {Design} and {Evaluation} of a {Tool} for {Resilient} and {Decentralized} {Data} {Management} in {Agriculture}},
    volume = {43},
    issn = {0144-929X},
    url = {https://peasec.de/paper/2023/2023_KuntkeKaufholdLinsnerReuter_GeoBox_BIT.pdf},
    doi = {10.1080/0144929X.2023.2185747},
    abstract = {Farm Management Information Systems (FMIS) are an important core component of modern farming companies as they allow, e.g., to document activities, create fertilization plans, and feed digital equipment with required data. Since the entire agricultural sector is an essential component of food production, high standards of resilience should be established in the involved companies. Accordingly, the used software should also be designed with high standards on reliability and crisis capability. Based on a literature review, we found that software for farmers with certain resilience needs is lacking. Thus, we designed and evaluated a new FMIS concept with the user-centered design method. By conducting focus groups (two rounds, total N=57) in 2017 and 2019, we raised specific front-end and back-end requirements of farmers. Based on the requirements, we developed our concept for both front- and back-end in terms of a decentralized and offline-working FMIS. Through the evaluation with practitioners (N=16) of the implemented concept, we derived findings and implications, highlighting the need for privacy, stability, and offline-capability, as well as the UI-requirement to be supportive, e.g., with easy to understand icons and terms.},
    number = {4},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Kuntke, Franz and Kaufhold, Marc-André and Linsner, Sebastian and Reuter, Christian},
    month = mar,
    year = {2024},
    note = {Publisher: Taylor \& Francis},
    keywords = {UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, AuswahlUsableSec, Projekt-GeoBox, Projekt-AgriRegio},
    pages = {764--786},
    }

  • Tom Biselli, Laura Utz, Christian Reuter (2024)
    Supporting Informed Choices about Browser Cookies: The Impact of Personalised Cookie Banners
    Proceedings on Privacy Enhancing Technologies (PoPETs) (1):171–191. doi:https://doi.org/10.56553/popets-2024-0011
    [BibTeX] [Abstract] [Download PDF]

    Browser cookies, especially those from third parties, pose a threat to individual privacy. While it is possible in principle to control the number of cookies accepted, this choice is often neither usable nor truly informed. To address this issue, this study used semi-structured interviews (N=19) to identify attitudes and user requirements to develop an alternative personalised cookie banner, which was evaluated in an online experiment (N=157). The cookie banner explanations were tailored to the privacy knowledge of three groups of users: low, medium and high. The online experiment measured cookie choices and perceived usability of the cookie banner across three groups: an experimental group that viewed the novel cookie banner with personalisation (personalised privacy assistant), a control group that viewed the novel cookie banner without personalisation (privacy assistant) and a control group that viewed the standard cookie banner provided by the website. The results indicate that the novel cookie banner (with or without personalisation) generally resulted in significantly fewer accepted cookies and increased usability compared to the standard cookie window. In addition, the personalised cookie banner resulted in significantly fewer accepted cookies and higher usability than the non-personalised cookie banner. These results suggest that tailoring cookie banners to users‘ privacy knowledge can be an effective approach to empowering users to make informed choices and better protect their privacy.

    @article{biselli_supporting_2024,
    title = {Supporting {Informed} {Choices} about {Browser} {Cookies}: {The} {Impact} of {Personalised} {Cookie} {Banners}},
    url = {https://petsymposium.org/popets/2024/popets-2024-0011.pdf},
    doi = {https://doi.org/10.56553/popets-2024-0011},
    abstract = {Browser cookies, especially those from third parties, pose a threat to individual privacy. While it is possible in principle to control the number of cookies accepted, this choice is often neither usable nor truly informed. To address this issue, this study used semi-structured interviews (N=19) to identify attitudes and user requirements to develop an alternative personalised cookie banner, which was evaluated in an online experiment (N=157). The cookie banner explanations were tailored to the privacy knowledge of three groups of users: low, medium and high. The online experiment measured cookie choices and perceived usability of the cookie banner across three groups: an experimental group that viewed the novel cookie banner with personalisation (personalised privacy assistant), a control group that viewed the novel cookie banner without personalisation (privacy assistant) and a control group that viewed the standard cookie banner provided by the website. The results indicate that the novel cookie banner (with or without personalisation) generally resulted in significantly fewer accepted cookies and increased usability compared to the standard cookie window. In addition, the personalised cookie banner resulted in significantly fewer accepted cookies and higher usability than the non-personalised cookie banner. These results suggest that tailoring cookie banners to users' privacy knowledge can be an effective approach to empowering users to make informed choices and better protect their privacy.},
    number = {1},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Utz, Laura and Reuter, Christian},
    year = {2024},
    keywords = {HCI, Selected, Student, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CROSSING, AuswahlUsableSec},
    pages = {171--191},
    }

  • Steffen Haesler, Christian Reuter (2024)
    Moderne Technologien und Resilienz
    In: Andreas H. Karsten, Stefan Voßschmidt, Uwe Becker: Resilienz und Schockereignisse. Kohlhammer.
    [BibTeX]

    @incollection{haesler_moderne_2024,
    title = {Moderne {Technologien} und {Resilienz}},
    booktitle = {Resilienz und {Schockereignisse}},
    publisher = {Kohlhammer},
    author = {Haesler, Steffen and Reuter, Christian},
    editor = {Karsten, Andreas H. and Voßschmidt, Stefan and Becker, Uwe},
    year = {2024},
    keywords = {UsableSec, Security, Projekt-emergenCITY},
    }

  • Franz Kuntke (2024)
    Resilient Smart Farming: Crisis-Capable Information and Communication Technologies for Agriculture
    Wiesbaden, Germany: Springer Vieweg.
    [BibTeX]

    @book{kuntke_resilient_2024,
    address = {Wiesbaden, Germany},
    title = {Resilient {Smart} {Farming}: {Crisis}-{Capable} {Information} and {Communication} {Technologies} for {Agriculture}},
    publisher = {Springer Vieweg},
    author = {Kuntke, Franz},
    year = {2024},
    keywords = {Crisis, HCI, UsableSec, Security, RSF, Projekt-ATHENE-SecUrban, Projekt-emergenCITY, Dissertation},
    }

  • Franz Kuntke (2024)
    Resilient Smart Farming: Crisis-Capable Information and Communication Technologies for Agriculture
    Darmstadt, Germany: Dissertation (Dr.-Ing.), Department of Computer Science, Technische Universität Darmstadt.
    [BibTeX]

    @book{kuntke_resilient_2024-1,
    address = {Darmstadt, Germany},
    title = {Resilient {Smart} {Farming}: {Crisis}-{Capable} {Information} and {Communication} {Technologies} for {Agriculture}},
    publisher = {Dissertation (Dr.-Ing.), Department of Computer Science, Technische Universität Darmstadt},
    author = {Kuntke, Franz},
    year = {2024},
    keywords = {Crisis, HCI, UsableSec, Security, RSF, Dissertation},
    }

  • Katrin Hartwig, Tom Biselli, Franziska Schneider, Christian Reuter (2024)
    From Adolescents‘ Eyes: Assessing an Indicator-Based Intervention to Combat Misinformation on TikTok
    Proceedings of the Conference on Human Factors in Computing Systems (CHI) .
    [BibTeX] [Abstract]

    Misinformation poses a recurrent challenge for video-sharing platforms (VSPs) like TikTok. Obtaining user perspectives on digital interventions addressing the need for transparency (e.g., through indicators) is essential. This article offers a thorough examination of the comprehensibility, usefulness, and limitations of an indicator-based intervention from an adolescents’ perspective. This study (𝑁 = 39; aged 13-16 years) comprised two qualitative steps: (1) focus group discussions and (2) think-aloud sessions, where participants engaged with a smartphone-app for TikTok. The results offer new insights into how video-based indicators can assist adolescents’ assessments. The intervention received positive feedback, especially for its transparency, and could be applicable to new content. This paper sheds light on how adolescents are expected to be experts while also being prone to video-based misinformation, with limited understanding of an intervention’s limitations. By adopting teenagers’ perspectives, we contribute to HCI research and provide new insights into the chances and limitations of interventions for VSPs.

    @inproceedings{hartwig_adolescents_2024,
    series = {{CHI} '24},
    title = {From {Adolescents}' {Eyes}: {Assessing} an {Indicator}-{Based} {Intervention} to {Combat} {Misinformation} on {TikTok}},
    abstract = {Misinformation poses a recurrent challenge for video-sharing platforms (VSPs) like TikTok. Obtaining user perspectives on digital interventions addressing the need for transparency (e.g., through indicators) is essential. This article offers a thorough examination of the comprehensibility, usefulness, and limitations of an indicator-based intervention from an adolescents’ perspective. This study (𝑁 = 39; aged 13-16 years) comprised two qualitative steps: (1) focus group discussions and (2) think-aloud sessions, where participants
    engaged with a smartphone-app for TikTok. The results offer new insights into how video-based indicators can assist adolescents’ assessments. The intervention received positive feedback, especially for its transparency, and could be applicable to new content. This paper sheds light on how adolescents are expected to be experts while also being prone to video-based misinformation, with limited understanding of an intervention’s limitations. By adopting
    teenagers’ perspectives, we contribute to HCI research and provide new insights into the chances and limitations of interventions for VSPs.},
    booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI})},
    publisher = {Association for Computing Machinery},
    author = {Hartwig, Katrin and Biselli, Tom and Schneider, Franziska and Reuter, Christian},
    year = {2024},
    keywords = {AuswahlCrisis, HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A*, Projekt-NEBULA, Projekt-ATHENE-PriVis},
    }

  • Marc-André Kaufhold, Thea Riebe, Markus Bayer, Christian Reuter (2024)
    ‚We Do Not Have the Capacity to Monitor All Media‘: A Design Case Study on Cyber Situational Awareness in Computer Emergency Response Teams
    Proceedings of the Conference on Human Factors in Computing Systems (CHI) .
    [BibTeX] [Abstract]

    Computer Emergency Response Teams (CERTs) have been established in the public sector globally to provide advisory, preventive and reactive cybersecurity services for government agencies, citizens, and businesses. Nevertheless, their responsibility of monitoring, analyzing, and communicating cyber threats and security vulnerabilities have become increasingly challenging due to the growing volume and varying quality of information disseminated through public and social channels. Based on a design case study conducted from 2021 to 2023, this paper combines three iterations of expert interviews (N=25), design workshops (N=4) and cognitive walkthroughs (N=25) to design an automated, cross-platform and real-time cybersecurity dashboard. By adopting the notion of cyber situational awareness, the study further extracts user requirements and design heuristics for enhanced threat intelligence and mission awareness in CERTs, discussing the aspects of source integration, data management, customizable visualization, relationship awareness, information assessment, software integration, (inter-)organizational collaboration, and communication of stakeholder warnings.

    @inproceedings{kaufhold_we_2024,
    series = {{CHI} '24},
    title = {'{We} {Do} {Not} {Have} the {Capacity} to {Monitor} {All} {Media}': {A} {Design} {Case} {Study} on {Cyber} {Situational} {Awareness} in {Computer} {Emergency} {Response} {Teams}},
    abstract = {Computer Emergency Response Teams (CERTs) have been established in the public sector globally to provide advisory, preventive and reactive cybersecurity services for government agencies, citizens, and businesses. Nevertheless, their responsibility of monitoring, analyzing, and communicating cyber threats and security vulnerabilities have become increasingly challenging due to the growing volume and varying quality of information disseminated through public and social channels. Based on a design case study conducted from 2021 to 2023, this paper combines three iterations of expert interviews (N=25), design workshops (N=4) and cognitive walkthroughs (N=25) to design an automated, cross-platform and real-time cybersecurity dashboard. By adopting the notion of cyber situational awareness, the study further extracts user requirements and design heuristics for enhanced threat intelligence and mission awareness in CERTs, discussing the aspects of source integration, data management, customizable visualization, relationship awareness, information assessment, software integration, (inter-)organizational collaboration, and communication of stakeholder warnings.},
    booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI})},
    publisher = {Association for Computing Machinery},
    author = {Kaufhold, Marc-André and Riebe, Thea and Bayer, Markus and Reuter, Christian},
    year = {2024},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A*, Projekt-CYWARN, AuswahlUsableSec, AuswahlKaufhold, Projekt-CYLENCE, Projekt-ATHENE-CyAware},
    }

  • Daniel Eberz-Eder, Franz Kuntke, Christian Reuter, Ansgar Bernardi, Ahmad Kadi, Gerwin Brill, Daniel Martini, Benno Kleinhenz (2024)
    Hybrid Cloud Infrastrukturen – Edge Computng und KI-basierte Anwendungen in der Landwirtschaft für resiliente und effektive Produktions- und Biodiversitätsmaßnahmen
    44. GIL-Jahrestagung: Informatik in der Land-, Forst- und Ernährungswirtschaft .
    [BibTeX] [Abstract]

    Mobile Erhebung semantisch modellierter Daten und deren Auswertung im Feld durch Hybrid Cloud Computing sind Grundlage des Resilienten Smart Farmings im Projekt GeoBox. Eine skalierbare Architektur und semantische Datenmodellierung ermöglichen Management betrieblicher Software-Container, flexible Anpassung an neue Aufgaben, und die Realisierung einfach nutzbarer externer Services, vorgestellt am Beispiel eines Resistenz-Beratungs-Chatbots und von Blühstreifen als Biodiversitätsmaßnahme.

    @inproceedings{eberz-eder_hybrid_2024,
    title = {Hybrid {Cloud} {Infrastrukturen} - {Edge} {Computng} und {KI}-basierte {Anwendungen} in der {Landwirtschaft} für resiliente und effektive {Produktions}- und {Biodiversitätsmaßnahmen}},
    abstract = {Mobile Erhebung semantisch modellierter Daten und deren Auswertung im Feld durch Hybrid Cloud Computing sind Grundlage des Resilienten Smart Farmings im Projekt GeoBox. Eine skalierbare Architektur und semantische Datenmodellierung ermöglichen Management betrieblicher Software-Container, flexible Anpassung an neue Aufgaben, und die Realisierung einfach nutzbarer externer Services, vorgestellt am Beispiel eines Resistenz-Beratungs-Chatbots und von Blühstreifen als Biodiversitätsmaßnahme.},
    booktitle = {44. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
    publisher = {Gesellschaft für Informatik},
    author = {Eberz-Eder, Daniel and Kuntke, Franz and Reuter, Christian and Bernardi, Ansgar and Kadi, Ahmad and Brill, Gerwin and Martini, Daniel and Kleinhenz, Benno},
    year = {2024},
    keywords = {UsableSec, Security, RSF, Projekt-GeoBox, Projekt-AgriRegio},
    }

  • Katrin Hartwig, Ruslan Sandler, Christian Reuter (2024)
    Navigating Misinformation in Voice Messages: Identification of User-Centered Features for Digital Interventions
    Risk, Hazards, & Crisis in Public Policy .
    [BibTeX] [Abstract]

    Misinformation presents a challenge to democracies, particularly in times of crisis. One way in which misinformation is spread is through voice messages sent via messenger groups, which enable members to share information on a larger scale. Gaining user perspectives on digital misinformation interventions as countermeasure after detection is crucial. In this paper, we extract potential features of misinformation in voice messages from literature, implement them within a program that automatically processes voice messages, and evaluate their perceived usefulness and comprehensibility as user-centered indicators.We propose 35 features extracted from audio files at the character, word, sentence, audio and creator levels to assist (1) private individuals in conducting credibility assessments, (2) government agencies faced with data overload during crises, and (3) researchers seeking to gather features for automatic detection approaches. We conducted a think-aloud study with laypersons (N = 20) to provide initial insight into how individuals autonomously assess the credibility of voice messages, as well as which automatically extracted features they find to be clear and convincing indicators of misinformation. Our study provides qualitative and quantitative insights into valuable indicators, particularly when they relate directly to the content or its creator, and uncovers challenges in user interface design.

    @article{hartwig_navigating_2024,
    title = {Navigating {Misinformation} in {Voice} {Messages}: {Identification} of {User}-{Centered} {Features} for {Digital} {Interventions}},
    abstract = {Misinformation presents a challenge to democracies, particularly in times of crisis. One way in which misinformation is spread is through voice messages sent via messenger groups, which enable members to share information on a larger scale. Gaining user perspectives on digital misinformation interventions as countermeasure after detection is crucial. In this paper, we extract potential features of misinformation in voice messages from literature, implement them within a program that automatically processes voice messages, and evaluate their perceived usefulness and comprehensibility as user-centered indicators.We propose 35 features extracted from audio files at the character, word, sentence, audio and creator levels to assist (1) private individuals in conducting credibility assessments, (2) government agencies faced with data overload during crises, and (3) researchers seeking to gather features for automatic detection approaches. We conducted a think-aloud study with laypersons (N = 20) to provide initial insight into how individuals autonomously assess the credibility of voice messages, as well as which automatically extracted features they find to be clear and convincing indicators of misinformation. Our study provides qualitative and quantitative insights into valuable indicators, particularly when they relate directly to the content or its creator, and uncovers challenges in user interface design.},
    journal = {Risk, Hazards, \& Crisis in Public Policy},
    author = {Hartwig, Katrin and Sandler, Ruslan and Reuter, Christian},
    year = {2024},
    keywords = {Crisis, HCI, SocialMedia, Student, UsableSec, A-Paper, Ranking-ImpactFactor, Cyberwar, Projekt-NEBULA},
    }

  • Markus Bayer, Philipp Kuehn, Ramin Shanehsaz, Christian Reuter (2024)
    CySecBERT: A Domain-Adapted Language Model for the Cybersecurity Domain
    ACM Transactions on Privacy and Security .
    [BibTeX] [Abstract]

    The field of cybersecurity is evolving fast. Security professionals are in need of intelligence on past, current and – ideally – on upcoming threats, because attacks are becoming more advanced and are increasingly targeting larger and more complex systems. Since the processing and analysis of such large amounts of information cannot be addressed manually, cybersecurity experts rely on machine learning techniques. In the textual domain, pre-trained language models like BERT have proven to be helpful as they provide a good baseline for further fine-tuning. However, due to the domain-knowledge and the many technical terms in cybersecurity, general language models might miss the gist of textual information. For this reason, we create a high-quality dataset and present a language model specifically tailored to the cybersecurity domain which can serve as a basic building block for cybersecurity systems. The model is compared on 15 tasks: Domain-dependent extrinsic tasks for measuring the performance on specific problems, intrinsic tasks for measuring the performance of the internal representations of the model as well as general tasks from the SuperGLUE benchmark. The results of the intrinsic tasks show that our model improves the internal representation space of domain words compared to the other models. The extrinsic, domain-dependent tasks, consisting of sequence tagging and classification, show that the model performs best in cybersecurity scenarios. In addition, we pay special attention to the choice of hyperparameters against catastrophic forgetting, as pre-trained models tend to forget the original knowledge during further training.

    @article{bayer_cysecbert_2024,
    title = {{CySecBERT}: {A} {Domain}-{Adapted} {Language} {Model} for the {Cybersecurity} {Domain}},
    abstract = {The field of cybersecurity is evolving fast. Security professionals are in need of intelligence on past, current and - ideally - on upcoming threats, because attacks are becoming more advanced and are increasingly targeting larger and more complex systems. Since the processing and analysis of such large amounts of information cannot be addressed manually, cybersecurity experts rely on machine learning techniques. In the textual domain, pre-trained language models like BERT have proven to be helpful as they provide a good baseline for further fine-tuning. However, due to the domain-knowledge and the many technical terms in cybersecurity, general language models might miss the gist of textual information. For this reason, we create a high-quality dataset and present a language model specifically tailored to the cybersecurity domain which can serve as a basic building block for cybersecurity systems. The model is compared on 15 tasks: Domain-dependent extrinsic tasks for measuring the performance on specific problems, intrinsic tasks for measuring the performance of the internal representations of the model as well as general tasks from the SuperGLUE benchmark. The results of the intrinsic tasks show that our model improves the internal representation space of domain words compared to the other models. The extrinsic, domain-dependent tasks, consisting of sequence tagging and classification, show that the model performs best in cybersecurity scenarios. In addition, we pay special attention to the choice of hyperparameters against catastrophic forgetting, as pre-trained models tend to forget the original knowledge during further training.},
    journal = {ACM Transactions on Privacy and Security},
    author = {Bayer, Markus and Kuehn, Philipp and Shanehsaz, Ramin and Reuter, Christian},
    year = {2024},
    keywords = {Projekt-ATHENE-CyAware, Projekt-CYLENCE, Projekt-CYWARN, Ranking-CORE-A, Ranking-ImpactFactor, Security, Student, UsableSec},
    }

    2023

  • Daniel Eberz-Eder, Franz Kuntke, Gerwin Brill, Ansgar Bernardi, Christian Wied, Philippe Nuderscher, Christian Reuter (2023)
    Prototypische Entwicklungen zur Umsetzung des Resilient Smart Farming (RSF) mittels Edge Computing
    43. GIL-Jahrestagung: Informatik in der Land-, Forst- und Ernährungswirtschaft .
    [BibTeX] [Abstract] [Download PDF]

    Landwirtschaft als essenzieller Teil der Nahrungsmittelproduktion gehört zu den kritischen Infrastrukturen (KRITIS). Dementsprechend müssen die eingesetzten Systeme für einen widerstandsfähigen Betrieb ausgelegt sein. Dies gilt auch für die auf landwirtschaftlichen Betrieben eingesetzte Software, die Sicherheits- und Resilienzkriterien genügen muss. Jedoch ist die Zunahme an Software zu beobachten, welche eine permanente Internetkonnektivität erfordert, d. h. eine stabile Verbindung zu Servern oder Cloud-Applikationen ist für deren Funktionsweise erforderlich. Dies stellt eine erhebliche Schwachstelle hinsichtlich der Resilienz dar und kann bei Ausfällen der Telekommunikationsinfrastruktur zu großen Problemen führen. Mit Entwicklungen aus dem Bereich Resilient Smart Farming (RSF) zeigen wir, wie Datenhaltung nach dem Offline-First-Prinzip gestaltet werden kann. Ein zentraler Bestandteil hierbei ist das Resilient Edge Computing (REC) und die entwickelte HofBox: ein Mini-Server, der das Datenmanagement im Betrieb übernimmt und mittels innovativer Open-Source basierender Container-Technologie (Open Horizon) umsetzt. Dadurch werden in Zukunft weitere Anwendungsfälle innerhalb der landwirtschaftlichen Produktions- und Wertschöpfungskette durch Public-Private-Partnership-Modelle realistisch und realisierbar.

    @inproceedings{eberz-eder_prototypische_2023,
    title = {Prototypische {Entwicklungen} zur {Umsetzung} des {Resilient} {Smart} {Farming} ({RSF}) mittels {Edge} {Computing}},
    url = {https://dl.gi.de/handle/20.500.12116/40264},
    abstract = {Landwirtschaft als essenzieller Teil der Nahrungsmittelproduktion gehört zu den kritischen Infrastrukturen (KRITIS). Dementsprechend müssen die eingesetzten Systeme für einen widerstandsfähigen Betrieb ausgelegt sein. Dies gilt auch für die auf landwirtschaftlichen Betrieben eingesetzte Software, die Sicherheits- und Resilienzkriterien genügen muss. Jedoch ist die Zunahme an Software zu beobachten, welche eine permanente Internetkonnektivität erfordert, d. h. eine stabile Verbindung zu Servern oder Cloud-Applikationen ist für deren Funktionsweise erforderlich. Dies stellt eine erhebliche Schwachstelle hinsichtlich der Resilienz dar und kann bei Ausfällen der Telekommunikationsinfrastruktur zu großen Problemen führen. Mit Entwicklungen aus dem Bereich Resilient Smart Farming (RSF) zeigen wir, wie Datenhaltung nach dem Offline-First-Prinzip gestaltet werden kann. Ein zentraler Bestandteil hierbei ist das Resilient Edge Computing (REC) und die entwickelte HofBox: ein Mini-Server, der das Datenmanagement im Betrieb übernimmt und mittels innovativer Open-Source basierender Container-Technologie (Open Horizon) umsetzt. Dadurch werden in Zukunft weitere Anwendungsfälle innerhalb der landwirtschaftlichen Produktions- und Wertschöpfungskette durch Public-Private-Partnership-Modelle realistisch und realisierbar.},
    booktitle = {43. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
    publisher = {Gesellschaft für Informatik},
    author = {Eberz-Eder, Daniel and Kuntke, Franz and Brill, Gerwin and Bernardi, Ansgar and Wied, Christian and Nuderscher, Philippe and Reuter, Christian},
    year = {2023},
    keywords = {UsableSec, Security, RSF, Projekt-GeoBox, Projekt-AgriRegio},
    pages = {309--314},
    }

  • Sebastian Surminski, Christian Niesler, Sebastian Linsner, Lucas Davi, Christian Reuter (2023)
    SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand
    Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy New York, NY, USA. doi:10.1145/3577923.3583652
    [BibTeX] [Abstract] [Download PDF]

    From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of toolname against a variety of attacks and its usability based on a user study with 20 participants.

    @inproceedings{surminski_scatt-man_2023,
    address = {New York, NY, USA},
    series = {{CODASPY} '23},
    title = {{SCAtt}-man: {Side}-{Channel}-{Based} {Remote} {Attestation} for {Embedded} {Devices} that {Users} {Understand}},
    isbn = {9798400700675},
    url = {https://doi.org/10.1145/3577923.3583652},
    doi = {10.1145/3577923.3583652},
    abstract = {From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of toolname against a variety of attacks and its usability based on a user study with 20 participants.},
    booktitle = {Proceedings of the {Thirteenth} {ACM} {Conference} on {Data} and {Application} {Security} and {Privacy}},
    publisher = {Association for Computing Machinery},
    author = {Surminski, Sebastian and Niesler, Christian and Linsner, Sebastian and Davi, Lucas and Reuter, Christian},
    year = {2023},
    keywords = {HCI, UsableSec, Security, Ranking-CORE-B, Projekt-CROSSING},
    pages = {225--236},
    }

  • Jasmin Haunschild, Leon Jung, Christian Reuter (2023)
    Dual-use in volunteer operations? Attitudes of computer science students regarding the establishment of a cyber security volunteer force
    In: Gerber Nina, Zimmermann Verena: International Symposium on Technikpsychologie (TecPsy). Sciendo, , 66–81.
    [BibTeX] [Abstract] [Download PDF]

    The digitalisation of critical infrastructure has increased the risk of large-scale cyber incidents. In contrast to the management of conventional emergencies by established civil protection organisations involving volunteers in Germany, few response capacities exist for these events. The concept of a volunteer force for cyber security could close this protection gap. However, such involvement also poses practical and ethical challenges. By conducting interviews with computer science students (N = 11), this paper analyses potential volunteers’ attitudes towards ethical implications of a cyber volunteer force, as well as practical aspects that might motivate or hinder their participation. A qualitative content analysis reveals that students are largely unaware of potential dilemmas connected to vulnerabilities handling and national cybersecurity interests. Ethical guidelines and means of motivating and encouraging potential volunteers are discussed.

    @incollection{haunschild_dual-use_2023,
    title = {Dual-use in volunteer operations? {Attitudes} of computer science students regarding the establishment of a cyber security volunteer force},
    isbn = {978-83-66675-89-6},
    url = {https://sciendo.com/chapter/9788366675896/10.2478/9788366675896-006},
    abstract = {The digitalisation of critical infrastructure has increased the risk of large-scale cyber incidents. In contrast to the management of conventional emergencies by established civil protection organisations involving volunteers in Germany, few response capacities exist for these events. The concept of a volunteer force for cyber security could close this protection gap. However, such involvement also poses practical and ethical challenges. By conducting interviews with computer science students (N = 11), this paper analyses potential volunteers’ attitudes towards ethical implications of a cyber volunteer force, as well as practical aspects that might motivate or hinder their participation. A qualitative
    content analysis reveals that students are largely unaware of potential dilemmas connected to vulnerabilities handling and national cybersecurity interests. Ethical guidelines and means of motivating and encouraging potential volunteers
    are discussed.},
    booktitle = {International {Symposium} on {Technikpsychologie} ({TecPsy})},
    publisher = {Sciendo},
    author = {Haunschild, Jasmin and Jung, Leon and Reuter, Christian},
    editor = {Nina, Gerber and Verena, Zimmermann},
    year = {2023},
    keywords = {Crisis, Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
    pages = {66--81},
    }

  • Thea Riebe, Julian Bäumler, Marc-André Kaufhold, Christian Reuter (2023)
    Values and Value Conflicts in the Context of OSINT Technologies for Cybersecurity Incident Response: A Value Sensitive Design Perspective
    Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW) . doi:10.1007/s10606-022-09453-4
    [BibTeX] [Abstract] [Download PDF]

    The negotiation of stakeholder values as a collaborative process throughout technology development has been studied extensively within the fields of Computer Supported Cooperative Work and Human-Computer Interaction. Despite their increasing significance for cybersecurity incident response, there is a gap in research on values of importance to the design of open-source intelligence (OSINT) technologies for this purpose. In this paper, we investigate which values and value conflicts emerge due to the application and development of machine learning (ML) based OSINT technologies to assist cyber security incident response operators. For this purpose, we employ a triangulation of methods, consisting of a systematic survey of the technical literature on the development of OSINT artefacts for cybersecurity (N = 73) and an empirical value sensitive design case study, comprising semi-structured interviews with stakeholders (N = 9) as well as a focus group (N = 7) with developers. Based on our results, we identify implications relevant to the research on and design of OSINT artefacts for cybersecurity incident response.

    @article{riebe_values_2023,
    title = {Values and {Value} {Conflicts} in the {Context} of {OSINT} {Technologies} for {Cybersecurity} {Incident} {Response}: {A} {Value} {Sensitive} {Design} {Perspective}},
    url = {https://link.springer.com/article/10.1007/s10606-022-09453-4},
    doi = {10.1007/s10606-022-09453-4},
    abstract = {The negotiation of stakeholder values as a collaborative process throughout technology development has been studied extensively within the fields of Computer Supported Cooperative Work and Human-Computer Interaction. Despite their increasing significance for cybersecurity incident response, there is a gap in research on values of importance to the design of open-source intelligence (OSINT) technologies for this purpose. In this paper, we investigate which values and value conflicts emerge due to the application and development of machine learning (ML) based OSINT technologies to assist cyber security incident response operators. For this purpose, we employ a triangulation of methods, consisting of a systematic survey of the technical literature on the development of OSINT artefacts for cybersecurity (N = 73) and an empirical value sensitive design case study, comprising semi-structured interviews with stakeholders (N = 9) as well as a focus group (N = 7) with developers. Based on our results, we identify implications relevant to the research on and design of OSINT artefacts for cybersecurity incident response.},
    journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
    author = {Riebe, Thea and Bäumler, Julian and Kaufhold, Marc-André and Reuter, Christian},
    year = {2023},
    keywords = {HCI, Student, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-B, Projekt-CROSSING, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Thea Riebe, Tom Biselli, Marc-André Kaufhold, Christian Reuter (2023)
    Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey
    Proceedings on Privacy Enhancing Technologies (PoPETs) (1):477–493. doi:https://doi.org/10.56553/popets-2023-0028
    [BibTeX] [Abstract] [Download PDF]

    The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.

    @article{riebe_privacy_2023,
    title = {Privacy {Concerns} and {Acceptance} {Factors} of {OSINT} for {Cybersecurity}: {A} {Representative} {Survey}},
    url = {https://petsymposium.org/popets/2023/popets-2023-0028.pdf},
    doi = {https://doi.org/10.56553/popets-2023-0028},
    abstract = {The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.},
    number = {1},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Riebe, Thea and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
    year = {2023},
    keywords = {HCI, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CYWARN, Projekt-ATHENE-FANCY, AuswahlUsableSec},
    pages = {477--493},
    }

  • Elise Özalp, Katrin Hartwig, Christian Reuter (2023)
    Trends in Explainable Artificial Intelligence for Non-Experts
    In: Peter Klimczak, Christer Petersen: AI – Limits and Prospects of Artificial Intelligence. Bielefeld: Transcript Verlag, , 223–243.
    [BibTeX] [Abstract] [Download PDF]

    In this paper we provide an overview of XAI by introducing fundamental terminology and the goals of XAI, as well as recent research findings. Whilst doing this, we pay special attention to strategies for non-expert stakeholders. This leads us to our first research question: “What are the trends in explainable AI strategies for non-experts?”. In order to illustrate the current state of these trends, we further want to study an exemplary and very relevant application domain. According to Abdul et al. (2018), one of the first domains where researchers pursued XAI is the medical domain. This leads to our second research question: “What are the approaches of XAI in the medical domain for non-expert stakeholders?” These research questions will provide an overview of current topics in XAI and show possible research extensions for specific domains.

    @incollection{ozalp_trends_2023,
    address = {Bielefeld},
    title = {Trends in {Explainable} {Artificial} {Intelligence} for {Non}-{Experts}},
    url = {https://www.transcript-verlag.de/978-3-8376-5732-6/ai-limits-and-prospects-of-artificial-intelligence/?c=313000019},
    abstract = {In this paper we provide an overview of XAI by introducing fundamental terminology and the goals of XAI, as well as recent research findings. Whilst doing this, we pay special attention to strategies for non-expert stakeholders. This leads us to our first research question: “What are the trends in explainable AI strategies for non-experts?”. In order to illustrate the current state of these trends, we further want to study an exemplary and very relevant application domain. According to Abdul et al. (2018), one of the first domains where researchers pursued XAI is the medical domain. This leads to our second research question: “What are the approaches of XAI in the medical domain for non-expert stakeholders?” These research questions will provide an overview of current topics in XAI and show possible research extensions for specific domains.},
    booktitle = {{AI} - {Limits} and {Prospects} of {Artificial} {Intelligence}},
    publisher = {Transcript Verlag},
    author = {Özalp, Elise and Hartwig, Katrin and Reuter, Christian},
    editor = {Klimczak, Peter and Petersen, Christer},
    year = {2023},
    keywords = {HCI, Student, UsableSec, Projekt-CROSSING, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    pages = {223--243},
    }

  • Enno Steinbrink, Tom Biselli, Sebastian Linsner, Franziska Herbert, Christian Reuter (2023)
    Privacy Perception and Behaviour in Safety-Critical Environments
    In: Nina Gerber, Alina Stöver, Karola Marky: Human Factors in Privacy Research. Cham: Springer International Publishing, , 237–251.
    [BibTeX] [Abstract] [Download PDF]

    When considering privacy, context, and environmental circumstances can have a strong influence on individual decisions and user behavior. Especially in crises or threatening situations, privacy may conflict with other values, such as personal safety and health. In other cases, personal or public safety can also be dependent on privacy: the context of flight shows how, for those affected, the value of data protection can increase as a result of an increased threat situation. Thus, when individual sovereignty—the autonomous development of one’s own will—or safety is highly dependent on information flows, people tend to be more protective of their privacy in order to maintain their information sovereignty. But also, the context of agriculture, as part of the critical infrastructure, shows how privacy concerns can affect the adoption of digital tools. With these two examples, flight and migration as well as agriculture, this chapter presents some exemplary results that illustrate the importance of the influence of situational factors on perceived information sovereignty and the evaluation of privacy.

    @incollection{steinbrink_privacy_2023,
    address = {Cham},
    title = {Privacy {Perception} and {Behaviour} in {Safety}-{Critical} {Environments}},
    isbn = {978-3-031-28643-8},
    url = {https://doi.org/10.1007/978-3-031-28643-8_12},
    abstract = {When considering privacy, context, and environmental circumstances can have a strong influence on individual decisions and user behavior. Especially in crises or threatening situations, privacy may conflict with other values, such as personal safety and health. In other cases, personal or public safety can also be dependent on privacy: the context of flight shows how, for those affected, the value of data protection can increase as a result of an increased threat situation. Thus, when individual sovereignty—the autonomous development of one’s own will—or safety is highly dependent on information flows, people tend to be more protective of their privacy in order to maintain their information sovereignty. But also, the context of agriculture, as part of the critical infrastructure, shows how privacy concerns can affect the adoption of digital tools. With these two examples, flight and migration as well as agriculture, this chapter presents some exemplary results that illustrate the importance of the influence of situational factors on perceived information sovereignty and the evaluation of privacy.},
    booktitle = {Human {Factors} in {Privacy} {Research}},
    publisher = {Springer International Publishing},
    author = {Steinbrink, Enno and Biselli, Tom and Linsner, Sebastian and Herbert, Franziska and Reuter, Christian},
    editor = {Gerber, Nina and Stöver, Alina and Marky, Karola},
    year = {2023},
    keywords = {HCI, UsableSec, Security, Projekt-CROSSING, Projekt-ATHENE-FANCY, Projekt-GRKPrivacy},
    pages = {237--251},
    }

  • Leon Würsching, Florentin Putz, Steffen Haesler, Matthias Hollick (2023)
    FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones
    Proceedings of the Conference on Human Factors in Computing Systems (CHI) (Best Paper Award) New York, NY, USA. doi:10.1145/3544548.3580993
    [BibTeX] [Abstract] [Download PDF]

    Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.

    @inproceedings{wursching_fido2_2023,
    address = {New York, NY, USA},
    series = {{CHI} '23},
    title = {{FIDO2} the {Rescue}? {Platform} vs. {Roaming} {Authentication} on {Smartphones}},
    url = {https://peasec.de/paper/2023/2023_WuerschingPutzHaeslerHollick_PlatformvsRoamingAuthenticationonSmartphones_CHI.pdf},
    doi = {10.1145/3544548.3580993},
    abstract = {Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.},
    booktitle = {Proceedings of the {Conference} on {Human} {Factors} in {Computing} {Systems} ({CHI}) ({Best} {Paper} {Award})},
    publisher = {Association for Computing Machinery},
    author = {Würsching, Leon and Putz, Florentin and Haesler, Steffen and Hollick, Matthias},
    year = {2023},
    note = {event-place: Hamburg, HH, Germany},
    keywords = {HCI, UsableSec, Security, A-Paper, Ranking-CORE-A*, AuswahlUsableSec, Projekt-emergenCITY},
    }

  • Marc-André Kaufhold, Tilo Mentler, Simon Nestler, Christian Reuter (2023)
    10. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen
    Mensch und Computer – Workshopband Rapperswil, Switzerland. doi:10.18420/muc2023-mci-ws01-102
    [BibTeX] [Abstract] [Download PDF]

    Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.

    @inproceedings{kaufhold_10_2023,
    address = {Rapperswil, Switzerland},
    title = {10. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
    url = {https://dl.gi.de/items/d907ac5d-4c73-467d-adfc-4bafdb8b4cf0},
    doi = {10.18420/muc2023-mci-ws01-102},
    abstract = {Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.},
    language = {de},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Kaufhold, Marc-André and Mentler, Tilo and Nestler, Simon and Reuter, Christian},
    year = {2023},
    keywords = {HCI, UsableSec, Security},
    }

  • Marc-André Kaufhold, Markus Bayer, Julian Bäumler, Christian Reuter, Stefan Stieglitz, Ali Sercan Basyurt, Milad Mirabaie, Christoph Fuchß, Kaan Eyilmez (2023)
    CYLENCE: Strategies and Tools for Cross-Media Reporting, Detection, and Treatment of Cyberbullying and Hatespeech in Law Enforcement Agencies
    Mensch und Computer – Workshopband Rapperswil, Switzerland. doi:10.18420/muc2023-mci-ws01-211
    [BibTeX] [Abstract] [Download PDF]

    Despite the merits of public and social media in private and professional spaces, citizens and professionals are increasingly exposed to cyberabuse, such as cyberbullying and hate speech. Thus, Law Enforcement Agencies (LEA) are deployed in many countries and organisations to enhance the preventive and reactive capabilities against cyberabuse. However, their tasks are getting more complex by the increasing amount and varying quality of information disseminated into public channels. Adopting the perspectives of Crisis Informatics and safety-critical Human-Computer Interaction (HCI) and based on both a narrative literature review and group discussions, this paper first outlines the research agenda of the CYLENCE project, which seeks to design strategies and tools for cross-media reporting, detection, and treatment of cyberbullying and hatespeech in investigative and law enforcement agencies. Second, it identifies and elaborates seven research challenges with regard to the monitoring, analysis and communication of cyberabuse in LEAs, which serve as a starting point for in-depth research within the project.

    @inproceedings{kaufhold_cylence_2023,
    address = {Rapperswil, Switzerland},
    title = {{CYLENCE}: {Strategies} and {Tools} for {Cross}-{Media} {Reporting}, {Detection}, and {Treatment} of {Cyberbullying} and {Hatespeech} in {Law} {Enforcement} {Agencies}},
    url = {https://dl.gi.de/items/0e0efe8f-64bf-400c-85f7-02b65f83189d},
    doi = {10.18420/muc2023-mci-ws01-211},
    abstract = {Despite the merits of public and social media in private and professional spaces, citizens and professionals are increasingly exposed to cyberabuse, such as cyberbullying and hate speech. Thus, Law Enforcement Agencies (LEA) are deployed in many countries and organisations to enhance the preventive and reactive capabilities against cyberabuse. However, their tasks are getting more complex by the increasing amount and varying quality of information disseminated into public channels. Adopting the perspectives of Crisis Informatics and safety-critical Human-Computer Interaction (HCI) and based on both a narrative literature review and group discussions, this paper first outlines the research agenda of the CYLENCE project, which seeks to design strategies and tools for cross-media reporting, detection, and treatment of cyberbullying and hatespeech in investigative and law enforcement agencies. Second, it identifies and elaborates seven research challenges with regard to the monitoring, analysis and communication of cyberabuse in LEAs, which serve as a starting point for in-depth research within the project.},
    language = {de},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Kaufhold, Marc-André and Bayer, Markus and Bäumler, Julian and Reuter, Christian and Stieglitz, Stefan and Basyurt, Ali Sercan and Mirabaie, Milad and Fuchß, Christoph and Eyilmez, Kaan},
    year = {2023},
    keywords = {HCI, UsableSec, Projekt-CYLENCE},
    }

  • Philipp Kuehn, David N. Relke, Christian Reuter (2023)
    Common vulnerability scoring system prediction based on open source intelligence information sources
    Computers & Security . doi:10.1016/j.cose.2023.103286
    [BibTeX] [Abstract] [Download PDF]

    The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a ()cvss vector and score. This assessment is time consuming and requires expertise. Various works already try to predict vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster assessment. However, for this purpose, previous works only use the texts available in databases such as nvd. With this work, the publicly available web pages referenced in the nvd are analyzed and made available as sources of texts through web scraping. A dl based method for predicting the vector is implemented and evaluated. The present work provides a classification of the nvd’s reference texts based on the suitability and crawlability of their texts. While we identified the overall influence of the additional texts is negligible, we outperformed the state-of-the-art with our dl prediction models.

    @article{kuehn_common_2023,
    title = {Common vulnerability scoring system prediction based on open source intelligence information sources},
    url = {https://peasec.de/paper/2023/2023_KuehnRelkeReuter_CommonVulnerabilityScoringSystemOSINT_CompSec.pdf},
    doi = {10.1016/j.cose.2023.103286},
    abstract = {The number of newly published vulnerabilities is constantly increasing. Until now, the information available when a new vulnerability is published is manually assessed by experts using a ()cvss vector and score. This assessment is time consuming and requires expertise. Various works already try to predict vectors or scores using machine learning based on the textual descriptions of the vulnerability to enable faster assessment. However, for this purpose, previous works only use the texts available in databases such as nvd. With this work, the publicly available web pages referenced in the nvd are analyzed and made available as sources of texts through web scraping. A dl based method for predicting the vector is implemented and evaluated. The present work provides a classification of the nvd’s reference texts based on the suitability and crawlability of their texts. While we identified the overall influence of the additional texts is negligible, we outperformed the state-of-the-art with our dl prediction models.},
    journal = {Computers \& Security},
    author = {Kuehn, Philipp and Relke, David N. and Reuter, Christian},
    year = {2023},
    keywords = {Student, UsableSec, Security, Ranking-ImpactFactor, Ranking-CORE-B, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Daniel Schmidt, Franz Kuntke, Maximilian Bauer, Lars Baumgärtner (2023)
    BPoL: A Disruption-Tolerant LoRa Network for Disaster Communication
    IEEE Global Humanitarian Technology Conference (GHTC) . doi:10.1109/GHTC56179.2023.10354717
    [BibTeX] [Abstract] [Download PDF]

    Information and Communication Technology (ICT) is vital for everyday life and especially during times of disaster.Relying on existing infrastructure is problematic as maintenance is expensive, and they can be disrupted in emergency scenarios. Cost is a major factor which limits the technologies that can be used in rural areas or for emergency response, as satellite uplinks or private cellular networks are very expensive and complex. LoRa is commonly used for IoT infrastructure worldwide in the form of LoRaWAN to cover larger distances with low costs. But it can also be used in a Device-to-Device (D2D) mode for direct communication. By combining LoRa with Disruption-tolerant Networking (DTN), we present an affordable and practical solution that can cope with challenging conditions and be used for a large variety of applications. In our evaluation, we show how adaptable our solution is and how it outperforms similar mesh-based applications for disaster communication.

    @inproceedings{schmidt_bpol_2023,
    title = {{BPoL}: {A} {Disruption}-{Tolerant} {LoRa} {Network} for {Disaster} {Communication}},
    url = {https://peasec.de/paper/2023/2023_SchmidtKuntkeBauerBaumgaertner_BPOL_GHTC.pdf},
    doi = {10.1109/GHTC56179.2023.10354717},
    abstract = {Information and Communication Technology (ICT) is vital for everyday life and especially during times of disaster.Relying on existing infrastructure is problematic as maintenance is expensive, and they can be disrupted in emergency scenarios. Cost is a major factor which limits the technologies that can be used in rural areas or for emergency response, as satellite uplinks or private cellular networks are very expensive and complex. LoRa is commonly used for IoT infrastructure worldwide in the form of LoRaWAN to cover larger distances with low costs. But it can also be used in a Device-to-Device (D2D) mode for direct communication. By combining LoRa with Disruption-tolerant Networking (DTN), we present an affordable and practical solution that can cope with challenging conditions and be used for a large variety of applications. In our evaluation, we show how adaptable our solution is and how it outperforms similar mesh-based applications for disaster communication.},
    booktitle = {{IEEE} {Global} {Humanitarian} {Technology} {Conference} ({GHTC})},
    author = {Schmidt, Daniel and Kuntke, Franz and Bauer, Maximilian and Baumgärtner, Lars},
    year = {2023},
    keywords = {UsableSec, Security, Projekt-GeoBox, Projekt-AgriRegio},
    pages = {440--447},
    }

    2022

  • Christian Reuter, Luigi Lo Iacono, Alexander Benlian (2022)
    Special Issue on Usable Security and Privacy with User-Centered Interventions and Transparency Mechanisms – Behaviour & Information Technology (BIT)
    Taylor & Francis.
    [BibTeX] [Download PDF]

    @book{reuter_special_2022,
    title = {Special {Issue} on {Usable} {Security} and {Privacy} with {User}-{Centered} {Interventions} and {Transparency} {Mechanisms} - {Behaviour} \& {Information} {Technology} ({BIT})},
    url = {https://www.tandfonline.com/toc/tbit20/41/10?nav=tocList},
    publisher = {Taylor \& Francis},
    author = {Reuter, Christian and Lo Iacono, Luigi and Benlian, Alexander},
    year = {2022},
    note = {Publication Title: Behaviour \& Information Technology (BIT)},
    keywords = {Crisis, HCI, SocialMedia, UsableSec, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Peace},
    }

  • Christian Reuter, Luigi Lo Iacono, Alexander Benlian (2022)
    A Quarter Century of Usable Security and Privacy Research: Transparency, Tailorability, and the Road Ahead
    Behaviour & Information Technology (BIT) ;41(10):2035–2048. doi:10.1080/0144929X.2022.2080908
    [BibTeX] [Abstract] [Download PDF]

    In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.

    @article{reuter_quarter_2022,
    title = {A {Quarter} {Century} of {Usable} {Security} and {Privacy} {Research}: {Transparency}, {Tailorability}, and the {Road} {Ahead}},
    volume = {41},
    issn = {0144-929X},
    url = {https://www.tandfonline.com/toc/tbit20/41/10},
    doi = {10.1080/0144929X.2022.2080908},
    abstract = {In the last decades, research has shown that both technical solutions and user perceptions are important to improve security and privacy in the digital realm. The field of ‘usable security’ already started to emerge in the mid-90s, primarily focussed on password and email security. Later on, the research field of ”usable security and privacy” evolved and broadened the aim to design concepts and tools to assist users in enhancing their behaviour with regard to both privacy and security. Nevertheless, many user interventions are not as effective as desired. Because of highly diverse usage contexts, leading to different privacy and security requirements and not always to one-size-fits-all approaches, tailorability is necessary to address this issue. Furthermore, transparency is a crucial requirement, as providing comprehensible information may counter reactance towards security interventions. This article first provides a brief history of the research field in its first quarter-century and then highlights research on the transparency and tailorability of user interventions. Based on this, this article then presents six contributions with regard to (1) privacy concerns in times of COVID-19, (2) authentication on mobile devices, (3) GDPR-compliant data management, (4) privacy notices on websites, (5) data disclosure scenarios in agriculture, as well as (6) rights under data protection law and the concrete process should data subjects want to claim those rights. This article concludes with several research directions on user-centred transparency and tailorability.},
    number = {10},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Reuter, Christian and Lo Iacono, Luigi and Benlian, Alexander},
    year = {2022},
    keywords = {Crisis, HCI, SocialMedia, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-SecUrban},
    pages = {2035--2048},
    }

  • Marc-André Kaufhold, Julian Bäumler, Christian Reuter (2022)
    The Implementation of Protective Measures and Communication of Cybersecurity Alerts in Germany – A Representative Survey of the Population
    Mensch und Computer – Workshopband Darmstadt. doi:10.18420/muc2022-mci-ws01-228
    [BibTeX] [Abstract] [Download PDF]

    Despite the merits of digitization in private and professional spaces, critical infrastructures and societies are increasingly exposed to cyberattacks. We conducted a representative survey with German citizens (N=1,093) to examine how they assess the current and future cyber threat situation as well as possible protective measures in cyberspace. Furthermore, we asked what information and channels citizens need to be aware of cyber threats. Our findings indicate that large proportions of the German population feel inadequately informed about cyber threats and tend to only apply enforced security measures by programs (e.g., updates) and services (e.g., two-factor authentication). Furthermore, institutions such as state-level Computer Emergency Response Teams (CERTs) are relatively unknown among the population and respondents showed little confidence in German security authorities to cope with largescale attacks and ultimately protect citizens. Still, our participants prefer to receive cybersecurity information via installed security applications, television channels, or emergency warning apps.

    @inproceedings{kaufhold_implementation_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {The {Implementation} of {Protective} {Measures} and {Communication} of {Cybersecurity} {Alerts} in {Germany} - {A} {Representative} {Survey} of the {Population}},
    url = {https://dl.gi.de/handle/20.500.12116/39061},
    doi = {10.18420/muc2022-mci-ws01-228},
    abstract = {Despite the merits of digitization in private and professional spaces, critical infrastructures and societies are increasingly exposed to cyberattacks. We conducted a representative survey with German citizens (N=1,093) to examine how they assess the current and future cyber threat situation as well as possible protective measures in cyberspace. Furthermore, we asked what information and channels citizens need to be aware of cyber threats. Our findings indicate that large proportions of the German population feel inadequately informed about cyber threats and tend to only apply enforced security measures by programs (e.g., updates) and services (e.g., two-factor authentication). Furthermore, institutions such as state-level Computer Emergency Response Teams (CERTs) are relatively unknown among the population and respondents showed little confidence in German security authorities to cope with largescale attacks and ultimately protect citizens. Still, our participants prefer to receive cybersecurity information via installed security applications, television channels, or emergency warning apps.},
    language = {en},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik},
    author = {Kaufhold, Marc-André and Bäumler, Julian and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Marc-André Kaufhold, Ali Sercan Basyurt, Kaan Eyilmez, Marc Stöttinger, Christian Reuter (2022)
    Cyber Threat Observatory: Design and Evaluation of an Interactive Dashboard for Computer Emergency Response Teams
    Proceedings of the European Conference on Information Systems (ECIS) Timisoara, Romania.
    [BibTeX] [Abstract] [Download PDF]

    Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.

    @inproceedings{kaufhold_cyber_2022,
    address = {Timisoara, Romania},
    title = {Cyber {Threat} {Observatory}: {Design} and {Evaluation} of an {Interactive} {Dashboard} for {Computer} {Emergency} {Response} {Teams}},
    url = {http://www.peasec.de/paper/2022/2022_KaufholdBasyurtEyilmezStoettingerReuter_CyberThreatObservatory_ECIS.pdf},
    abstract = {Besides the merits of increasing digitization and networking, societies are increasling exposed to cyberattacks. In Germany, Computer Emerrgency Response Teams (CERTs) of the public sector operate on federal and state level to provide preventative and reactive information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats is getting more complex by the increasing information quantity disseminated into relevant public channels. Using the lens of design science research, this paper contributes with the design and evaluation of a cross-platform cybersecurity dashboard for CERTs. Based on expert scenario-based walkthroughs in combination with semi-structured interviews (N=12), it discusses six design implications, including the customizability of data sources and filtering of displayed entities, modular integration of additional information sources, interrelation between different information feeds, intelligent algorithms for content assessment and filtering, integration with security software and systems, as well as export, sharing and communication of relevant data.},
    booktitle = {Proceedings of the {European} {Conference} on {Information} {Systems} ({ECIS})},
    author = {Kaufhold, Marc-André and Basyurt, Ali Sercan and Eyilmez, Kaan and Stöttinger, Marc and Reuter, Christian},
    year = {2022},
    keywords = {HCI, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Laura Buhleier, Sebastian Linsner, Enno Steinbrink, Christian Reuter (2022)
    Eine Klassifikation sicherheitskritischer UX-Design-Patterns
    Mensch und Computer – Workshopband Darmstadt. doi:10.18420/muc2022-mci-ws10-275
    [BibTeX] [Abstract] [Download PDF]

    User Experience ist von zunehmender Relevanz für die Entwicklung digitaler Designentscheidungen und hat somit weitgehende Auswirkungen auf das Nutzerverhalten. Dass dies besonders für die Sicherheit und Vertraulichkeit nicht nur von Vorteil sein kann, sondern Nutzer*innen negativ beeinflussen kann, wird in dieser Arbeit ersichtlich. Betrachtetwerden dafür die Themengebiete Anti-Patterns, Grey Patterns und Dark-Patterns. Anti-Patterns bezeichnen wiederkehrende Lösungen für ein Konzept eines User Interfaces, die trotz guter Intention ungewünschte Nebeneffekte oder Konsequenzen haben. Dark-Patterns dagegen stellen Designentscheidungen dar, die durch Täuschung oder Ausnutzung psychischen Drucks versuchen Nutzer*innen zu Handlungen zu verleiten, von denen die Ersteller*innen des Dark-Patterns mehr profitieren als die Anwender* innen. Der Begriff Grey Patterns wird in dieser Arbeit für alle Design Patterns genutzt, die sich nicht direkt zuordnen lassen. Da es bisher kaum vergleichendeWerke und keinen Konsens zu diesen Themengebieten gibt, ist das Ziel dieser Arbeit ein grundlegendes Modell aufzustellen. Dabei wird durch die Untersuchung bestehender Literatur eine zusammenfassende Taxonomie und ein Vorgehen zur Unterscheidung von Anti-Patterns und Dark-Patterns erarbeitet, die als Grundlage für weitere Arbeiten und zur Entwicklung von Gegenmaßnahmen genutzt werden können.

    @inproceedings{buhleier_klassifikation_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {Eine {Klassifikation} sicherheitskritischer {UX}-{Design}-{Patterns}},
    url = {https://dl.gi.de/handle/20.500.12116/39087},
    doi = {10.18420/muc2022-mci-ws10-275},
    abstract = {User Experience ist von zunehmender Relevanz für die Entwicklung digitaler Designentscheidungen und hat somit weitgehende Auswirkungen auf das Nutzerverhalten. Dass dies besonders für die Sicherheit und Vertraulichkeit nicht nur von Vorteil sein kann, sondern Nutzer*innen negativ beeinflussen kann, wird in dieser Arbeit ersichtlich. Betrachtetwerden dafür die Themengebiete Anti-Patterns, Grey Patterns und Dark-Patterns. Anti-Patterns bezeichnen wiederkehrende Lösungen für ein Konzept eines User Interfaces, die trotz guter Intention ungewünschte Nebeneffekte oder Konsequenzen haben. Dark-Patterns dagegen stellen Designentscheidungen dar, die durch Täuschung oder Ausnutzung psychischen Drucks versuchen Nutzer*innen zu Handlungen zu verleiten, von denen die Ersteller*innen des Dark-Patterns mehr profitieren als die Anwender* innen. Der Begriff Grey Patterns wird in dieser Arbeit für alle Design Patterns genutzt, die sich nicht direkt zuordnen lassen. Da es bisher kaum vergleichendeWerke und keinen Konsens zu diesen Themengebieten gibt, ist das Ziel dieser Arbeit ein grundlegendes Modell aufzustellen. Dabei wird durch die Untersuchung bestehender Literatur eine zusammenfassende Taxonomie und ein Vorgehen zur Unterscheidung von Anti-Patterns und Dark-Patterns erarbeitet, die als Grundlage für weitere Arbeiten und zur Entwicklung von Gegenmaßnahmen genutzt werden können.},
    language = {de},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik},
    author = {Buhleier, Laura and Linsner, Sebastian and Steinbrink, Enno and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Student, UsableSec, Security, Projekt-CROSSING, Projekt-GRKPrivacy},
    }

  • Tom Biselli, Enno Steinbrink, Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2022)
    On the Challenges of Developing a Concise Questionnaire to Identify Privacy Personas
    Proceedings on Privacy Enhancing Technologies (PoPETs) (4):645–669. doi:10.56553/popets-2022-0126
    [BibTeX] [Abstract] [Download PDF]

    Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.

    @article{biselli_challenges_2022,
    title = {On the {Challenges} of {Developing} a {Concise} {Questionnaire} to {Identify} {Privacy} {Personas}},
    url = {https://petsymposium.org/2022/files/papers/issue4/popets-2022-0126.pdf},
    doi = {10.56553/popets-2022-0126},
    abstract = {Concise instruments to determine privacy personas – typical privacy-related user groups – are not available at present. Consequently, we aimed to identify them on a privacy knowledge–privacy behavior ratio based on a self-developed instrument. To achieve this, we conducted an item analysis (N = 820) and a confirmatory factor analysis (CFA) (N = 656) of data based on an online study with German participants. Starting with 81 items, we reduced those to an eleven-item questionnaire with the two scales privacy knowledge and privacy behavior. A subsequent cluster analysis (N = 656) revealed three distinct user groups: (1) Fundamentalists scoring high in privacy knowledge and behavior, (2) Pragmatists scoring average in privacy knowledge and behavior and (3) Unconcerned scoring low in privacy knowledge and behavior. In a closer inspection of the questionnaire, the CFAs supported the model with a close global fit based on RMSEA in a training and to a lesser extent in a cross-validation sample. Deficient local fit as well as validity and reliability coefficients well below generally accepted thresholds, however, revealed that the questionnaire in its current form cannot be considered a suitable measurement instrument for determining privacy personas. The results are discussed in terms of related persona conceptualizations, the importance of a methodologically sound investigation of corresponding privacy dimensions and our lessons learned.},
    number = {4},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Biselli, Tom and Steinbrink, Enno and Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
    pages = {645--669},
    }

  • Denis Orlov, Simon Möller, Sven Düfler, Steffen Haesler, Christian Reuter (2022)
    Detecting a Crisis: Comparison of Self-Reported vs. Automated Internet Outage Measuring Methods
    Mensch und Computer – Workshopband Darmstadt. doi:10.18420/muc2022-mci-ws10-321
    [BibTeX] [Abstract] [Download PDF]

    Every day, there are internet disruptions or outages around the world that affect our daily lives. In this paper, we analyzed these events in Germany in recent years and found out how they can be detected, and what impact they have on citizens, especially in crisis situations. For this purpose, we take a look at two different approaches to recording internet outages, namely the self-reporting of citizens and automatic reporting by algorithmic examination of the availability of IP networks. We evaluate the data of six major events with regard to their meaningfulness in quality and quantity. We found that due to the amount of data and the inherent imprecision of the methods used, it is difficult to detect outages through algorithmic examination. But once an event is publicly known by self-reporting, they have advantages to capture the temporal and spatial dimensions of the outage due to its nature of objective measurements. As a result, we propose that users’ crowdsourcing can enhance the detection of outages and should be seen as an important starting point to even begin an analysis with algorithm-based techniques, but it is to ISPs and regulatory authorities to support that.

    @inproceedings{orlov_detecting_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {Detecting a {Crisis}: {Comparison} of {Self}-{Reported} vs. {Automated} {Internet} {Outage} {Measuring} {Methods}},
    url = {https://dl.gi.de/handle/20.500.12116/39089},
    doi = {10.18420/muc2022-mci-ws10-321},
    abstract = {Every day, there are internet disruptions or outages around the world that affect our daily lives. In this paper, we analyzed these events in Germany in recent years and found out how they can be detected, and what impact they have on citizens, especially in crisis situations. For this purpose, we take a look at two different approaches to recording internet outages, namely the self-reporting of citizens and automatic reporting by algorithmic examination of the availability of IP networks. We evaluate the data of six major events with regard to their meaningfulness in quality and quantity. We found that due to the amount of data and the inherent imprecision of the methods used, it is difficult to detect outages through algorithmic examination. But once an event is publicly known by self-reporting, they have advantages to capture the temporal and spatial dimensions of the outage due to its nature of objective measurements. As a result, we propose that users’ crowdsourcing can enhance the detection of outages and should be seen as an important starting point to even begin an analysis with algorithm-based techniques, but it is to ISPs and regulatory authorities to support that.},
    language = {en},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik},
    author = {Orlov, Denis and Möller, Simon and Düfler, Sven and Haesler, Steffen and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
    }

  • Philipp Kuehn, Julian Bäumler, Marc-André Kaufhold, Marc Wendelborn, Christian Reuter (2022)
    The Notion of Relevance in Cybersecurity: A Categorization of Security Tools and Deduction of Relevance Notions
    Mensch und Computer – Workshopband Darmstadt. doi:10.18420/muc2022-mci-ws01-220
    [BibTeX] [Abstract] [Download PDF]

    Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.

    @inproceedings{kuehn_notion_2022,
    address = {Darmstadt},
    series = {Mensch und {Computer} 2022 - {Workshopband}},
    title = {The {Notion} of {Relevance} in {Cybersecurity}: {A} {Categorization} of {Security} {Tools} and {Deduction} of {Relevance} {Notions}},
    url = {https://dl.gi.de/handle/20.500.12116/39072},
    doi = {10.18420/muc2022-mci-ws01-220},
    abstract = {Proper cybersecurity requires timely information to defend the IT infrastructure. In a dynamic field like cybersecurity, gathering up-to-date information is usually a manual, time-consuming, and exhaustive task. Automatic and usable approaches are supposed to be a solution to this problem, but for this, they require a notion of information relevance to distinguish relevant from irrelevant information. First, on the basis of a literature review, this paper proposes a novel cybersecurity tool categorization based on corresponding tool types with their respective definitions and core features. Second, it elaborates information used in each category and deduces notions of relevance. Third, it outlines how these findings informed the design of a security dashboard to guide computer emergency response team staff in identifying current threats in open source intelligence sources while mitigating information overload.},
    language = {en},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik},
    author = {Kuehn, Philipp and Bäumler, Julian and Kaufhold, Marc-André and Wendelborn, Marc and Reuter, Christian},
    year = {2022},
    keywords = {Student, UsableSec, Security, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    }

  • Jelle Groenendaal, Ira Helsloot, Christian Reuter (2022)
    Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management
    Proceedings of the Information Systems for Crisis Response and Management (ISCRAM) .
    [BibTeX] [Abstract] [Download PDF]

    Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision-making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision-making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigation outweighs the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision-making are provided.

    @inproceedings{groenendaal_towards_2022,
    title = {Towards {More} {Insight} into {Cyber} {Incident} {Response} {Decision} {Making} and its {Implications} for {Cyber} {Crisis} {Management}},
    url = {http://idl.iscram.org/files/jellegroenendaal/2022/2468_JelleGroenendaal_etal2022.pdf},
    abstract = {Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision-making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision-making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigation outweighs the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision-making are provided.},
    booktitle = {Proceedings of the {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
    author = {Groenendaal, Jelle and Helsloot, Ira and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security},
    }

  • Tilo Mentler, Christian Reuter, Simon Nestler, Marc-André Kaufhold, Michael Herczeg, Jens Pottebaum (2022)
    9. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen
    Mensch und Computer – Workshopband Darmstadt, Germany. doi:10.18420/muc2022-mci-ws10-117
    [BibTeX] [Abstract] [Download PDF]

    Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.

    @inproceedings{mentler_9_2022,
    address = {Darmstadt, Germany},
    title = {9. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
    url = {https://dl.gi.de/handle/20.500.12116/39086},
    doi = {10.18420/muc2022-mci-ws10-117},
    abstract = {Im Zentrum dieses Workshops steht die Interaktion von Mensch und Technik in sicherheitskritischen Kontexten. Hierzu zählen Bereiche, die bereits seit Jahrzehnten Gegenstand der Forschung sind (z.B. Prozessführung in Leitwarten), aber auch aktuelle Herausforderungen (z.B. Social Media im Katastrophenschutz). In diesen und vielen weiteren Bereichen gilt, dass sichere Systemzustände nur durch die ganzheitliche Betrachtung von Mensch, Technik und Organisation gewährleistet bzw. schnellstmöglich wieder erreicht werden können. In diesem Zusammenhang ist der Workshop auch der Nutzbarkeit und Akzeptanz von Sicherheitskonzepten sowie einer bewussteren Auseinandersetzung der Nutzenden mit diesem Thema gewidmet.},
    language = {de},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Mentler, Tilo and Reuter, Christian and Nestler, Simon and Kaufhold, Marc-André and Herczeg, Michael and Pottebaum, Jens},
    year = {2022},
    keywords = {HCI, UsableSec, Security},
    }

  • Christian Reuter, Franz Kuntke, Matthias Trapp, Christian Wied, Gerwin Brill, Georg Müller, Enno Steinbrink, Jonas Franken, Daniel Eberz-Eder, Wolfgang Schneider (2022)
    AgriRegio: Infrastruktur zur Förderung von digitaler Resilienz und Klimaresilienz im ländlichen Raum am Beispiel der Pilotregion Nahe-Donnersberg
    INFORMATIK 2022: 52. Jahrestagung der Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge), Lecture Notes in Informatics (LNI) Hamburg, Germany. doi:10.18420/inf2022_81
    [BibTeX] [Abstract] [Download PDF]

    Die Digitalisierung schreitet auch in der Landwirtschaft immer weiter voran. Vermehrt werden in landwirtschaftlichen Betrieben sogenannte Smart Farming-Technologien eingesetzt, mit deren Hilfe verschiedenste Arbeitsabläufe automatisiert ablaufen, kontrolliert werden und mit anderen Betrieben ausgetauscht werden können. Durch die verfügbaren Daten und die Vernetzung mit anderen Betrieben, ergeben sich vielfältige neue Möglichkeiten in Bezug auf ressourcenschonendes, wirtschaftlicheres und kollaboratives Arbeiten. Problematiken ergeben sich mit Blick auf die Speicherung dieser sensiblen Betriebsdaten, vor allem, wenn hierfür nur einige wenige Anbieter zur Verfügung stehen. Das Forschungsprojekt „AgriRegio“ soll die digitalisierte Datenerfassung und -nutzung in landwirtschaftlichen Betrieben widerstandsfähiger machen und die sicherheitskritische Infrastruktur schützen. Sieben Projektpartner erproben dazu smarte Sensoren auf Basis standardisierter Open-Source-Technologien in der Landwirtschaft, bei denen die Betriebsdaten dezentral auf lokalen Servern gespeichert werden.

    @inproceedings{reuter_agriregio_2022,
    address = {Hamburg, Germany},
    title = {{AgriRegio}: {Infrastruktur} zur {Förderung} von digitaler {Resilienz} und {Klimaresilienz} im ländlichen {Raum} am {Beispiel} der {Pilotregion} {Nahe}-{Donnersberg}},
    isbn = {978-3-88579-720-3},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/39588/rsflab_04.pdf?sequence=1&isAllowed=y},
    doi = {10.18420/inf2022_81},
    abstract = {Die Digitalisierung schreitet auch in der Landwirtschaft immer weiter voran. Vermehrt werden in landwirtschaftlichen Betrieben sogenannte Smart Farming-Technologien eingesetzt, mit deren Hilfe verschiedenste Arbeitsabläufe automatisiert ablaufen, kontrolliert werden und mit anderen Betrieben ausgetauscht werden können. Durch die verfügbaren Daten und die Vernetzung mit anderen Betrieben, ergeben sich vielfältige neue Möglichkeiten in Bezug auf ressourcenschonendes, wirtschaftlicheres und kollaboratives Arbeiten. Problematiken ergeben sich mit Blick auf die Speicherung dieser sensiblen Betriebsdaten, vor allem, wenn hierfür nur einige wenige Anbieter zur Verfügung stehen. Das Forschungsprojekt „AgriRegio“ soll die digitalisierte Datenerfassung und -nutzung in landwirtschaftlichen Betrieben widerstandsfähiger machen und die sicherheitskritische Infrastruktur schützen. Sieben Projektpartner erproben dazu smarte Sensoren auf Basis standardisierter Open-Source-Technologien in der Landwirtschaft, bei denen die Betriebsdaten dezentral auf lokalen Servern gespeichert werden.},
    language = {de},
    booktitle = {{INFORMATIK} 2022: 52. {Jahrestagung} der {Gesellschaft} für {Informatik} – {Informatik} für {Gesellschaft} ({Workshop}-{Beiträge}), {Lecture} {Notes} in {Informatics} ({LNI})},
    publisher = {Gesellschaft für Informatik e. V.},
    author = {Reuter, Christian and Kuntke, Franz and Trapp, Matthias and Wied, Christian and Brill, Gerwin and Müller, Georg and Steinbrink, Enno and Franken, Jonas and Eberz-Eder, Daniel and Schneider, Wolfgang},
    editor = {Demmler, D. and Krupka, D. and Federrath, H.},
    year = {2022},
    keywords = {Ranking-CORE-C, Ranking-VHB-C, UsableSec, Security, RSF, Projekt-AgriRegio},
    pages = {961--972},
    }

  • Max Mühlhäuser, Christian Reuter, Bastian Pfleging, Thomas Kosch, Andrii Matviienko, Katrin Gerling, Sven Mayer, Wilko Heuten, Tanja Döring, Florian Müller, Martin Schmitz (2022)
    Proceedings of Mensch und Computer 2022: Facing Realities
    ACM.
    [BibTeX] [Abstract] [Download PDF]

    Die 2001 ins Leben gerufene Konferenz „Mensch und Computer“ (MuC) ist die größte Tagungsreihe der Mensch-Computer-Interaktion in Europa. Teilnehmenden aus Wissenschaft und Industrie bietet die MuC eine Plattform für Beiträge und Diskussionen zu innovativen Formen der Interaktion zwischen Menschen und digitaler Technik, zu nutzerorientierten Entwicklungsmethoden, interaktiven Anwendungen und weiteren Themen aus dem Spannungsfeld zwischen Nutzenden, Teams und Communities einerseits sowie den genutzten Informations- und Kommunikationstechnologien andererseits. Ziel der Tagung ist es, innovative Forschungsergebnisse zu diskutieren, den Informationsaustausch zwischen Wissenschaft und Praxis zu fördern, Forschungsaktivitäten und Ausbildung anzuregen sowie Wissenschaft, Praxis und Öffentlichkeit für die Relevanz nutzungs- und aufgabengerechter Technikgestaltung zu sensibilisieren. Hauptsächlich englischsprachige Fachbeiträge und deren Veröffentlichung in der „ACM Digital Library“ bzw. Digitalen Bibliothek der GI fördern die weltweite Sichtbarkeit der wissenschaftlichen Resultate der MuC.

    @book{muhlhauser_proceedings_2022,
    title = {Proceedings of {Mensch} und {Computer} 2022: {Facing} {Realities}},
    isbn = {978-1-4503-9690-5},
    url = {https://dl.acm.org/doi/proceedings/10.1145/3543758},
    abstract = {Die 2001 ins Leben gerufene Konferenz „Mensch und Computer“ (MuC) ist die größte Tagungsreihe der
    Mensch-Computer-Interaktion in Europa. Teilnehmenden aus Wissenschaft und Industrie bietet die MuC
    eine Plattform für Beiträge und Diskussionen zu innovativen Formen der Interaktion zwischen Menschen und digitaler Technik, zu nutzerorientierten Entwicklungsmethoden, interaktiven Anwendungen und weiteren Themen aus dem Spannungsfeld zwischen Nutzenden, Teams und Communities einerseits sowie den genutzten Informations- und Kommunikationstechnologien andererseits. Ziel der Tagung ist es, innovative Forschungsergebnisse zu diskutieren, den Informationsaustausch zwischen Wissenschaft und Praxis zu fördern, Forschungsaktivitäten und Ausbildung anzuregen sowie Wissenschaft, Praxis und Öffentlichkeit
    für die Relevanz nutzungs- und aufgabengerechter Technikgestaltung zu sensibilisieren. Hauptsächlich englischsprachige Fachbeiträge und deren Veröffentlichung in der „ACM Digital Library“ bzw. Digitalen Bibliothek der GI fördern die weltweite Sichtbarkeit der wissenschaftlichen Resultate der MuC.},
    publisher = {ACM},
    author = {Mühlhäuser, Max and Reuter, Christian and Pfleging, Bastian and Kosch, Thomas and Matviienko, Andrii and Gerling, Katrin and Mayer, Sven and Heuten, Wilko and Döring, Tanja and Müller, Florian and Schmitz, Martin},
    year = {2022},
    keywords = {HCI, UsableSec},
    }

  • Sebastian Linsner, Enno Steinbrink, Franz Kuntke, Jonas Franken, Christian Reuter (2022)
    Supporting Users in Data Disclosure Scenarios in Agriculture through Transparency
    Behaviour & Information Technology (BIT) ;41(10):2137–2159. doi:10.1080/0144929X.2022.2068070
    [BibTeX] [Abstract] [Download PDF]

    Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.

    @article{linsner_supporting_2022,
    title = {Supporting {Users} in {Data} {Disclosure} {Scenarios} in {Agriculture} through {Transparency}},
    volume = {41},
    url = {http://www.peasec.de/paper/2022/2022_LinsnerSteinbrinkKuntkeFrankenReuter_SupportingDataDisclosureScenariosAgriculture_BIT.pdf},
    doi = {10.1080/0144929X.2022.2068070},
    abstract = {Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.},
    number = {10},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Linsner, Sebastian and Steinbrink, Enno and Kuntke, Franz and Franken, Jonas and Reuter, Christian},
    year = {2022},
    keywords = {UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, RSF, Projekt-GRKPrivacy, Projekt-HyServ, Projekt-AgriRegio},
    pages = {2137--2159},
    }

  • Verena Zimmermann, Jasmin Haunschild, Marita Unden, Paul Gerber, Nina Gerber (2022)
    Sicherheitsherausforderungen für Smart City-Infrastrukturen
    Wirtschaftsinformatik & Management . doi:10.1365/s35764-022-00396-5
    [BibTeX] [Abstract] [Download PDF]

    Viele Städte entwickeln sich hin zu einer „Smart City“. Der Trend birgt einerseits vielfältige Potenziale für Effizienz, Nachhaltigkeit und Sicherheit. Auf der anderen Seite ergeben sich neue Herausforderungen für den Schutz städtischer Infrastrukturen und der darin befindlichen Daten vor Ausfällen und (Cyber‑)Angriffen, die in ihrer Komplexität bisher nur wenig untersucht sind.

    @article{zimmermann_sicherheitsherausforderungen_2022,
    title = {Sicherheitsherausforderungen für {Smart} {City}-{Infrastrukturen}},
    url = {https://link.springer.com/content/pdf/10.1365/s35764-022-00396-5.pdf},
    doi = {10.1365/s35764-022-00396-5},
    abstract = {Viele Städte entwickeln sich hin zu einer „Smart City“. Der Trend birgt einerseits vielfältige Potenziale für Effizienz, Nachhaltigkeit und Sicherheit. Auf der anderen Seite ergeben sich neue Herausforderungen für den Schutz städtischer Infrastrukturen und der darin befindlichen Daten vor Ausfällen und (Cyber‑)Angriffen, die in ihrer Komplexität bisher nur wenig untersucht sind.},
    journal = {Wirtschaftsinformatik \& Management},
    author = {Zimmermann, Verena and Haunschild, Jasmin and Unden, Marita and Gerber, Paul and Gerber, Nina},
    year = {2022},
    keywords = {UsableSec, Security, Projekt-ATHENE-SecUrban},
    }

  • Katrin Hartwig, Christian Reuter (2022)
    Nudging Users Towards Better Security Decisions in Password Creation Using Whitebox-based Multidimensional Visualizations
    Behaviour & Information Technology (BIT) ;41(7):1357–1380. doi:10.1080/0144929X.2021.1876167
    [BibTeX] [Abstract] [Download PDF]

    Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users‘ perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.

    @article{hartwig_nudging_2022,
    title = {Nudging {Users} {Towards} {Better} {Security} {Decisions} in {Password} {Creation} {Using} {Whitebox}-based {Multidimensional} {Visualizations}},
    volume = {41},
    url = {https://peasec.de/paper/2022/2022_HartwigReuter_WhiteboxMultidimensionalNudges_BIT.pdf},
    doi = {10.1080/0144929X.2021.1876167},
    abstract = {Nudging users to keep them secure online has become a growing research field in cybersecurity. While existing approaches are mainly blackbox based, showing aggregated visualisations as one-size-fits-all nudges, personalisation turned out promising to enhance the efficacy of nudges within the high variance of users and contexts. This article presents a disaggregated whitebox-based visualisation of critical information as a novel nudge. By segmenting users according to their decision-making and information processing styles, we investigate if the novel nudge is more effective for specific users than a common black-box nudge. Based on existing literature about critical factors in password security, we designed a dynamic radar chart and parallel coordinates as disaggregated visualisations. We evaluated the short-term effectiveness and users' perception of the nudges in a think-aloud prestudy and a representative online evaluation (N=1.012). Our findings suggest that dynamic radar charts present a moderately effective nudge towards stronger passwords regarding short-term efficacy and are appreciated particularly by players of role-playing games.},
    number = {7},
    journal = {Behaviour \& Information Technology (BIT)},
    author = {Hartwig, Katrin and Reuter, Christian},
    year = {2022},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-CROSSING, Projekt-ATHENE-FANCY, AuswahlUsableSec},
    pages = {1357--1380},
    }

    2021

  • Sebastian Linsner, Franz Kuntke, Enno Steinbrink, Jonas Franken, Christian Reuter (2021)
    The Role of Privacy in Digitalization – Analysing the German Farmers‘ Perspective
    Proceedings on Privacy Enhancing Technologies (PoPETs) ;2021(3):334–350. doi:10.2478/popets-2021-0050
    [BibTeX] [Abstract] [Download PDF]

    Technological progress can disrupt domains and change the way we work and collaborate. This paper presents a qualitative study with 52 German farmers that investigates the impact of the ongoing digitalization process in agriculture and discusses the implications for privacy research. As in other domains, the introduction of digital tools and services leads to the data itself becoming a resource. Sharing this data with products along the supply chain is favored by retailers and consumers, who benefit from traceability through transparency. However, transparency can pose a privacy risk. Having insight into the business data of others along the supply chain provides an advantage in terms of market position. This is particularly true in agriculture, where there is already a significant imbalance of power between actors. A multitude of small and medium-sized farming businesses are opposed by large upstream and downstream players that drive technological innovation. Further weakening the market position of farmers could lead to severe consequences for the entire sector. We found that on the one hand, privacy behaviors are affected by adoption of digitalization, and on the other hand, privacy itself influences adoption of digital tools. Our study sheds light on the emerging challenges for farmers and the role of privacy in the process of digitalization in agriculture.

    @article{linsner_role_2021,
    title = {The {Role} of {Privacy} in {Digitalization} – {Analysing} the {German} {Farmers}' {Perspective}},
    volume = {2021},
    url = {https://www.petsymposium.org/2021/files/papers/issue3/popets-2021-0050.pdf},
    doi = {10.2478/popets-2021-0050},
    abstract = {Technological progress can disrupt domains
    and change the way we work and collaborate. This paper presents a qualitative study with 52 German farmers
    that investigates the impact of the ongoing digitalization process in agriculture and discusses the implications for privacy research. As in other domains, the introduction of digital tools and services leads to the data
    itself becoming a resource. Sharing this data with products along the supply chain is favored by retailers and
    consumers, who benefit from traceability through transparency. However, transparency can pose a privacy risk.
    Having insight into the business data of others along the
    supply chain provides an advantage in terms of market
    position. This is particularly true in agriculture, where
    there is already a significant imbalance of power between actors. A multitude of small and medium-sized
    farming businesses are opposed by large upstream and
    downstream players that drive technological innovation.
    Further weakening the market position of farmers could
    lead to severe consequences for the entire sector. We
    found that on the one hand, privacy behaviors are affected by adoption of digitalization, and on the other
    hand, privacy itself influences adoption of digital tools.
    Our study sheds light on the emerging challenges for
    farmers and the role of privacy in the process of digitalization in agriculture.},
    number = {3},
    journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
    author = {Linsner, Sebastian and Kuntke, Franz and Steinbrink, Enno and Franken, Jonas and Reuter, Christian},
    year = {2021},
    keywords = {HCI, Selected, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, AuswahlUsableSec, Projekt-GeoBox, Projekt-GRKPrivacy, Projekt-HyServ},
    pages = {334--350},
    }

  • Christian Reuter (2021)
    Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (Zweite Auflage)
    2 ed. Wiesbaden: Springer Vieweg.
    [BibTeX] [Abstract] [Download PDF]

    Die zweite, aktualisierte Auflage dieses Lehr- und Fachbuchs gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.

    @book{reuter_sicherheitskritische_2021,
    address = {Wiesbaden},
    edition = {2},
    title = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Zweite} {Auflage})},
    isbn = {978-3-658-32795-8},
    url = {https://www.springer.com/de/book/9783658327941},
    abstract = {Die zweite, aktualisierte Auflage dieses Lehr- und Fachbuchs gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian},
    year = {2021},
    keywords = {AuswahlCrisis, HCI, Selected, SocialMedia, UsableSec, Security, Projekt-KontiKat, Peace, Infrastructure, Projekt-ATHENE-SecUrban, Projekt-CYWARN, Projekt-emergenCITY},
    }

  • Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2021)
    Who Should Get My Private Data in Which Case? Evidence in the Wild
    Mensch und Computer – Tagungsband New York. doi:10.1145/3473856.3473879
    [BibTeX] [Abstract] [Download PDF]

    As a result of the ongoing digitalization of our everyday lives, the amount of data produced by everyone is steadily increasing. This happens through personal decisions and items, such as the use of social media or smartphones, but also through more and more data acquisition in public spaces, such as e.g., Closed Circuit Television. Are people aware of the data they are sharing? What kind of data do people want to share with whom? Are people aware if they have Wi-Fi, GPS, or Bluetooth activated as potential data sharing functionalities on their phone? To answer these questions, we conducted a representative online survey as well as face-to-face interviews with users in Germany. We found that most users wanted to share private data on premise with most entities, indicating that willingness to share data depends on who has access to the data. Almost half of the participants would be more willing to share data with specific entities (state bodies & rescue forces) in the event that an acquaintance is endangered. For Wi-Fi and GPS the frequencies of self-reported and actual activation on the smartphone are almost equal, but 17\% of participants were unaware of the Bluetooth status on their smartphone. Our research is therefore in line with other studies suggesting relatively low privacy awareness of users.

    @inproceedings{herbert_who_2021,
    address = {New York},
    title = {Who {Should} {Get} {My} {Private} {Data} in {Which} {Case}? {Evidence} in the {Wild}},
    url = {http://www.peasec.de/paper/2021/2021_Herbert_SchmidbauerWolfReuter_WhoShouldGetMyPrivateDateinWhichCase_MuC.pdf},
    doi = {10.1145/3473856.3473879},
    abstract = {As a result of the ongoing digitalization of our everyday lives, the amount of data produced by everyone is steadily increasing. This happens through personal decisions and items, such as the use of social media or smartphones, but also through more and more data acquisition in public spaces, such as e.g., Closed Circuit Television. Are people aware of the data they are sharing? What kind of data do people want to share with whom? Are people aware if they have Wi-Fi, GPS, or Bluetooth activated as potential data sharing functionalities on their phone? To answer these questions, we conducted a representative online survey as well as face-to-face interviews with users in Germany. We found that most users wanted to share private data on premise with most entities, indicating that willingness to share data depends on who has access to the data. Almost half of the participants would be more willing to share data with specific entities (state bodies \& rescue forces) in the event that an acquaintance is endangered. For Wi-Fi and GPS the frequencies of self-reported and actual activation on the smartphone are almost equal, but 17\% of participants were unaware of the Bluetooth status on their smartphone. Our research is therefore in line with other studies suggesting relatively low privacy awareness of users.},
    booktitle = {Mensch und {Computer} - {Tagungsband}},
    publisher = {ACM},
    author = {Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2021},
    keywords = {UsableSec, Security, Projekt-ATHENE-FANCY},
    }

  • Anjuli Franz, Gregor Albrecht, Verena Zimmermann, Katrin Hartwig, Christian Reuter, Alexander Benlian, Joachim Vogt (2021)
    SoK: Still Plenty of Phish in the Sea — A Review of User-Oriented Phishing Interventions and Avenues for Future Research
    USENIX Symposium on Usable Privacy and Security (SOUPS) .
    [BibTeX] [Abstract] [Download PDF]

    Phishing is a prevalent cyber threat, targeting individuals and organizations alike. Previous approaches on anti-phishing measures have started to recognize the role of the user, who, at the center of the target, builds the last line of defense. However, user-oriented phishing interventions are fragmented across a diverse research landscape, which has not been systematized to date. This makes it challenging to gain an overview of the various approaches taken by prior works. In this paper, we present a taxonomy of phishing interventions based on a systematic literature analysis. We shed light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction. Furthermore, we highlight shortcomings and challenges emerging from both our literature sample and prior meta-analyses, and discuss them in the light of current movements in the field of usable security. With this article, we hope to provide useful directions for future works on phishing interventions.

    @inproceedings{franz_sok_2021,
    title = {{SoK}: {Still} {Plenty} of {Phish} in the {Sea} — {A} {Review} of {User}-{Oriented} {Phishing} {Interventions} and {Avenues} for {Future} {Research}},
    isbn = {978-1-939133-25-0},
    url = {https://www.usenix.org/system/files/soups2021-franz.pdf},
    abstract = {Phishing is a prevalent cyber threat, targeting individuals and
    organizations alike. Previous approaches on anti-phishing
    measures have started to recognize the role of the user, who,
    at the center of the target, builds the last line of defense.
    However, user-oriented phishing interventions are fragmented
    across a diverse research landscape, which has not been
    systematized to date. This makes it challenging to gain an
    overview of the various approaches taken by prior works.
    In this paper, we present a taxonomy of phishing interventions
    based on a systematic literature analysis. We shed light
    on the diversity of existing approaches by analyzing them
    with respect to the intervention type, the addressed phishing
    attack vector, the time at which the intervention takes place,
    and the required user interaction. Furthermore, we highlight
    shortcomings and challenges emerging from both our literature
    sample and prior meta-analyses, and discuss them in
    the light of current movements in the field of usable security.
    With this article, we hope to provide useful directions for
    future works on phishing interventions.},
    booktitle = {{USENIX} {Symposium} on {Usable} {Privacy} and {Security} ({SOUPS})},
    author = {Franz, Anjuli and Albrecht, Gregor and Zimmermann, Verena and Hartwig, Katrin and Reuter, Christian and Benlian, Alexander and Vogt, Joachim},
    year = {2021},
    keywords = {UsableSec, Security, Ranking-CORE-B, Projekt-CROSSING, AuswahlUsableSec},
    }

  • Christian Reuter, Ulrike Lechner (2021)
    Introduction to the WI2021 Track: Digitization and Society – Even in Times of Corona
    Innovation Through Information Systems. WI 2021: Volume II: A Collection of Latest Research on Technology Issues . doi:https://doi.org/10.1007/978-3-030-86797-3
    [BibTeX] [Abstract] [Download PDF]

    Information and communication technologies affect all areas of civil society. Digitalization opens up new opportunities to address important social issues. The motor of digitalization can be social necessity, technical feasibility, and also a crisis, as the reaction to the COVID-19 pandemic demonstrates: Out of necessity, ideas are created, systems designed and implemented and the value of digital solutions to society becomes apparent. With the digitalization of everyday working and learning, apps for tracing information chains and containing new infections have potential, but also pose social risks. The current COVID-19 crisis seems to put the role of digitalization in a completely new light. Both, to evaluate the value of digital solutions to society and to identify space for innovation is important in times of intense digitalization efforts. To meet the societal challenges posed by digitalization, it is particularly important to understand how they arise. The use of digital solutions in safety-critical contexts entails dependencies and the threat of various dangers: Infrastructure disruptions and failures can be caused by criminal acts, terrorist attacks, natural disasters, operational disruptions, and system failures. In addition, there is a concern about data arising from the use of digital solutions. Data protection, data sovereignty, data security, and their social perception must always be closely observed. Furthermore, it is important to ensure that digitalization does not lead to a digital divide. New digital solutions require constant evaluation and assessment of the consequences.

    @inproceedings{reuter_introduction_2021,
    title = {Introduction to the {WI2021} {Track}: {Digitization} and {Society} – {Even} in {Times} of {Corona}},
    isbn = {978-3-030-86797-3},
    url = {http://www.peasec.de/paper/2021/2021_ReuterLechner_DigitisationandSocietyinTimesofCorona_WI.pdf},
    doi = {https://doi.org/10.1007/978-3-030-86797-3},
    abstract = {Information and communication technologies affect all areas of civil society. Digitalization opens up new opportunities to address important social issues. The motor of digitalization can be social necessity, technical feasibility, and also a crisis, as the reaction to the COVID-19 pandemic demonstrates: Out of necessity, ideas are created, systems designed and implemented and the value of digital solutions to society becomes apparent. With the digitalization of everyday working and learning, apps for tracing information chains and containing new infections have potential, but also pose social risks. The current COVID-19 crisis seems to put the role of digitalization in a completely new light. Both, to evaluate the value of digital solutions to society and to identify space for innovation is important in times of intense digitalization efforts.
    To meet the societal challenges posed by digitalization, it is particularly important to understand how they arise. The use of digital solutions in safety-critical contexts entails dependencies and the threat of various dangers: Infrastructure disruptions and failures can be caused by criminal acts, terrorist attacks, natural disasters, operational disruptions, and system failures. In addition, there is a concern about data arising from the use of digital solutions. Data protection, data sovereignty, data security, and their social perception must always be closely observed. Furthermore, it is important to ensure that digitalization does not lead to a digital divide. New digital solutions require constant evaluation and assessment of the consequences.},
    booktitle = {Innovation {Through} {Information} {Systems}. {WI} 2021: {Volume} {II}: {A} {Collection} of {Latest} {Research} on {Technology} {Issues}},
    publisher = {Springer},
    author = {Reuter, Christian and Lechner, Ulrike},
    year = {2021},
    keywords = {HCI, UsableSec, Security},
    pages = {244--246},
    }

  • Christian Reuter (2021)
    Einleitung in die sicherheitskritische Mensch-Computer-Interaktion
    In: Christian ReuterSicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (Zweite Auflage). 2 ed. Wiesbaden, Germany: Springer Vieweg, , 3–17.
    [BibTeX] [Abstract] [Download PDF]

    Die sicherheitskritische Mensch-Computer-Interaktion (MCI) ist eine interdisziplinäre Herausforderung und ein für die Informatik und die jeweiligen Anwendungsdomänen ein zunehmend an Bedeutung gewinnendes Thema. Dieses Kapitel bietet eine Einfüh-rung in das Lehr- und Fachbuch „Sicherheitskritische Mensch-Computer-Interaktion – Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement“. Als didaktisch aufbereiteter, umfassender Überblick über Grundlagen, Methoden und Anwendungsgebiete soll es sowohl als vorlesungsbegleitende Lektüre als auch als Nach-schlagewerk für Personen aus Wissenschaft, Design und Entwicklung dienen. Dies ad-ressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering, von Analyse über Design bis Evaluation abgedeckt.

    @incollection{reuter_einleitung_2021,
    address = {Wiesbaden, Germany},
    edition = {2},
    title = {Einleitung in die sicherheitskritische {Mensch}-{Computer}-{Interaktion}},
    isbn = {978-3-658-32794-1},
    url = {https://doi.org/10.1007/978-3-658-32795-8_1},
    abstract = {Die sicherheitskritische Mensch-Computer-Interaktion (MCI) ist eine interdisziplinäre Herausforderung und ein für die Informatik und die jeweiligen Anwendungsdomänen ein zunehmend an Bedeutung gewinnendes Thema. Dieses Kapitel bietet eine Einfüh-rung in das Lehr- und Fachbuch „Sicherheitskritische Mensch-Computer-Interaktion – Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement“. Als didaktisch aufbereiteter, umfassender Überblick über Grundlagen, Methoden und Anwendungsgebiete soll es sowohl als vorlesungsbegleitende Lektüre als auch als Nach-schlagewerk für Personen aus Wissenschaft, Design und Entwicklung dienen. Dies ad-ressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering, von Analyse über Design bis Evaluation abgedeckt.},
    booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Zweite} {Auflage})},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian},
    editor = {Reuter, Christian},
    year = {2021},
    keywords = {Crisis, HCI, UsableSec, Security, Projekt-CYWARN},
    pages = {3--17},
    }

  • Christian Reuter, Konstantin Aal, Frank Beham, Alexander Boden, Florian Brauner, Thomas Ludwig, Stephan Lukosch, Frank Fiedrich, Frank Fuchs-Kittowski, Stefan Geisler, Klaus Gennen, Dominik Herrmann, Marc-André Kaufhold, Michael Klafft, Myriam Lipprandt, Luigi Lo Iacono, Volkmar Pipek, Tilo Mentler, Simon Nestler, Jens Pottebaum, Sven Quadflieg, Stefan Stieglitz, Christian Sturm, Gebhard Rusch, Stefan Sackmann, Melanie Volkamer, Volker Wulf (2021)
    Die Zukunft sicherheitskritischer Mensch-Computer-Interaktion
    In: Christian ReuterSicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (2. Auflage). 2 ed. Wiesbaden, Germany: Springer Vieweg, , 673–681.
    [BibTeX] [Abstract] [Download PDF]

    Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit ein hochaktuel-les Thema, sondern wird dies auch in Zukunft bleiben. Insofern ist ein Lehr- und Fach-buch wie dieses immer nur eine Momentaufnahme, und kann immer nur einen punktuel-len Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das möchte dieses Kapitel erreichen: Es sollen zukünftige Entwicklungen vorausgesagt und versucht wer-den, diese korrekt einzuordnen. Das ist an dieser Stelle nicht nur durch den Herausgeber, sondern durch Abfrage bei zahlreichen am Lehrbuch beteiligten Autor*innen geschehen. Neben einem Ausblick auf Grundlagen und Methoden werden dementsprechend auch sicherheitskritische interaktive Systeme und sicherheitskritische kooperative Systeme abgedeckt.

    @incollection{reuter_zukunft_2021,
    address = {Wiesbaden, Germany},
    edition = {2},
    title = {Die {Zukunft} sicherheitskritischer {Mensch}-{Computer}-{Interaktion}},
    isbn = {978-3-658-19523-6},
    url = {https://doi.org/10.1007/978-3-658-32795-8_31},
    abstract = {Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit ein hochaktuel-les Thema, sondern wird dies auch in Zukunft bleiben. Insofern ist ein Lehr- und Fach-buch wie dieses immer nur eine Momentaufnahme, und kann immer nur einen punktuel-len Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das möchte dieses Kapitel erreichen: Es sollen zukünftige Entwicklungen vorausgesagt und versucht wer-den, diese korrekt einzuordnen. Das ist an dieser Stelle nicht nur durch den Herausgeber, sondern durch Abfrage bei zahlreichen am Lehrbuch beteiligten Autor*innen geschehen. Neben einem Ausblick auf Grundlagen und Methoden werden dementsprechend auch sicherheitskritische interaktive Systeme und sicherheitskritische kooperative Systeme abgedeckt.},
    booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} (2. {Auflage})},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian and Aal, Konstantin and Beham, Frank and Boden, Alexander and Brauner, Florian and Ludwig, Thomas and Lukosch, Stephan and Fiedrich, Frank and Fuchs-Kittowski, Frank and Geisler, Stefan and Gennen, Klaus and Herrmann, Dominik and Kaufhold, Marc-André and Klafft, Michael and Lipprandt, Myriam and Lo Iacono, Luigi and Pipek, Volkmar and Mentler, Tilo and Nestler, Simon and Pottebaum, Jens and Quadflieg, Sven and Stieglitz, Stefan and Sturm, Christian and Rusch, Gebhard and Sackmann, Stefan and Volkamer, Melanie and Wulf, Volker},
    editor = {Reuter, Christian},
    year = {2021},
    note = {https://doi.org/10.1007/978-3-658-32795-8\_31},
    keywords = {Crisis, HCI, SocialMedia, UsableSec, Security, Projekt-KontiKat, Projekt-CYWARN},
    pages = {673--681},
    }

  • Daniel Eberz-Eder, Franz Kuntke, Wolfgang Schneider, Christian Reuter (2021)
    Technologische Umsetzung des Resilient Smart Farming (RSF) durch den Einsatz von Edge-Computing
    41. GIL-Jahrestagung: Informatik in der Land-, Forst- und Ernährungswirtschaft .
    [BibTeX] [Abstract] [Download PDF]

    Edge Computing bietet die Möglichkeit zur Realisierung von Resilient Smart Farming (RSF). Die vorliegende Arbeit setzt sich mit Möglichkeiten der möglichst ausfallsicheren Digitalisierung der Landwirtschaft als kritischer Infrastruktur auseinander und zeigt auf, dass dezentrale Lösungen des Edge Computing inzwischen innovative technologische Möglichkeiten zur Realisierung von RSF bieten. Die Vorteile der lokalen Datenverarbeitung am Entstehungsort in Kombination mit einer regionalen Vernetzung bieten neue Möglichkeiten im Zeitalter von 5GInfrastrukturen und dem Einsatz von IoT-Sensornetzwerken. Der Fokus dieser Arbeit liegt auf Edge Computing als Technologie zur Umsetzung eines resilienten Smart Farming.

    @inproceedings{eberz-eder_technologische_2021,
    title = {Technologische {Umsetzung} des {Resilient} {Smart} {Farming} ({RSF}) durch den {Einsatz} von {Edge}-{Computing}},
    url = {http://www.peasec.de/paper/2021/2021_EberzEderKuntkeSchneiderReuter_TechnischeUmsetzungResilientSmartFarming_GIL.pdf},
    abstract = {Edge Computing bietet die Möglichkeit zur Realisierung von Resilient Smart Farming (RSF). Die vorliegende Arbeit setzt sich mit Möglichkeiten der möglichst ausfallsicheren Digitalisierung der Landwirtschaft als kritischer Infrastruktur auseinander und zeigt auf, dass dezentrale Lösungen des Edge Computing inzwischen innovative technologische Möglichkeiten zur Realisierung von RSF bieten. Die Vorteile der lokalen Datenverarbeitung am Entstehungsort in Kombination mit einer regionalen Vernetzung bieten neue Möglichkeiten im Zeitalter von 5GInfrastrukturen und dem Einsatz von IoT-Sensornetzwerken. Der Fokus dieser Arbeit liegt auf Edge Computing als Technologie zur Umsetzung eines resilienten Smart Farming.},
    booktitle = {41. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
    publisher = {Gesellschaft für Informatik},
    author = {Eberz-Eder, Daniel and Kuntke, Franz and Schneider, Wolfgang and Reuter, Christian},
    year = {2021},
    keywords = {Ranking-VHB-C, UsableSec, Security, Projekt-GeoBox},
    pages = {79--84},
    }

  • Thea Riebe, Marc-André Kaufhold, Christian Reuter (2021)
    The Impact of Organizational Structure and Technology Use on Collaborative Practices in Computer Emergency Response Teams: An Empirical Study
    Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing ;5(CSCW2). doi:10.1145/3479865
    [BibTeX] [Abstract] [Download PDF]

    Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.

    @article{riebe_impact_2021,
    title = {The {Impact} of {Organizational} {Structure} and {Technology} {Use} on {Collaborative} {Practices} in {Computer} {Emergency} {Response} {Teams}: {An} {Empirical} {Study}},
    volume = {5},
    url = {https://www.peasec.de/paper/2021/2021_RiebeKaufholdReuter_ComputerEmegencyResponseTeams_CSCW.pdf},
    doi = {10.1145/3479865},
    abstract = {Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.},
    number = {CSCW2},
    journal = {Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing},
    author = {Riebe, Thea and Kaufhold, Marc-André and Reuter, Christian},
    year = {2021},
    keywords = {Crisis, UsableSec, Security, A-Paper, Ranking-CORE-A, Projekt-KontiKat, Projekt-ATHENE-SecUrban, Projekt-CYWARN, AuswahlUsableSec, AuswahlKaufhold},
    }

  • Thea Riebe, Tristan Wirth, Markus Bayer, Philipp Kuehn, Marc-André Kaufhold, Volker Knauthe, Stefan Guthe, Christian Reuter (2021)
    CySecAlert: An Alert Generation System for Cyber Security Events Using Open Source Intelligence Data
    Information and Communications Security (ICICS) . doi:10.1007/978-3-030-86890-1_24
    [BibTeX] [Abstract] [Download PDF]

    Receiving relevant information on possible cyber threats, attacks, and data breaches in a timely manner is crucial for early response. The social media platform Twitter hosts an active cyber security community. Their activities are often monitored manually by security experts, such as Computer Emergency Response Teams (CERTs). We thus propose a Twitter-based alert generation system that issues alerts to a system operator as soon as new relevant cyber security related topics emerge. Thereby, our system allows us to monitor user accounts with significantly less workload. Our system applies a supervised classifier, based on active learning, that detects tweets containing relevant information. The results indicate that uncertainty sampling can reduce the amount of manual relevance classification effort and enhance the classifier performance substantially compared to random sampling. Our approach reduces the number of accounts and tweets that are needed for the classifier training, thus making the tool easily and rapidly adaptable to the specific context while also supporting data minimization for Open Source Intelligence (OSINT). Relevant tweets are clustered by a greedy stream clustering algorithm in order to identify significant events. The proposed system is able to work near real-time within the required 15-minutes time frame and detects up to 93.8\% of relevant events with a false alert rate of 14.81\%.

    @inproceedings{riebe_cysecalert_2021,
    title = {{CySecAlert}: {An} {Alert} {Generation} {System} for {Cyber} {Security} {Events} {Using} {Open} {Source} {Intelligence} {Data}},
    url = {https://peasec.de/paper/2021/2021_RiebeWirthBayerKuehnKaufholdKnautheGutheReuter_CySecAlertOpenSourceIntelligence_ICICS.pdf},
    doi = {10.1007/978-3-030-86890-1_24},
    abstract = {Receiving relevant information on possible cyber threats, attacks, and data breaches in a timely manner is crucial for early response. The social media platform Twitter hosts an active cyber security community. Their activities are often monitored manually by security experts, such as Computer Emergency Response Teams (CERTs). We thus propose a Twitter-based alert generation system that issues alerts to a system operator as soon as new relevant cyber security related topics emerge. Thereby, our system allows us to monitor user accounts with significantly less workload. Our system applies a supervised classifier, based on active learning, that detects tweets containing relevant information. The results indicate that uncertainty sampling can reduce the amount of manual relevance classification effort and enhance the classifier performance substantially compared to random sampling. Our approach reduces the number of accounts and tweets that are needed for the classifier training, thus making the tool easily and rapidly adaptable to the specific context while also supporting data minimization for Open Source Intelligence (OSINT). Relevant tweets are clustered by a greedy stream clustering algorithm in order to identify significant events. The proposed system is able to work near real-time within the required 15-minutes time frame and detects up to 93.8\% of relevant events with a false alert rate of 14.81\%.},
    booktitle = {Information and {Communications} {Security} ({ICICS})},
    author = {Riebe, Thea and Wirth, Tristan and Bayer, Markus and Kuehn, Philipp and Kaufhold, Marc-André and Knauthe, Volker and Guthe, Stefan and Reuter, Christian},
    year = {2021},
    keywords = {Student, UsableSec, Security, Ranking-CORE-B, Projekt-ATHENE-SecUrban, Projekt-CYWARN},
    pages = {429--446},
    }

  • Katrin Hartwig, Christian Reuter (2021)
    Nudge or Restraint: How do People Assess Nudging in Cybersecurity – A Representative Study in Germany
    European Symposium on Usable Security (EuroUSEC) Karlsruhe, Germany. doi:10.1145/3481357.3481514
    [BibTeX] [Abstract] [Download PDF]

    While nudging is a long-established instrument in many contexts, it has more recently emerged to be relevant in cybersecurity as well. For instance, existing research suggests nudges for stronger passwords or safe WiFi connections. However, those nudges are often not as effective as desired. To improve their effectiveness, it is crucial to understand how people assess nudges in cybersecurity, to address potential fears and resulting reactance and to facilitate voluntary compliance. In other contexts, such as the health sector, studies have already thoroughly explored the attitude towards nudging. To address that matter in cybersecurity, we conducted a representative study in Germany (𝑁 = 1, 012), asking people about their attitude towards nudging in that specific context. Our findings reveal that 64\% rated nudging in cybersecurity as helpful, however several participants expected risks such as intentional misguidance, manipulation and data exposure as well.

    @inproceedings{hartwig_nudge_2021,
    address = {Karlsruhe, Germany},
    title = {Nudge or {Restraint}: {How} do {People} {Assess} {Nudging} in {Cybersecurity} - {A} {Representative} {Study} in {Germany}},
    url = {https://peasec.de/paper/2021/2021_HartwigReuter_NudgingCybersecurityRepresentativeStudy_EuroUSEC.pdf},
    doi = {10.1145/3481357.3481514},
    abstract = {While nudging is a long-established instrument in many contexts, it has more recently emerged to be relevant in cybersecurity as well. For instance, existing research suggests nudges for stronger passwords or safe WiFi connections. However, those nudges are often not as effective as desired. To improve their effectiveness, it is crucial to understand how people assess nudges in cybersecurity, to address potential fears and resulting reactance and to facilitate voluntary compliance. In other contexts, such as the health sector, studies have already thoroughly explored the attitude towards nudging. To address that matter in cybersecurity, we conducted a representative study in Germany (𝑁 = 1, 012), asking people about their attitude towards nudging in that specific context. Our findings reveal that 64\% rated nudging in cybersecurity as helpful, however several participants expected risks such as intentional misguidance, manipulation and data exposure as well.},
    booktitle = {European {Symposium} on {Usable} {Security} ({EuroUSEC})},
    publisher = {ACM},
    author = {Hartwig, Katrin and Reuter, Christian},
    year = {2021},
    keywords = {UsableSec, Security, Projekt-CROSSING, Projekt-ATHENE-SecUrban},
    pages = {141--150},
    }

  • Katrin Hartwig, Atlas Englisch, Jan Pelle Thomson, Christian Reuter (2021)
    Finding Secret Treasure? Improving Memorized Secrets Through Gamification
    European Symposium on Usable Security (EuroUSEC) Karlsruhe, Germany. doi:10.1145/3481357.3481509
    [BibTeX] [Abstract] [Download PDF]

    Users tend to bypass systems that are designed to increase their personal security and privacy while limiting their perceived freedom. Nudges present a possible solution to this problem, offering security benefits without taking away perceived freedom. We have identified a lack of research comparing concrete implementations of nudging concepts in an emulated real-world scenario to assess their relative value as a nudge. Comparing multiple nudging implementations in an emulated real-world scenario including a novel avatar nudge with gamification elements, this publication discusses the advantages of nudging for stronger user-created passwords regarding efficacy, usability, and memorability.We investigated the effect of gamification in nudges, performing two studies (𝑁1 = 16, 𝑁2 = 1, 000) to refine and evaluate implementations of current and novel nudging concepts. Our research found a gamified nudge, which integrates a personalizable avatar guide into the registration process, to perform less effectively than state-of-the-art nudges, independently of participants’ gaming frequency.

    @inproceedings{hartwig_finding_2021,
    address = {Karlsruhe, Germany},
    title = {Finding {Secret} {Treasure}? {Improving} {Memorized} {Secrets} {Through} {Gamification}},
    url = {https://peasec.de/paper/2021/2021_HartwigEnglischThomsonReuter_MemorizedSecretsThroughGamification_EuroUSEC.pdf},
    doi = {10.1145/3481357.3481509},
    abstract = {Users tend to bypass systems that are designed to increase their personal security and privacy while limiting their perceived freedom.
    Nudges present a possible solution to this problem, offering security benefits without taking away perceived freedom. We have
    identified a lack of research comparing concrete implementations of nudging concepts in an emulated real-world scenario to assess their
    relative value as a nudge. Comparing multiple nudging implementations in an emulated real-world scenario including a novel avatar
    nudge with gamification elements, this publication discusses the advantages of nudging for stronger user-created passwords regarding
    efficacy, usability, and memorability.We investigated the effect of gamification in nudges, performing two studies (𝑁1 = 16, 𝑁2 = 1, 000)
    to refine and evaluate implementations of current and novel nudging concepts. Our research found a gamified nudge, which integrates
    a personalizable avatar guide into the registration process, to perform less effectively than state-of-the-art nudges, independently of
    participants’ gaming frequency.},
    booktitle = {European {Symposium} on {Usable} {Security} ({EuroUSEC})},
    publisher = {ACM},
    author = {Hartwig, Katrin and Englisch, Atlas and Thomson, Jan Pelle and Reuter, Christian},
    year = {2021},
    keywords = {Student, UsableSec, Security, Projekt-CROSSING, Projekt-ATHENE-SecUrban},
    pages = {105--117},
    }

  • Enno Steinbrink, Lilian Reichert, Michelle Mende, Christian Reuter (2021)
    Digital Privacy Perceptions of Asylum Seekers in Germany – An Empirical Study about Smartphone Usage during the Flight
    Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing ;5(CSCW2). doi:10.1145/3479526
    [BibTeX] [Abstract] [Download PDF]

    Since 2015, an increased number of asylum seekers is coming to Europe. These migration movements increasingly rely on digital infrastructure, such as mobile internet access and online services, in order to reach their targeted destination countries. Asylum seekers often use smartphones for information and communication purposes. Even though there are many positive aspects in the use of such technologies, researchers have to consider the perceived risks of this specific user group. This work aims at investigating the use of mobile information technologies by asylum seekers during their flight, especially taking privacy into account. Thus, it examines asylum seekers’ digital privacy perceptions and identifies privacy protection behaviors by conducting a qualitative interview study with 14 asylum seekers who applied for asylum in Germany. The results show that asylum seekers are often aware of the various risks deriving from the use of smartphones and ICT, such as surveillance and persecution by state or non-state actors as well as extortion by criminals. Based on this, this work furthermore outlines different strategies used to manage these risks. Since the lack of privacy and trust leads to avoidance behavior, the insights of this study provide valuable information for the design of assistance apps and collaboration platforms, which appropriately address the specific needs for digital privacy in the context of flight, or for the conception of privacy-enhancing technologies helping to achieve this.

    @article{steinbrink_digital_2021,
    title = {Digital {Privacy} {Perceptions} of {Asylum} {Seekers} in {Germany} - {An} {Empirical} {Study} about {Smartphone} {Usage} during the {Flight}},
    volume = {5},
    url = {https://www.peasec.de/paper/2021/2021_SteinbrinkReichertMendeReuter_DigitalPrivacyPerceptionAsylumSeekers_CSCW.pdf},
    doi = {10.1145/3479526},
    abstract = {Since 2015, an increased number of asylum seekers is coming to Europe. These migration movements increasingly rely on digital infrastructure, such as mobile internet access and online services, in order to reach their targeted destination countries. Asylum seekers often use smartphones for information and communication purposes. Even though there are many positive aspects in the use of such technologies, researchers have to consider the perceived risks of this specific user group. This work aims at investigating the use of mobile information technologies by asylum seekers during their flight, especially taking privacy into account. Thus, it examines asylum seekers’ digital privacy perceptions and identifies privacy protection behaviors by conducting a qualitative interview study with 14 asylum seekers who applied for asylum in Germany. The results show that asylum seekers are often aware of the various risks deriving from the use of smartphones and ICT, such as surveillance and persecution by state or non-state actors as well as extortion by criminals. Based on this, this work furthermore outlines different strategies used to manage these risks. Since the lack of privacy and trust leads to avoidance behavior, the insights of this study provide valuable information for the design of assistance apps and collaboration platforms, which appropriately address the specific needs for digital privacy in the context of flight, or for the conception of privacy-enhancing technologies helping to achieve this.},
    number = {CSCW2},
    journal = {Proceedings of the ACM: Human Computer Interaction (PACM): Computer-Supported Cooperative Work and Social Computing},
    author = {Steinbrink, Enno and Reichert, Lilian and Mende, Michelle and Reuter, Christian},
    year = {2021},
    keywords = {Student, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-CORE-A, Projekt-ATHENE-FANCY, AuswahlUsableSec, Projekt-GRKPrivacy},
    }

  • Christian Reuter, Marc-André Kaufhold (2021)
    Usable Safety Engineering sicherheitskritischer interaktiver Systeme
    In: Christian Reuter: Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement. Wiesbaden, Germany: Springer Vieweg, , 23–45. doi:10.1007/978-3-658-32795-8_2
    [BibTeX] [Abstract] [Download PDF]

    Die Gestaltung gebrauchstauglicher, interaktiver und kooperativer Systeme wird bereits seit den 1980er Jahren in der Disziplin Mensch-Computer-Interaktion (MCI) und Com-puterunterstützte Gruppenarbeit (CSCW) behandelt. Es gibt jedoch einige Besonderhei-ten der MCI im Kontext sicherheitskritischer Systeme, insbesondere der störungsfreien Nutzung von IT (Safety) zu beachten. Dieses Kapitel stellt die wichtigsten Merkmale der Anwendung von Gestaltungsmethoden der MCI in sicherheitskritischen Systemen dar. Hierfür werden zu Beginn die Grundlagen der beiden Gebiete – der MCI sowie des Kri-sen- und Sicherheitsmanagements – erläutert. Darauf aufbauend werden Ansätze und Methoden der Analyse, des Designs und der Entwicklung sowie der Evaluation der MCI unter besonderer Berücksichtigung sicherheitskritischer Systeme diskutiert. Aspekte wie Risikoanalysen in der Anforderungsanalyse, die Einkalkulierung von Bedienfehlern und Rückfallebenen im Systemdesign gehören ebenso dazu wie besondere Herausforderun-gen bei Evaluationen.

    @incollection{reuter_usable_2021,
    address = {Wiesbaden, Germany},
    title = {Usable {Safety} {Engineering} sicherheitskritischer interaktiver {Systeme}},
    isbn = {978-3-658-32795-8},
    url = {https://link.springer.com/chapter/10.1007/978-3-658-32795-8_2},
    abstract = {Die Gestaltung gebrauchstauglicher, interaktiver und kooperativer Systeme wird bereits seit den 1980er Jahren in der Disziplin Mensch-Computer-Interaktion (MCI) und Com-puterunterstützte Gruppenarbeit (CSCW) behandelt. Es gibt jedoch einige Besonderhei-ten der MCI im Kontext sicherheitskritischer Systeme, insbesondere der störungsfreien Nutzung von IT (Safety) zu beachten. Dieses Kapitel stellt die wichtigsten Merkmale der Anwendung von Gestaltungsmethoden der MCI in sicherheitskritischen Systemen dar. Hierfür werden zu Beginn die Grundlagen der beiden Gebiete – der MCI sowie des Kri-sen- und Sicherheitsmanagements – erläutert. Darauf aufbauend werden Ansätze und Methoden der Analyse, des Designs und der Entwicklung sowie der Evaluation der MCI unter besonderer Berücksichtigung sicherheitskritischer Systeme diskutiert. Aspekte wie Risikoanalysen in der Anforderungsanalyse, die Einkalkulierung von Bedienfehlern und Rückfallebenen im Systemdesign gehören ebenso dazu wie besondere Herausforderun-gen bei Evaluationen.},
    booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement}},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian and Kaufhold, Marc-André},
    editor = {Reuter, Christian},
    year = {2021},
    doi = {10.1007/978-3-658-32795-8_2},
    keywords = {HCI, UsableSec, Security, Projekt-KontiKat, Projekt-CRISP},
    pages = {23--45},
    }

  • Tom Biselli, Christian Reuter (2021)
    On the Relationship between IT Privacy and Security Behavior: A Survey among German Private Users
    Proceedings of the International Conference on Wirtschaftsinformatik (WI) Potsdam, Germany.
    [BibTeX] [Abstract] [Download PDF]

    The relevance of adequate privacy and security behavior in the digital space is higher than ever. However, the exact relationship between privacy and security behavior is rarely discussed in the literature. This study investigates this relationship and the role of socio-demographic factors (gender, age, education, political opinions) in such behavior. Exploratory results of a survey of German private users (N=1,219) show that privacy and security behavior are only weakly correlated and not similarly influenced by socio-demographic factors. While se-curity behavior significantly differs between age and education groups (younger and less educated show less security behavior), no such differences exist for pri-vacy behavior. Additionally, political orientation and opinion has no influence on privacy and security behavior. Thus, this study sheds light on the concepts of privacy, security and corresponding behavior and emphasizes the need for a fine-grained differentiation if either privacy or security behavior is to be improved.

    @inproceedings{biselli_relationship_2021,
    address = {Potsdam, Germany},
    title = {On the {Relationship} between {IT} {Privacy} and {Security} {Behavior}: {A} {Survey} among {German} {Private} {Users}},
    url = {https://peasec.de/paper/2021/2021_BiselliReuter_RelationshipITPrivacyandSecurityBehavior_WI.pdf},
    abstract = {The relevance of adequate privacy and security behavior in the digital space is higher than ever. However, the exact relationship between privacy and security behavior is rarely discussed in the literature. This study investigates this relationship and the role of socio-demographic factors (gender, age, education, political opinions) in such behavior. Exploratory results of a survey of German private users (N=1,219) show that privacy and security behavior are only weakly correlated and not similarly influenced by socio-demographic factors. While se-curity behavior significantly differs between age and education groups (younger and less educated show less security behavior), no such differences exist for pri-vacy behavior. Additionally, political orientation and opinion has no influence on privacy and security behavior. Thus, this study sheds light on the concepts of privacy, security and corresponding behavior and emphasizes the need for a fine-grained differentiation if either privacy or security behavior is to be improved.},
    booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI})},
    publisher = {AIS},
    author = {Biselli, Tom and Reuter, Christian},
    year = {2021},
    keywords = {HCI, Ranking-CORE-C, UsableSec, Security, Ranking-WKWI-A, Projekt-ATHENE-FANCY},
    pages = {1--17},
    }

    2020

  • Tilo Mentler, Christian Reuter, Simon Nestler, Marc-André Kaufhold, Michael Herczeg, Jens Pottebaum (2020)
    7. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen
    Mensch und Computer – Workshopband Magdeburg, Germany. doi:10.18420/muc2020-ws117
    [BibTeX] [Abstract] [Download PDF]

    Computer unterstützen Menschen heute zunehmend in sicherheitskritischen Kontexten und Notfallsituationen: Beispielsweise in der Medizin und Produktion, aber auch im Verkehr und Katastrophenschutz begegnen wir immer häufiger digitalen Systemen, mit denen wir interagieren. Vor allem mobile Anwendungen haben im Laufe der letzten Jahre immer mehr an Relevanz gewonnen. Aufgrund vielfältiger Einsatzmöglichkeiten müssen hier diverse Disziplinen zusammenwirken, um die Kooperation zwischen Menschen und Maschinen sicher und effizient zu gestalten. Doch auch die Zusammenarbeit zwischen Menschen wird zunehmend technologisch unterstützt, was sich u.a. in der steigenden Popularität sozialer Medien widerspiegelt. Mithilfe solcher Systeme kann eine Kommunikation, Awareness und Koordination insbesondere in der Krisenbewältigung angestrebt und erreicht werden, sie bringen aufgrund ihrer teilweise technischen Komplexität aber auch Probleme mit sich. Im Zentrum dieses Workshops stehen Erkenntnisse zur Mensch-Computer-Interaktion in sicherheitskritischen Anwendungsgebieten.

    @inproceedings{mentler_7_2020,
    address = {Magdeburg, Germany},
    title = {7. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
    url = {https://dl.gi.de/server/api/core/bitstreams/c9533821-ef3c-4b23-b000-adc172ea195b/content},
    doi = {10.18420/muc2020-ws117},
    abstract = {Computer unterstützen Menschen heute zunehmend in sicherheitskritischen Kontexten und Notfallsituationen: Beispielsweise in der Medizin und Produktion, aber auch im Verkehr und Katastrophenschutz begegnen wir immer häufiger digitalen Systemen, mit denen wir interagieren. Vor allem mobile Anwendungen haben im Laufe der letzten Jahre immer mehr an Relevanz gewonnen. Aufgrund vielfältiger Einsatzmöglichkeiten müssen hier diverse Disziplinen zusammenwirken, um die Kooperation zwischen Menschen und Maschinen sicher und effizient zu gestalten. Doch auch die Zusammenarbeit zwischen Menschen wird zunehmend technologisch unterstützt, was sich u.a. in der steigenden Popularität sozialer Medien widerspiegelt. Mithilfe solcher Systeme kann eine Kommunikation, Awareness und Koordination insbesondere in der Krisenbewältigung angestrebt und erreicht werden, sie bringen aufgrund ihrer teilweise technischen Komplexität aber auch Probleme mit sich. Im Zentrum dieses Workshops stehen Erkenntnisse zur Mensch-Computer-Interaktion in sicherheitskritischen Anwendungsgebieten.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e. V.},
    author = {Mentler, Tilo and Reuter, Christian and Nestler, Simon and Kaufhold, Marc-André and Herczeg, Michael and Pottebaum, Jens},
    year = {2020},
    keywords = {Crisis, HCI, UsableSec, Security},
    pages = {1--2},
    }

  • Michael Koch, Jürgen Ziegler, Christian Reuter, Thomas Schlegel, Michael Prilla (2020)
    Mensch-Computer-Interaktion als zentrales Gebiet der Informatik – Bestandsaufnahme, Trends und Herausforderungen
    Informatik-Spektrum . doi:10.1007/s00287-020-01299-8
    [BibTeX] [Abstract] [Download PDF]

    Mensch-Computer-Interaktion (MCI) beschäftigt sich mit Fragen rund um die benutzer- und kontextegerechte Gestaltung von IT-Systemen. Ohne MCI ist die vielbeschworene digitale Transformation nicht möglich, da Systeme, die nicht benutzbar (gebrauchstauglich) sind, für ihre Nutzer wertlos oder sogar gefährlich sind – erst Nutzbarkeit schafft Nutzen! In diesem Beitrag sammeln wir einige Beispiele dafür, wo und wie MCI in der Entwicklung zukünftiger IT-Systeme relevant ist – von nutzerzentrierter künstlicher Intelligenz über benutzbare Sicherheit, cyberphysische Systeme und digital Arbeit hin zu Augmented Reality und Virtual Reality.

    @article{koch_mensch-computer-interaktion_2020,
    title = {Mensch-{Computer}-{Interaktion} als zentrales {Gebiet} der {Informatik} - {Bestandsaufnahme}, {Trends} und {Herausforderungen}},
    url = {https://link.springer.com/content/pdf/10.1007/s00287-020-01299-8.pdf},
    doi = {10.1007/s00287-020-01299-8},
    abstract = {Mensch-Computer-Interaktion (MCI) beschäftigt sich mit Fragen rund um die benutzer- und kontextegerechte Gestaltung von IT-Systemen. Ohne MCI ist die vielbeschworene digitale Transformation nicht möglich, da Systeme, die nicht benutzbar (gebrauchstauglich) sind, für ihre Nutzer wertlos oder sogar gefährlich sind – erst Nutzbarkeit schafft Nutzen! In diesem Beitrag sammeln wir einige Beispiele dafür, wo und wie MCI in der Entwicklung zukünftiger IT-Systeme relevant ist – von nutzerzentrierter künstlicher Intelligenz über benutzbare Sicherheit, cyberphysische Systeme und digital Arbeit hin zu Augmented Reality und Virtual Reality.},
    journal = {Informatik-Spektrum},
    author = {Koch, Michael and Ziegler, Jürgen and Reuter, Christian and Schlegel, Thomas and Prilla, Michael},
    year = {2020},
    keywords = {HCI, UsableSec},
    }

  • Franz Kuntke, Christian Reuter, Wolfgang Schneider, Daniel Eberz, Ansgar Bernardi (2020)
    Die GeoBox-Vision: Resiliente Interaktion und Kooperation in der Landwirtschaft durch dezentrale Systeme
    Mensch und Computer – Workshopband Magdeburg. doi:10.18420/muc2020-ws117-407
    [BibTeX] [Abstract] [Download PDF]

    Betrachtet man Landwirtschaft unter dem Blickwinkel kritischer Infrastruktur, da sie einen essenziellen Bestandteil der lebenswich-tigen Nahrungsmittelproduktion darstellt, so wird schnell klar, dass auch die dort eingesetzten Werkzeuge hohen Anforderungen stand-halten müssen. Mit dem Einsatz moderner digitaler Werkzeuge werden Erwartungen verbunden, sowohl den gesellschaftlichen Anforderungen nach Qualität und Quantität von Nahrungsmitteln gerecht zu werden, als auch dabei die Produktion möglichst effi-zient unter Berücksichtigung von Umwelt und Natur durchzufüh-ren. Ebenso gilt es die Interessen der landwirtschaftlich Beschäftig-ten zu wahren. Die Geobox-Infrastruktur verfolgt dieses Ziel. Zu den wichtigsten Aspekten, die dabei erfüllt werden müssen, zählen eine resiliente Systemarchitektur, Sicherheit und Datenhoheit, aber auch Gebrauchstauglichkeit. Dieser Beitrag diskutiert den For-schungsansatz sowie zentrale Anforderungen.

    @inproceedings{kuntke_geobox-vision_2020,
    address = {Magdeburg},
    title = {Die {GeoBox}-{Vision}: {Resiliente} {Interaktion} und {Kooperation} in der {Landwirtschaft} durch dezentrale {Systeme}},
    url = {https://dl.gi.de/handle/20.500.12116/33548},
    doi = {10.18420/muc2020-ws117-407},
    abstract = {Betrachtet man Landwirtschaft unter dem Blickwinkel kritischer Infrastruktur, da sie einen essenziellen Bestandteil der lebenswich-tigen Nahrungsmittelproduktion darstellt, so wird schnell klar, dass auch die dort eingesetzten Werkzeuge hohen Anforderungen stand-halten müssen. Mit dem Einsatz moderner digitaler Werkzeuge werden Erwartungen verbunden, sowohl den gesellschaftlichen Anforderungen nach Qualität und Quantität von Nahrungsmitteln gerecht zu werden, als auch dabei die Produktion möglichst effi-zient unter Berücksichtigung von Umwelt und Natur durchzufüh-ren. Ebenso gilt es die Interessen der landwirtschaftlich Beschäftig-ten zu wahren. Die Geobox-Infrastruktur verfolgt dieses Ziel. Zu den wichtigsten Aspekten, die dabei erfüllt werden müssen, zählen eine resiliente Systemarchitektur, Sicherheit und Datenhoheit, aber auch Gebrauchstauglichkeit. Dieser Beitrag diskutiert den For-schungsansatz sowie zentrale Anforderungen.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Kuntke, Franz and Reuter, Christian and Schneider, Wolfgang and Eberz, Daniel and Bernardi, Ansgar},
    editor = {Hansen, C. and Nürnberger, A. and Preim, B.},
    year = {2020},
    keywords = {Crisis, UsableSec, Security, Infrastructure, Projekt-GeoBox},
    pages = {1--6},
    }

  • Christian Reuter, Jasmin Haunschild, Matthias Hollick, Max Mühlhäuser, Joachim Vogt, Michael Kreutzer (2020)
    Towards Secure Urban Infrastructures: Cyber Security Challenges to Information and Communication Technology in Smart Cities
    Mensch und Computer – Workshopband Magdeburg. doi:10.18420/muc2020-ws117-408
    [BibTeX] [Abstract] [Download PDF]

    The growth of cities continues to be a global megatrend. As more and more people live in urban areas and urban services and infrastructures are under growing strain, technologies are increasingly being researched and used to make city life more efficient and comfortable. As a result, so-called “Smart Cities” have complex IT infrastructures and cyber-physical systems such as sensor/actuator networks for the general population and are developing worldwide. Urban infrastructure must be secured against attacks, ensuring reliable and resilient services for citizens as well as privacy and data security. This paper introduces selected challenges faced by infrastructure providers, citizens and decision-makers in handling attacks aimed at information and communication technologies (ICT) of urban infrastructures and presents current research avenues for tackling cyberattacks and for developing tools for creating, portraying and disseminating actiona-ble information as one important response to security challenges. It then presents findings from a representative survey conducted in Germany (N=1091) on the experiences and perceptions of citizens concerning the relevance of cyberat-tacks will be presented.

    @inproceedings{reuter_towards_2020,
    address = {Magdeburg},
    title = {Towards {Secure} {Urban} {Infrastructures}: {Cyber} {Security} {Challenges} to {Information} and {Communication} {Technology} in {Smart} {Cities}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/33550/muc2020-ws-408.pdf},
    doi = {10.18420/muc2020-ws117-408},
    abstract = {The growth of cities continues to be a global megatrend. As more and more people live in urban areas and urban services and infrastructures are under growing strain, technologies are increasingly being researched and used to make city life more efficient and comfortable. As a result, so-called “Smart Cities” have complex IT infrastructures and cyber-physical systems such as sensor/actuator networks for the general population and are developing worldwide. Urban infrastructure must be secured against attacks, ensuring reliable and resilient services for citizens as well as privacy and data security. This paper introduces selected challenges faced by infrastructure providers, citizens and decision-makers in handling attacks aimed at information and communication technologies (ICT) of urban infrastructures and presents current research avenues for tackling cyberattacks and for developing tools for creating, portraying and disseminating actiona-ble information as one important response to security challenges. It then presents findings from a representative survey conducted in Germany (N=1091) on the experiences and perceptions of citizens concerning the relevance of cyberat-tacks will be presented.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Reuter, Christian and Haunschild, Jasmin and Hollick, Matthias and Mühlhäuser, Max and Vogt, Joachim and Kreutzer, Michael},
    editor = {Hansen, C. and Nürnberger, A. and Preim, B.},
    year = {2020},
    keywords = {Crisis, UsableSec, Security, Infrastructure, Projekt-ATHENE-SecUrban, Projekt-emergenCITY},
    pages = {1--7},
    }

  • Sohaib S. Hassan, Christian Reuter, Levan Bzhalava (2020)
    Perception or capability? – An empirical investigation of the factors influencing the adoption of social media and public cloud in German SMEs
    International Journal of Innovation Management ;2150002:1–26. doi:10.1142/S136391962150002X
    [BibTeX] [Abstract] [Download PDF]

    Social media and public cloud computing (SM&PC) have emerged as important resources of small and medium enterprises (SMEs), but not all SMEs use SM&PC. The existing research predominantly focuses on the role of either the features of social media and cloud computing in relation to the perceptions of decision makers or the internal capabilities of organization concerning new innovation adoption. By integrating multidisciplinary literature, we, instead, argues that both the perception- and capability-related factors could play an important role in the adoption of new ICT technology, such as SM&PC. Therefore, we empirically investigated the decision maker’s perception-related and SME’s capability-related factors that may influence the adoption of SM&PC in SMEs in Germany. We used quantitative research methods to examine the proposed hypotheses on a sample of 2,404 SMEs from 17 industrial sectors. The results demonstrate that the decisions of German SMEs to engage in social media and cloud computing are not only influenced by the perceptions of SME owners about the usefulness, security aspects, and the implementation costs of SM&PC, but also by the internal capabilities of an SME, namely the innovativeness of an SME. The results and potential contributions of our research are discussed.

    @article{s_hassan_perception_2020,
    title = {Perception or capability? – {An} empirical investigation of the factors influencing the adoption of social media and public cloud in {German} {SMEs}},
    volume = {2150002},
    url = {https://peasec.de/paper/2020/2020_HassanReuterBzhalava_AdoptionSocialMediaSME_IJIM.pdf},
    doi = {10.1142/S136391962150002X},
    abstract = {Social media and public cloud computing (SM\&PC) have emerged as important resources of small and medium enterprises (SMEs), but not all SMEs use SM\&PC. The existing research predominantly focuses on the role of either the features of social media and cloud computing in relation to the perceptions of decision makers or the internal capabilities of organization concerning new innovation adoption. By integrating multidisciplinary literature, we, instead, argues that both the perception- and capability-related factors could play an important role in the adoption of new ICT technology, such as SM\&PC. Therefore, we empirically investigated the decision maker's perception-related and SME's capability-related factors that may influence the adoption of SM\&PC in SMEs in Germany. We used quantitative research methods to examine the proposed hypotheses on a sample of 2,404 SMEs from 17 industrial sectors. The results demonstrate that the decisions of German SMEs to engage in social media and cloud computing are not only influenced by the perceptions of SME owners about the usefulness, security aspects, and the implementation costs of SM\&PC, but also by the internal capabilities of an SME, namely the innovativeness of an SME. The results and potential contributions of our research are discussed.},
    journal = {International Journal of Innovation Management},
    author = {S. Hassan, Sohaib and Reuter, Christian and Bzhalava, Levan},
    year = {2020},
    keywords = {HCI, SocialMedia, UsableSec, Ranking-VHB-B, Projekt-KontiKat, Projekt-HyServ},
    pages = {1--26},
    }

  • Milan Stute, Max Maass, Tom Schons, Marc-André Kaufhold, Christian Reuter, Matthias Hollick (2020)
    Empirical Insights for Designing Information and Communication Technology for International Disaster Response
    International Journal of Disaster Risk Reduction (IJDRR) ;47(101598):1–10. doi:10.1016/j.ijdrr.2020.101598
    [BibTeX] [Abstract] [Download PDF]

    Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.

    @article{stute_empirical_2020,
    title = {Empirical {Insights} for {Designing} {Information} and {Communication} {Technology} for {International} {Disaster} {Response}},
    volume = {47},
    url = {https://www.sciencedirect.com/science/article/pii/S2212420919309501},
    doi = {10.1016/j.ijdrr.2020.101598},
    abstract = {Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.},
    number = {101598},
    journal = {International Journal of Disaster Risk Reduction (IJDRR)},
    author = {Stute, Milan and Maass, Max and Schons, Tom and Kaufhold, Marc-André and Reuter, Christian and Hollick, Matthias},
    year = {2020},
    keywords = {Crisis, Student, UsableSec, A-Paper, Ranking-ImpactFactor, Projekt-emergenCITY},
    pages = {1--10},
    }

  • Franziska Herbert, Gina Maria Schmidbauer-Wolf, Christian Reuter (2020)
    Differences in IT Security Behavior and Knowledge of Private Users in Germany
    Proceedings of the International Conference on Wirtschaftsinformatik (WI) Potsdam, Germany. doi:10.30844/wi_2020_v3-herbert
    [BibTeX] [Abstract] [Download PDF]

    The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) offers advice and recommendations for private users on how to behave securely. Based on these recommendations we investigate the IT security knowledge and behavior of private users with a rep- resentative study of the German population (N = 1.219). Additionally, we ana- lyze the role of socio-demographic factors (gender, age, education, political ori- entation) for security knowledge and behavior. Results show that German pri- vate users have only moderate IT security knowledge and behavior, with as- pects as gender, age, education and political orientation partly having an influ- ence. Men, higher educated and politically moderately oriented participants show higher security knowledge, whereas young people and those less knowl- edgeable about security behave less security-conscious. Additionally, security knowledge and behavior correlate moderately. Therefore, to increase private users‘ IT security we suggest to increase education and training especially for users being young, politically right-wing or female.

    @inproceedings{herbert_differences_2020,
    address = {Potsdam, Germany},
    title = {Differences in {IT} {Security} {Behavior} and {Knowledge} of {Private} {Users} in {Germany}},
    url = {https://library.gito.de/wp-content/uploads/2021/08/V3_Herbert-Differences_in_IT_Security_Behavior_and_Knowledge-541_c.pdf},
    doi = {10.30844/wi_2020_v3-herbert},
    abstract = {The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) offers advice and recommendations for private users on how to behave securely. Based on these recommendations we investigate the IT security knowledge and behavior of private users with a rep- resentative study of the German population (N = 1.219). Additionally, we ana- lyze the role of socio-demographic factors (gender, age, education, political ori- entation) for security knowledge and behavior. Results show that German pri- vate users have only moderate IT security knowledge and behavior, with as- pects as gender, age, education and political orientation partly having an influ- ence. Men, higher educated and politically moderately oriented participants show higher security knowledge, whereas young people and those less knowl- edgeable about security behave less security-conscious. Additionally, security knowledge and behavior correlate moderately. Therefore, to increase private users' IT security we suggest to increase education and training especially for users being young, politically right-wing or female.},
    booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI})},
    author = {Herbert, Franziska and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
    year = {2020},
    keywords = {Ranking-CORE-C, Ranking-VHB-C, UsableSec, Security, Ranking-WKWI-A, Projekt-ATHENE-FANCY},
    pages = {1--16},
    }

    2019

  • Christian Reuter, Konstantin Aal, Larissa Aldehoff, Jürgen Altmann, Johannes Buchmann, Ute Bernhardt, Kai Denker, Dominik Herrmann, Matthias Hollick, Stefan Katzenbeisser, Marc-André Kaufhold, Alfred Nordmann, Thomas Reinhold, Thea Riebe, Annette Ripper, Ingo Ruhmann, Klaus-Peter Saalbach, Niklas Schörnig, Ali Sunyaev, Volker Wulf (2019)
    The Future of IT in Peace and Security
    In: Christian Reuter: Information Technology for Peace and Security – IT-Applications and Infrastructures in Conflicts, Crises, War, and Peace. Wiesbaden, Germany: Springer Vieweg, , 405–413. doi:10.1007/978-3-658-25652-4_19
    [BibTeX] [Abstract] [Download PDF]

    Not only today, but also in the future information technology and the advances in the field of computer science will have a high relevance for peace and security. Naturally, a textbook like this can only cover a selective part of research and a certain point in time. Nonetheless, it can be attempted to identify trends, challenges and venture an outlook into the future. That is exactly what we want to achieve in this chapter: To predict fu-ture developments and try to classify them correctly. These considerations were made both by the editor and the authors involved alike. Therefore, an outlook based on fun-damentals, cyber conflicts and war, cyber peace, cyber arms control, infrastructures as well as social interaction is given.

    @incollection{reuter_future_2019,
    address = {Wiesbaden, Germany},
    title = {The {Future} of {IT} in {Peace} and {Security}},
    isbn = {978-3-658-25652-4},
    url = {https://www.springer.com/de/book/9783658256517},
    abstract = {Not only today, but also in the future information technology and the advances in the field of computer science will have a high relevance for peace and security. Naturally, a textbook like this can only cover a selective part of research and a certain point in time. Nonetheless, it can be attempted to identify trends, challenges and venture an outlook into the future. That is exactly what we want to achieve in this chapter: To predict fu-ture developments and try to classify them correctly. These considerations were made both by the editor and the authors involved alike. Therefore, an outlook based on fun-damentals, cyber conflicts and war, cyber peace, cyber arms control, infrastructures as well as social interaction is given.},
    booktitle = {Information {Technology} for {Peace} and {Security} - {IT}-{Applications} and {Infrastructures} in {Conflicts}, {Crises}, {War}, and {Peace}},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian and Aal, Konstantin and Aldehoff, Larissa and Altmann, Jürgen and Buchmann, Johannes and Bernhardt, Ute and Denker, Kai and Herrmann, Dominik and Hollick, Matthias and Katzenbeisser, Stefan and Kaufhold, Marc-André and Nordmann, Alfred and Reinhold, Thomas and Riebe, Thea and Ripper, Annette and Ruhmann, Ingo and Saalbach, Klaus-Peter and Schörnig, Niklas and Sunyaev, Ali and Wulf, Volker},
    editor = {Reuter, Christian},
    year = {2019},
    doi = {10.1007/978-3-658-25652-4_19},
    keywords = {HCI, UsableSec, Security, Peace, Projekt-CRISP, Projekt-CROSSING},
    pages = {405--413},
    }

  • Gina Maria Schmidbauer-Wolf, Franziska Herbert, Christian Reuter (2019)
    Responsible Data Usage in Smart Cities: Privacy in Everyday Life vs. Reacting to Emergency Situations
    SCIENCE PEACE SECURITY ’19 – Proceedings of the Interdisciplinary Conference on Technical Peace and Security Research Darmstadt, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Smart cities want to provide a better life to their citizens, e.g. regarding health care, infrastruc- ture, better safety and security. This can be achieved by using more and new technology and by interconnecting and analysing new and existent devices. Thus, public spaces and buildings will be equipped with more interconnected input and output modalities. This ongoing technolo- gization of public spaces creates opportunities for making everyone’s life more secure, while at the same time everyone’s personal privacy is endangered. So how is this balancing act tackled and dealt with right now? What fears do citizens have regarding their security as well as their privacy? This paper provides first insights into the topic privacy in smart cities regarding that smart cities need data which can be provided by and of people. The paper raises the question if collecting people’s data, and thus enabling smart cities, is ethical and if not, how it can be assured to be ethical.

    @inproceedings{schmidbauer-wolf_responsible_2019,
    address = {Darmstadt, Germany},
    title = {Responsible {Data} {Usage} in {Smart} {Cities}: {Privacy} in {Everyday} {Life} vs. {Reacting} to {Emergency} {Situations}},
    url = {https://tuprints.ulb.tu-darmstadt.de/id/eprint/9164},
    abstract = {Smart cities want to provide a better life to their citizens, e.g. regarding health care, infrastruc- ture, better safety and security. This can be achieved by using more and new technology and by interconnecting and analysing new and existent devices. Thus, public spaces and buildings will be equipped with more interconnected input and output modalities. This ongoing technolo- gization of public spaces creates opportunities for making everyone's life more secure, while at the same time everyone's personal privacy is endangered. So how is this balancing act tackled and dealt with right now? What fears do citizens have regarding their security as well as their privacy? This paper provides first insights into the topic privacy in smart cities regarding that smart cities need data which can be provided by and of people. The paper raises the question if collecting people's data, and thus enabling smart cities, is ethical and if not, how it can be assured to be ethical.},
    booktitle = {{SCIENCE} {PEACE} {SECURITY} '19 - {Proceedings} of the {Interdisciplinary} {Conference} on {Technical} {Peace} and {Security} {Research}},
    publisher = {TUprints},
    author = {Schmidbauer-Wolf, Gina Maria and Herbert, Franziska and Reuter, Christian},
    editor = {Reuter, Christian and Altmann, Jürgen and Göttsche, Malte and Himmel, Mirko},
    year = {2019},
    keywords = {HCI, UsableSec, Security, Projekt-CRISP, Projekt-ATHENE-FANCY},
    pages = {70--74},
    }

  • Margarita Grinko, Marc-André Kaufhold, Christian Reuter (2019)
    Adoption, Use and Diffusion of Crisis Apps in Germany: A Representative Survey
    Mensch und Computer – Tagungsband Hamburg, Germany. doi:10.1145/3340764.3340782
    [BibTeX] [Abstract] [Download PDF]

    The research field of crisis informatics examines the potentials and limitations of information and communication technology in crises, disasters, and emergencies. Although ICT plays an increasingly large role in crisis response and management, in-depth studies on crisis apps and similar technology in the context of an emergency have been missing. Based on responses by 1024 participants in Germany, we examine the diffusion, usage, perception and adoption of mobile crisis apps as well as required functions and improvements. We conclude that crisis apps are still a little-known form of disaster ICT, but have potential for enhancing communication, keeping users up to date and providing a more effective crisis management as supplement to other media channels dependent on different underlying infrastructures. However, they should be adaptable to user characteristics, consider privacy, allow communication and offer valuable information to raise awareness of potential disasters without creating an overload. Also, the familiarity with and trust in crisis apps should be addressed to maximize their beneficial impact on crisis communication and management. We discuss further implications as well as directions for future research with larger target groups and specific usage scenarios.

    @inproceedings{grinko_adoption_2019,
    address = {Hamburg, Germany},
    title = {Adoption, {Use} and {Diffusion} of {Crisis} {Apps} in {Germany}: {A} {Representative} {Survey}},
    url = {https://dl.acm.org/citation.cfm?id=3340782},
    doi = {10.1145/3340764.3340782},
    abstract = {The research field of crisis informatics examines the potentials and limitations of information and communication technology in crises, disasters, and emergencies. Although ICT plays an increasingly large role in crisis response and management, in-depth studies on crisis apps and similar technology in the context of an emergency have been missing. Based on responses by 1024 participants in Germany, we examine the diffusion, usage, perception and adoption of mobile crisis apps as well as required functions and improvements. We conclude that crisis apps are still a little-known form of disaster ICT, but have potential for enhancing communication, keeping users up to date and providing a more effective crisis management as supplement to other media channels dependent on different underlying infrastructures. However, they should be adaptable to user characteristics, consider privacy, allow communication and offer valuable information to raise awareness of potential disasters without creating an overload. Also, the familiarity with and trust in crisis apps should be addressed to maximize their beneficial impact on crisis communication and management. We discuss further implications as well as directions for future research with larger target groups and specific usage scenarios.},
    booktitle = {Mensch und {Computer} - {Tagungsband}},
    publisher = {ACM},
    author = {Grinko, Margarita and Kaufhold, Marc-André and Reuter, Christian},
    editor = {Alt, Florian and Bulling, Andreas and Döring, Tanja},
    year = {2019},
    keywords = {Crisis, Student, UsableSec, Projekt-KontiKat, Projekt-MAKI},
    pages = {263--274},
    }

  • Christian Reuter, Katja Häusser, Mona Bien, Franziska Herbert (2019)
    Between Effort and Security: User Assessment of the Adequacy of Security Mechanisms for App Categories
    Mensch und Computer – Tagungsband Hamburg, Germany. doi:10.1145/3340764.3340770
    [BibTeX] [Abstract] [Download PDF]

    With the increasing popularity of the smartphone, the number of people using it for financial transactions such as online shopping, online banking or mobile payment is also growing. Apps used in these contexts store sensitive and valuable data, creating a need for security measures. It has not yet been researched to what extent certain authentication mechanisms, which can be information-, biometric- as well as token-based, are suitable for individual apps and the respective data. The goal of this work is to assess how perceived security and estimated effort of using such mechanisms, as well as the degree to which app data is considered worth protecting, influence users‘ choices of appropriate measures to protect app categories. Therefore, we conducted a representative study (n=1024). On the one hand, our results show that a positive correlation between perceived security and effort exists for all investigated non-biometric authentication methods. On the other hand, the study sheds light on the differences between the investigated app categories and the users‘ choice of the appropriate security mechanisms for the particular category. In contrast to perceived security having a positive influence on a user’s preference of mechanism, a relation can hardly be identified for effort. Moreover, app data sensitivity does not seem relevant for the users‘ choice of security mechanism.

    @inproceedings{reuter_between_2019,
    address = {Hamburg, Germany},
    title = {Between {Effort} and {Security}: {User} {Assessment} of the {Adequacy} of {Security} {Mechanisms} for {App} {Categories}},
    url = {http://www.peasec.de/paper/2019/2019_ReuterHaeusserBienHerbert_EffortSecurity_MuC.pdf},
    doi = {10.1145/3340764.3340770},
    abstract = {With the increasing popularity of the smartphone, the number of people using it for financial transactions such as online shopping, online banking or mobile payment is also growing. Apps used in these contexts store sensitive and valuable data, creating a need for security measures. It has not yet been researched to what extent certain authentication mechanisms, which can be information-, biometric- as well as token-based, are suitable for individual apps and the respective data. The goal of this work is to assess how perceived security and estimated effort of using such mechanisms, as well as the degree to which app data is considered worth protecting, influence users' choices of appropriate measures to protect app categories. Therefore, we conducted a representative study (n=1024). On the one hand, our results show that a positive correlation between perceived security and effort exists for all investigated non-biometric authentication methods. On the other hand, the study sheds light on the differences between the investigated app categories and the users' choice of the appropriate security mechanisms for the particular category. In contrast to perceived security having a positive influence on a user's preference of mechanism, a relation can hardly be identified for effort. Moreover, app data sensitivity does not seem relevant for the users' choice of security mechanism.},
    booktitle = {Mensch und {Computer} - {Tagungsband}},
    publisher = {ACM},
    author = {Reuter, Christian and Häusser, Katja and Bien, Mona and Herbert, Franziska},
    editor = {Alt, Florian and Bulling, Andreas and Döring, Tanja},
    year = {2019},
    keywords = {HCI, Student, UsableSec, Security, Projekt-CRISP, Projekt-CROSSING, Projekt-ATHENE-FANCY},
    pages = {287--297},
    }

  • Larissa Aldehoff, Meri Dankenbring, Christian Reuter (2019)
    Renouncing Privacy in Crisis Management? People’s View on Social Media Monitoring and Surveillance
    Proceedings of the Information Systems for Crisis Response and Management (ISCRAM) València, Spain.
    [BibTeX] [Abstract] [Download PDF]

    Social media is used during crises and disasters by state authorities and citizens to communicate and provide, gain and analyze information. Monitoring of platforms in such cases is both a well-established practice and a research area. The question, whether people are willing to renounce privacy in social media during critical incidents, or even allow surveillance in order to contribute to public security, remains unanswered. Our survey of 1,024 German inhabitants is the first empirical study on people’s views on social media monitoring and surveillance in crisis management. We find the willingness to share data during an imminent threat depends mostly on the type of data: a majority (63\% and 67\%, respectively) would give access to addresses and telephone numbers, whereas the willingness to share content of chats or telephone calls is significantly lower (27\%). Our analysis reveals diverging opinions among participants and some effects of sociodemographic variables on the acceptance of invasions into privacy.

    @inproceedings{aldehoff_renouncing_2019,
    address = {València, Spain},
    title = {Renouncing {Privacy} in {Crisis} {Management}? {People}'s {View} on {Social} {Media} {Monitoring} and {Surveillance}},
    url = {http://www.peasec.de/paper/2019/2019_AldehoffDankenbringReuter_RenouncingPrivacyCrisisManagement_ISCRAM.pdf},
    abstract = {Social media is used during crises and disasters by state authorities and citizens to communicate and provide, gain and analyze information. Monitoring of platforms in such cases is both a well-established practice and a research area. The question, whether people are willing to renounce privacy in social media during critical incidents, or even allow surveillance in order to contribute to public security, remains unanswered. Our survey of 1,024 German inhabitants is the first empirical study on people's views on social media monitoring and surveillance in crisis management. We find the willingness to share data during an imminent threat depends mostly on the type of data: a majority (63\% and 67\%, respectively) would give access to addresses and telephone numbers, whereas the willingness to share content of chats or telephone calls is significantly lower (27\%). Our analysis reveals diverging opinions among participants and some effects of sociodemographic variables on the acceptance of invasions into privacy.},
    booktitle = {Proceedings of the {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
    publisher = {ISCRAM Association},
    author = {Aldehoff, Larissa and Dankenbring, Meri and Reuter, Christian},
    editor = {Franco, Zeno and González, José J. and Canós, José H.},
    year = {2019},
    keywords = {Crisis, SocialMedia, Student, UsableSec, Security, Peace, Projekt-CRISP, Projekt-DualUse, Projekt-CROSSING, Projekt-ATHENE-FANCY},
    pages = {1184--1197},
    }

  • Christian Reuter, Thomas Ludwig, Patrick Mischur (2019)
    RescueGlass: Collaborative Applications involving Head-Mounted Displays for Red Cross Rescue Dog Units
    Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW) ;28(1-2):209–246. doi:10.1007/s10606-018-9339-8
    [BibTeX] [Abstract] [Download PDF]

    On-site work of emergency service teams consists of highly cooperative tasks. Especially during distributed search and rescue tasks there is a constant mix of routinized and non-routinized activities. Within this paper we focus on the work practices of the German Red Cross Rescue Dog Units who deal with several uncertainties regarding the involved dogs, the fragility of the respective situations as well as issues of using technologies under enormous time pressure. Smart glasses provide possibilities for enhanced and hands-free interaction in various contexts and a number of approaches have already been applied, aiming at efficient use of the respective technological innovation in private and professional contexts. However, the collaborative potential of smart glasses in time-critical and uncertain situations is still unexplored. Our design case study examines how the on-site work of emergency service teams can be supported by smart glasses: Based on examining the work practices of the German Red Cross Rescue Dogs, we introduce ‘RescueGlass‘ as a coordinative concept, encompassing hands-free head-mounted display (HMD) application as well as a corresponding smartphone application. Finally, we describe the evaluation of its use in the field of emergency response and management. We show how current features such as ‘fog of war‘ or various sensors support the cooperative practices of dog handlers, and outline current technical limitations offering future research questions. Our paper provides an initial design probe using smart glasses to engage in the field of collaborative professional mobile tasks.

    @article{reuter_rescueglass_2019,
    title = {{RescueGlass}: {Collaborative} {Applications} involving {Head}-{Mounted} {Displays} for {Red} {Cross} {Rescue} {Dog} {Units}},
    volume = {28},
    url = {http://www.peasec.de/paper/2019/2019_ReuterLudwigMischur_RescueGlass_JCSCW.pdf},
    doi = {10.1007/s10606-018-9339-8},
    abstract = {On-site work of emergency service teams consists of highly cooperative tasks. Especially during distributed search and rescue tasks there is a constant mix of routinized and non-routinized activities. Within this paper we focus on the work practices of the German Red Cross Rescue Dog Units who deal with several uncertainties regarding the involved dogs, the fragility of the respective situations as well as issues of using technologies under enormous time pressure. Smart glasses provide possibilities for enhanced and hands-free interaction in various contexts and a number of approaches have already been applied, aiming at efficient use of the respective technological innovation in private and professional contexts. However, the collaborative potential of smart glasses in time-critical and uncertain situations is still unexplored. Our design case study examines how the on-site work of emergency service teams can be supported by smart glasses: Based on examining the work practices of the German Red Cross Rescue Dogs, we introduce ‘RescueGlass' as a coordinative concept, encompassing hands-free head-mounted display (HMD) application as well as a corresponding smartphone application. Finally, we describe the evaluation of its use in the field of emergency response and management. We show how current features such as ‘fog of war' or various sensors support the cooperative practices of dog handlers, and outline current technical limitations offering future research questions. Our paper provides an initial design probe using smart glasses to engage in the field of collaborative professional mobile tasks.},
    number = {1-2},
    journal = {Computer Supported Cooperative Work: The Journal of Collaborative Computing (JCSCW)},
    author = {Reuter, Christian and Ludwig, Thomas and Mischur, Patrick},
    year = {2019},
    keywords = {Cooperation, Crisis, HCI, UsableSec, Security, A-Paper, Ranking-ImpactFactor, Ranking-VHB-B, Projekt-KontiKat, Projekt-KOKOS, Ranking-CORE-B, Infrastructure},
    pages = {209--246},
    }

  • Timo Kalle, Marc-André Kaufhold, Franz Kuntke, Christian Reuter, Amr Rizk, Ralf Steinmetz (2019)
    Resilience in Security and Crises through Adaptions and Transitions
    INFORMATIK 2019: 50 Jahre Gesellschaft für Informatik – Informatik für Gesellschaft (Workshop-Beiträge), Lecture Notes in Informatics (LNI) Kassel, Germany. doi:10.18420/inf2019_ws60
    [BibTeX] [Abstract] [Download PDF]

    Currently, there is a tremendous number of communication technology and tems in use. Not only in the private user space, but also in business operations and societal areas, they are deeply involved: Ranging from messaging services or navigation over (critical) SCADA systems to whole digital cities and communities. Consequently, the view on communication networks in security and particularly crisis scenarios becomes inevitable. This paper examines the notions of resilience, adaption and transition within communication networks with a specific focus on crises. Based on a structured literature review, the fundamentals of resilience and communication networks are introduced. The paper then discusses the characteristics of (a) evolvability, accessibility, usability and diversity as well as (b) self-organization, -management, -optimization, – monitoring, -healing and -protection for communication network resilience. Finally, it outlines challenges and potentials of communication network resilience based in the use cases of security and crises.

    @inproceedings{kalle_resilience_2019,
    address = {Kassel, Germany},
    title = {Resilience in {Security} and {Crises} through {Adaptions} and {Transitions}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/25097/paper12_02.pdf},
    doi = {10.18420/inf2019_ws60},
    abstract = {Currently, there is a tremendous number of communication technology and tems in use. Not only in the private user space, but also in business operations and societal areas, they are deeply involved: Ranging from messaging services or navigation over (critical) SCADA systems to whole digital cities and communities. Consequently, the view on communication networks in security and particularly crisis scenarios becomes inevitable. This paper examines the notions of resilience, adaption and transition within communication networks with a specific focus on crises. Based on a structured literature review, the fundamentals of resilience and communication networks are introduced. The paper then discusses the characteristics of (a) evolvability, accessibility, usability and diversity as well as (b) self-organization, -management, -optimization, - monitoring, -healing and -protection for communication network resilience. Finally, it outlines challenges and potentials of communication network resilience based in the use cases of security and crises.},
    booktitle = {{INFORMATIK} 2019: 50 {Jahre} {Gesellschaft} für {Informatik} – {Informatik} für {Gesellschaft} ({Workshop}-{Beiträge}), {Lecture} {Notes} in {Informatics} ({LNI})},
    publisher = {Gesellschaft für Informatik e. V.},
    author = {Kalle, Timo and Kaufhold, Marc-André and Kuntke, Franz and Reuter, Christian and Rizk, Amr and Steinmetz, Ralf},
    editor = {Draude, C. and Lange, M. and Sick, B.},
    year = {2019},
    keywords = {Crisis, HCI, Student, Ranking-CORE-C, Ranking-VHB-C, UsableSec, Security, Projekt-MAKI, Projekt-GeoBox},
    pages = {571--584},
    }

  • Christian Reuter (2019)
    Information Technology for Peace and Security – An Emerging Research Field
    SCIENCE PEACE SECURITY ’19 – Proceedings of the Interdisciplinary Conference on Technical Peace and Security Research Darmstadt, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Technological and scientific progress, especially the rapid development in information technology (IT), plays a crucial role regarding questions of peace and security. This short overview addresses the significance, potentials and challenges of IT for peace and security. For this purpose, the talk offers an introduction to peace, conflict, and security research, thereby focusing on natural science, technical and computer science perspectives. In the following, it sheds light on fundamentals (e.g. IT in peace, conflict and security, natural science/ technical peace research), cyber conflicts and war (e.g. information warfare, cyber espionage, cyber defence, Darknet), cyber peace (e.g. dual-use, technology assessment, confidence and security building measures), cyber arms control (e.g. arms control in the cyberspace, unmanned systems, verification), cyber attribution and infrastructures (e.g. attribution of cyber-attacks, resilient infrastructures, secure critical information infrastructures), culture and interaction (e.g. safety and security, cultural violence, social media), before an outlook is given.

    @inproceedings{reuter_information_2019-2,
    address = {Darmstadt, Germany},
    title = {Information {Technology} for {Peace} and {Security} – {An} {Emerging} {Research} {Field}},
    url = {www.peasec.de/paper/2019/2019_Reuter_ITPeaceSecurityEmergingField_ProcSciencePeaceSecurity-TUprints.pdf},
    abstract = {Technological and scientific progress, especially the rapid development in information technology (IT), plays a crucial role regarding questions of peace and security. This short overview addresses the significance, potentials and challenges of IT for peace and security. For this purpose, the talk offers an introduction to peace, conflict, and security research, thereby focusing on natural science, technical and computer science perspectives. In the following, it sheds light on fundamentals (e.g. IT in peace, conflict and security, natural science/ technical peace research), cyber conflicts and war (e.g. information warfare, cyber espionage, cyber defence, Darknet), cyber peace (e.g. dual-use, technology assessment, confidence and security building measures), cyber arms control (e.g. arms control in the cyberspace, unmanned systems, verification), cyber attribution and infrastructures (e.g. attribution of cyber-attacks, resilient infrastructures, secure critical information infrastructures), culture and interaction (e.g. safety and security, cultural violence, social media), before an outlook is given.},
    booktitle = {{SCIENCE} {PEACE} {SECURITY} '19 - {Proceedings} of the {Interdisciplinary} {Conference} on {Technical} {Peace} and {Security} {Research}},
    publisher = {TUprints},
    author = {Reuter, Christian},
    editor = {Reuter, Christian and Altmann, Jürgen and Göttsche, Malte and Himmel, Mirko},
    year = {2019},
    keywords = {HCI, UsableSec, Security, Projekt-CRISP, Projekt-ATHENE-FANCY},
    pages = {18--20},
    }

  • Christian Reuter, Tilo Mentler, Simon Nestler, Michael Herczeg, Thomas Ludwig, Jens Pottebaum, Marc-André Kaufhold (2019)
    6. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen – Neue digitale Realitäten
    Mensch und Computer – Workshopband Hamburg, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Nur wenn die technischen (z.B. Zuverlässigkeit) und nutzungs- orientierten Aspekte (z.B. Gebrauchstauglichkeit) angemessen und integriert berücksichtigt werden, können computerbasierte Systeme und vor allem deren Anwendung in komplexen Situati- onen sicher sein. Eine gute Benutzbarkeit ist dabei kein Zusatz, sondern zentraler Bestandteil bei der Verbesserung der System- sicherheit. Im Zentrum dieses Workshops stehen Erkenntnisse zur Mensch-Computer-Interaktion in sicherheitskritischen An- wendungsgebieten. Dazu werden Konzepte der Krisenkommuni- kation, der Nutzung sozialer Medien, neuartige Interaktionskon- zepte und Reflektionen zu Forschungsprojekten vorgestellt.

    @inproceedings{reuter_6_2019,
    address = {Hamburg, Germany},
    title = {6. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen} - {Neue} digitale {Realitäten}},
    url = {https://dl.gi.de/server/api/core/bitstreams/0f34b4af-542f-4a0e-8793-ceaf0602dee2/content},
    abstract = {Nur wenn die technischen (z.B. Zuverlässigkeit) und nutzungs- orientierten Aspekte (z.B. Gebrauchstauglichkeit) angemessen und integriert berücksichtigt werden, können computerbasierte Systeme und vor allem deren Anwendung in komplexen Situati- onen sicher sein. Eine gute Benutzbarkeit ist dabei kein Zusatz, sondern zentraler Bestandteil bei der Verbesserung der System- sicherheit. Im Zentrum dieses Workshops stehen Erkenntnisse zur Mensch-Computer-Interaktion in sicherheitskritischen An- wendungsgebieten. Dazu werden Konzepte der Krisenkommuni- kation, der Nutzung sozialer Medien, neuartige Interaktionskon- zepte und Reflektionen zu Forschungsprojekten vorgestellt.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Reuter, Christian and Mentler, Tilo and Nestler, Simon and Herczeg, Michael and Ludwig, Thomas and Pottebaum, Jens and Kaufhold, Marc-André},
    year = {2019},
    keywords = {Crisis, HCI, UsableSec, Security},
    pages = {278--280},
    }

    2018

  • Christian Reuter, Konstantin Aal, Frank Beham, Alexander Boden, Florian Brauner, Thomas Ludwig, Stephan Lukosch, Frank Fiedrich, Frank Fuchs-Kittowski, Stefan Geisler, Klaus Gennen, Dominik Herrmann, Marc-André Kaufhold, Michael Klafft, Myriam Lipprandt, Luigi Lo Iacono, Volkmar Pipek, Jens Pottebaum, Tilo Mentler, Simon Nestler, Stefan Stieglitz, Christian Sturm, Gebhard Rusch, Stefan Sackmann, Melanie Volkamer, Volker Wulf (2018)
    Die Zukunft sicherheitskritischer Mensch-Computer-Interaktion
    In: Christian Reuter: Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement. Wiesbaden, Germany: Springer Vieweg, , 621–630. doi:10.1007/978-3-658-19523-6_30
    [BibTeX] [Abstract] [Download PDF]

    Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit, sondern auch zukünftig ein äußerst relevantes Thema. Hierbei kann ein Lehr- und Fachbuch, wie dieses, immer nur einen punktuellen Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das möchte dieses Kapitel erreichen: Es sollen zukünftige Entwicklungen vorausgesagt und versucht werden, diese korrekt einzuordnen. Das ist an dieser Stelle nicht nur durch den Herausgeber, sondern durch Abfrage bei zahlreichen am Lehrbuch beteiligten Autoren geschehen. Neben einem Ausblick auf Grundlagen und Methoden werden dementsprechend auch sicherheitskritische interaktive Systeme und sicherheitskritische kooperative Systeme abgedeckt.

    @incollection{reuter_zukunft_2018,
    address = {Wiesbaden, Germany},
    title = {Die {Zukunft} sicherheitskritischer {Mensch}-{Computer}-{Interaktion}},
    isbn = {978-3-658-19523-6},
    url = {https://link.springer.com/chapter/10.1007/978-3-658-19523-6_30},
    abstract = {Sicherheitskritische Mensch-Computer-Interaktion ist nicht nur derzeit, sondern auch zukünftig ein äußerst relevantes Thema. Hierbei kann ein Lehr- und Fachbuch, wie dieses, immer nur einen punktuellen Stand abdecken. Dennoch kann der Versuch unternommen werden, aktuelle Trends zu identifizieren und einen Ausblick in die Zukunft zu wagen. Genau das möchte dieses Kapitel erreichen: Es sollen zukünftige Entwicklungen vorausgesagt und versucht werden, diese korrekt einzuordnen. Das ist an dieser Stelle nicht nur durch den Herausgeber, sondern durch Abfrage bei zahlreichen am Lehrbuch beteiligten Autoren geschehen. Neben einem Ausblick auf Grundlagen und Methoden werden dementsprechend auch sicherheitskritische interaktive Systeme und sicherheitskritische kooperative Systeme abgedeckt.},
    booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement}},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian and Aal, Konstantin and Beham, Frank and Boden, Alexander and Brauner, Florian and Ludwig, Thomas and Lukosch, Stephan and Fiedrich, Frank and Fuchs-Kittowski, Frank and Geisler, Stefan and Gennen, Klaus and Herrmann, Dominik and Kaufhold, Marc-André and Klafft, Michael and Lipprandt, Myriam and Lo Iacono, Luigi and Pipek, Volkmar and Pottebaum, Jens and Mentler, Tilo and Nestler, Simon and Stieglitz, Stefan and Sturm, Christian and Rusch, Gebhard and Sackmann, Stefan and Volkamer, Melanie and Wulf, Volker},
    editor = {Reuter, Christian},
    year = {2018},
    doi = {10.1007/978-3-658-19523-6_30},
    keywords = {Crisis, HCI, SocialMedia, UsableSec, Security, Projekt-KontiKat},
    pages = {621--630},
    }

  • Christian Reuter, Tilo Mentler, Simon Nestler, Michael Herczeg, Stefan Geisler, Thomas Ludwig, Volkmar Pipek, Jens Pottebaum (2018)
    5. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen
    Mensch und Computer – Workshopband Dresden, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Im Zentrum dieses Workshops stehen Erkenntnisse zur Mensch-Computer-Interaktion (MCI) in sicherheitskritischen Anwendungsgebieten. Da in solchen Feldern – etwa Katastrophenmanagement, Verkehr, Produktion oder Medizin – MCI eine immer größere Relevanz erhält, sind viele wissenschaftliche Gebiete, unter anderem die Informatik oder Mensch-Maschine Interaktion, zunehmend gefragt. Die Herausfor-derung besteht darin, bestehende Ansätze und Methoden zu diskutieren, anzupassen und innovative Lösungen zu entwickeln, die von den Nutzenden sicher und effizient verwendet werden können.

    @inproceedings{reuter_5_2018,
    address = {Dresden, Germany},
    title = {5. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/16929/Beitrag_328_final__a.pdf},
    abstract = {Im Zentrum dieses Workshops stehen Erkenntnisse zur Mensch-Computer-Interaktion (MCI) in sicherheitskritischen Anwendungsgebieten. Da in solchen Feldern – etwa Katastrophenmanagement, Verkehr, Produktion oder Medizin – MCI eine immer größere Relevanz erhält, sind viele wissenschaftliche Gebiete, unter anderem die Informatik oder Mensch-Maschine Interaktion, zunehmend gefragt. Die Herausfor-derung besteht darin, bestehende Ansätze und Methoden zu diskutieren, anzupassen und innovative Lösungen zu entwickeln, die von den Nutzenden sicher und effizient verwendet werden können.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Reuter, Christian and Mentler, Tilo and Nestler, Simon and Herczeg, Michael and Geisler, Stefan and Ludwig, Thomas and Pipek, Volkmar and Pottebaum, Jens},
    editor = {Dachselt, Raimund and Weber, Gerhard},
    year = {2018},
    keywords = {Crisis, HCI, UsableSec, Security, Projekt-KontiKat},
    pages = {565--569},
    }

  • Christian Reuter, Marc-André Kaufhold (2018)
    Usable Safety Engineering sicherheitskritischer interaktiver Systeme
    In: Christian Reuter: Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement. Wiesbaden, Germany: Springer Vieweg, , 17–40. doi:10.1007/978-3-658-19523-6_2
    [BibTeX] [Abstract] [Download PDF]

    Die Gestaltung gebrauchstauglicher, interaktiver und kooperativer Systeme wird bereits seit den 1980er Jahren in der Disziplin Mensch-Computer-Interaktion (MCI) und Com-puterunterstützte Gruppenarbeit (CSCW) behandelt. Es gibt jedoch einige Besonderhei-ten der MCI im Kontext sicherheitskritischer Systeme, insbesondere der störungsfreien Nutzung von IT (Safety) zu beachten. Dieses Kapitel stellt die wichtigsten Merkmale der Anwendung von Gestaltungsmethoden der MCI in sicherheitskritischen Systemen dar. Hierfür werden zu Beginn die Grundlagen der beiden Gebiete – der MCI sowie des Kri-sen- und Sicherheitsmanagements – erläutert. Darauf aufbauend werden Ansätze und Methoden der Analyse, des Designs und der Entwicklung sowie der Evaluation der MCI unter besonderer Berücksichtigung sicherheitskritischer Systeme diskutiert. Aspekte wie Risikoanalysen in der Anforderungsanalyse, die Einkalkulierung von Bedienfehlern und Rückfallebenen im Systemdesign gehören ebenso dazu wie besondere Herausforderun-gen bei Evaluationen.

    @incollection{reuter_usable_2018,
    address = {Wiesbaden, Germany},
    title = {Usable {Safety} {Engineering} sicherheitskritischer interaktiver {Systeme}},
    isbn = {978-3-658-19523-6},
    url = {https://link.springer.com/chapter/10.1007/978-3-658-19523-6_2},
    abstract = {Die Gestaltung gebrauchstauglicher, interaktiver und kooperativer Systeme wird bereits seit den 1980er Jahren in der Disziplin Mensch-Computer-Interaktion (MCI) und Com-puterunterstützte Gruppenarbeit (CSCW) behandelt. Es gibt jedoch einige Besonderhei-ten der MCI im Kontext sicherheitskritischer Systeme, insbesondere der störungsfreien Nutzung von IT (Safety) zu beachten. Dieses Kapitel stellt die wichtigsten Merkmale der Anwendung von Gestaltungsmethoden der MCI in sicherheitskritischen Systemen dar. Hierfür werden zu Beginn die Grundlagen der beiden Gebiete – der MCI sowie des Kri-sen- und Sicherheitsmanagements – erläutert. Darauf aufbauend werden Ansätze und Methoden der Analyse, des Designs und der Entwicklung sowie der Evaluation der MCI unter besonderer Berücksichtigung sicherheitskritischer Systeme diskutiert. Aspekte wie Risikoanalysen in der Anforderungsanalyse, die Einkalkulierung von Bedienfehlern und Rückfallebenen im Systemdesign gehören ebenso dazu wie besondere Herausforderun-gen bei Evaluationen.},
    booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement}},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian and Kaufhold, Marc-André},
    editor = {Reuter, Christian},
    year = {2018},
    doi = {10.1007/978-3-658-19523-6_2},
    keywords = {HCI, UsableSec, Security, Projekt-KontiKat, Projekt-CRISP},
    pages = {17--40},
    }

  • Christian Reuter (2018)
    Sicherheitskritische Mensch-Computer-Interaktion – Einleitung und Überblick
    In: Christian Reuter: Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement. Wiesbaden, Germany: Springer Vieweg, , 3–14. doi:10.1007/978-3-658-19523-6_1
    [BibTeX] [Abstract] [Download PDF]

    Die sicherheitskritische Mensch-Computer-Interaktion (MCI) ist eine interdisziplinäre Herausforderung und ein für die Informatik und die jeweiligen Anwendungsdomänen in der Bedeutung zunehmendes Thema. Dieses Kapitel bietet eine Einführung in das Lehr- und Fachbuch „Sicherheitskritische Mensch-Computer-Interaktion – Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement“. Als didaktisch aufbereiteter, umfassender Überblick über Grundlagen, Methoden und Anwendungsgebiete soll es sowohl als vorlesungsbegleitende Lektüre als auch als Nachschlagewerk für Wissenschaftler, Designer und Entwickler dienen. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Kata-strophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt.

    @incollection{reuter_sicherheitskritische_2018,
    address = {Wiesbaden, Germany},
    title = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion} – {Einleitung} und Überblick},
    isbn = {978-3-658-19523-6},
    url = {https://link.springer.com/chapter/10.1007/978-3-658-19523-6_1},
    abstract = {Die sicherheitskritische Mensch-Computer-Interaktion (MCI) ist eine interdisziplinäre Herausforderung und ein für die Informatik und die jeweiligen Anwendungsdomänen in der Bedeutung zunehmendes Thema. Dieses Kapitel bietet eine Einführung in das Lehr- und Fachbuch „Sicherheitskritische Mensch-Computer-Interaktion – Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement“. Als didaktisch aufbereiteter, umfassender Überblick über Grundlagen, Methoden und Anwendungsgebiete soll es sowohl als vorlesungsbegleitende Lektüre als auch als Nachschlagewerk für Wissenschaftler, Designer und Entwickler dienen. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Kata-strophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt.},
    booktitle = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement}},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian},
    editor = {Reuter, Christian},
    year = {2018},
    doi = {10.1007/978-3-658-19523-6_1},
    keywords = {Crisis, HCI, SocialMedia, UsableSec, Projekt-KontiKat},
    pages = {3--14},
    }

  • Christian Reuter (2018)
    Sicherheitskritische Mensch-Computer-Interaktion: Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement (Erste Auflage)
    Wiesbaden: Springer Vieweg. doi:10.1007/978-3-658-19523-6
    [BibTeX] [Abstract] [Download PDF]

    Dieses Lehr- und Fachbuch gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie Soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety- bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.

    @book{reuter_sicherheitskritische_2018-1,
    address = {Wiesbaden},
    title = {Sicherheitskritische {Mensch}-{Computer}-{Interaktion}: {Interaktive} {Technologien} und {Soziale} {Medien} im {Krisen}- und {Sicherheitsmanagement} ({Erste} {Auflage})},
    isbn = {978-3-658-19522-9},
    url = {http://www.springer.com/de/book/9783658195229},
    abstract = {Dieses Lehr- und Fachbuch gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie Soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety- bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.},
    publisher = {Springer Vieweg},
    author = {Reuter, Christian},
    year = {2018},
    doi = {10.1007/978-3-658-19523-6},
    keywords = {HCI, SocialMedia, Projekt-EmerGent, UsableSec, Security, Projekt-KontiKat, Peace, Infrastructure, RSF, AuswahlUsableSec},
    }

  • Marc-André Kaufhold, Christian Reuter, Tobias Ermert (2018)
    Interaktionsdesign eines Risiko-Bewertungskonzepts für KMU
    Mensch und Computer – Tagungsband Dresden, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Betriebsstörungen, Naturkatastrophen und andere Notfallszenarien bedrohen die Fortdauer von Unternehmen. Hierzu stellt Business Continuity Management (BCM) Maßnahmen zur Identifika-tion von Bedrohungen und Risiken sowie zum Aufbau der Belastbarkeit von Organisationen bereit. In der Forschung mangelt es jedoch an Ansätzen, welche BCM in kleinen und mittleren Unternehmen (KMU) unterstützen. In diesem Kurzbeitrag wird ein Konzept für KMU vorgestellt, welches die Identifikation und Bewertung von Risiken unterstützt, Bewältigungsmaßnahmen anbietet und unternehmensspezifische Risikoinformationen auf einem Dashboard visualisiert.

    @inproceedings{kaufhold_interaktionsdesign_2018,
    address = {Dresden, Germany},
    title = {Interaktionsdesign eines {Risiko}-{Bewertungskonzepts} für {KMU}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/16626/Beitrag_356_final__a.pdf},
    abstract = {Betriebsstörungen, Naturkatastrophen und andere Notfallszenarien bedrohen die Fortdauer von Unternehmen. Hierzu stellt Business Continuity Management (BCM) Maßnahmen zur Identifika-tion von Bedrohungen und Risiken sowie zum Aufbau der Belastbarkeit von Organisationen bereit. In der Forschung mangelt es jedoch an Ansätzen, welche BCM in kleinen und mittleren Unternehmen (KMU) unterstützen. In diesem Kurzbeitrag wird ein Konzept für KMU vorgestellt, welches die Identifikation und Bewertung von Risiken unterstützt, Bewältigungsmaßnahmen anbietet und unternehmensspezifische Risikoinformationen auf einem Dashboard visualisiert.},
    booktitle = {Mensch und {Computer} - {Tagungsband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Kaufhold, Marc-André and Reuter, Christian and Ermert, Tobias},
    year = {2018},
    keywords = {Crisis, HCI, Student, UsableSec, Security, Projekt-KontiKat, Infrastructure, Projekt-CRISP, RSF, Projekt-HyServ},
    pages = {309--312},
    }

    2017

  • Christian Reuter, Tilo Mentler, Stefan Geisler, Michael Herczeg, Thomas Ludwig, Volkmar Pipek, Simon Nestler (2017)
    4. Workshop Mensch-Maschine-Interaktion in sicherheitskritischen Systemen
    Mensch und Computer – Workshopband Regensburg, Germany. doi:10.18420/muc2017-ws01-0380
    [BibTeX] [Abstract] [Download PDF]

    Die Interaktion und Kooperation zwischen Mensch und Computer in sicherheitskritischen Systemen ist eine interdisziplinäre Herausforderung und Gestaltungsaufgabe. Sicherheitskritische Anwendungsfelder sind vielfältig und umfassen verschiedene Branchen und Bereiche, beispielsweise Produktion, Medizin, Katastrophenschutz oder Verkehr. Neben stationären Rechnern und Maschinen haben mobile Kontexte und Endgeräte sowie soziale Medien bereits seit einigen Jahren an Bedeutung enorm zugenommen. Die spezifischen Herausforderungen der MCI in solchen sicherheitskritischen Kontexten bedürfen einer Diskussion in Bezug auf die Entwicklung bzw. Adaption von Methoden und Prozessen, aber auch auf Ergebnisse der Systementwicklung. Diese gilt es im Rahmen des Workshops zu adressieren, jedoch weniger im Hinblick auf die isolierten Technologien, sondern mit deutliche r Fokussierung auf das Zusammenwirken von Mensch, Technik und Organisation.

    @inproceedings{reuter_4_2017,
    address = {Regensburg, Germany},
    title = {4. {Workshop} {Mensch}-{Maschine}-{Interaktion} in sicherheitskritischen {Systemen}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/3170/2017_WS01_380.pdf},
    doi = {10.18420/muc2017-ws01-0380},
    abstract = {Die Interaktion und Kooperation zwischen Mensch und Computer in sicherheitskritischen Systemen ist eine interdisziplinäre Herausforderung und Gestaltungsaufgabe. Sicherheitskritische Anwendungsfelder sind vielfältig und umfassen verschiedene Branchen und Bereiche, beispielsweise Produktion, Medizin, Katastrophenschutz oder Verkehr. Neben stationären Rechnern und Maschinen haben mobile Kontexte und Endgeräte sowie soziale Medien bereits seit einigen Jahren an Bedeutung enorm zugenommen. Die spezifischen Herausforderungen der MCI in solchen sicherheitskritischen Kontexten bedürfen einer Diskussion in Bezug auf die Entwicklung bzw. Adaption von Methoden und Prozessen, aber auch auf Ergebnisse der Systementwicklung. Diese gilt es im Rahmen des Workshops zu adressieren, jedoch weniger im Hinblick auf die isolierten Technologien, sondern mit deutliche r Fokussierung auf das Zusammenwirken von Mensch, Technik und Organisation.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Reuter, Christian and Mentler, Tilo and Geisler, Stefan and Herczeg, Michael and Ludwig, Thomas and Pipek, Volkmar and Nestler, Simon},
    editor = {Burghardt, M. and Wimmer, R. and Wolff, C. and Womser-Hacker, C.},
    year = {2017},
    keywords = {Crisis, HCI, SocialMedia, UsableSec, Security, Projekt-KontiKat},
    pages = {5--8},
    }

  • Christian Reuter, Marc-André Kaufhold, Jonas Klös (2017)
    Benutzbare Sicherheit: Usability, Safety und Security bei Passwörtern
    Mensch und Computer – Workshopband Regensburg, Germany. doi:https://doi.org/10.18420/muc2017-ws01-0384
    [BibTeX] [Abstract] [Download PDF]

    Obwohl Usability und Sicherheit beides relevante Anforderungen für Anwendungssysteme sind, stehen sie in einem Spannungsfeld. Sicherheit kann als Schutz vor Angriffen von außen (Security), aber auch für das sichere Funktionieren (Safety) dieser Anwendungssysteme verstanden werden. Durch die immer größere Vernetzung klassischer Safety-Domänen, wie dem Katastrophenschutz, gewinnen Security-Aspekte dort ebenfalls an Bedeutung. Die Übertragung von kritischen und vertraulichen Informationen auf mobile Endgeräte muss zugleich passwortgeschützt als auch schnell verfügbar sein; zeitintensive Authentifizierungsmechanismen können hier stören. In dieser Studie werden die Nutzung von Passwörtern vor dem Hintergrund der Abwägung von Sicherheit und Usability exploriert und Hypothesen zum Umgang mit Passwörtern aufgestellt, die im Kontext der Digitalisierung in der zivilen Sicherheit sowie mobilen und ubiquitären Geräte im Katastrophenschutz an enormer Bedeutung gewinnen.

    @inproceedings{reuter_benutzbare_2017,
    address = {Regensburg, Germany},
    title = {Benutzbare {Sicherheit}: {Usability}, {Safety} und {Security} bei {Passwörtern}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/3214/2017_WS01_384.pdf?sequence=1&isAllowed=y},
    doi = {https://doi.org/10.18420/muc2017-ws01-0384},
    abstract = {Obwohl Usability und Sicherheit beides relevante Anforderungen für Anwendungssysteme sind, stehen sie in einem Spannungsfeld. Sicherheit kann als Schutz vor Angriffen von außen (Security), aber auch für das sichere Funktionieren (Safety) dieser Anwendungssysteme verstanden werden. Durch die immer größere Vernetzung klassischer Safety-Domänen, wie dem Katastrophenschutz, gewinnen Security-Aspekte dort ebenfalls an Bedeutung. Die Übertragung von kritischen und vertraulichen Informationen auf mobile Endgeräte muss zugleich passwortgeschützt als auch schnell verfügbar sein; zeitintensive Authentifizierungsmechanismen können hier stören. In dieser Studie werden die Nutzung von Passwörtern vor dem Hintergrund der Abwägung von Sicherheit und Usability exploriert und Hypothesen zum Umgang mit Passwörtern aufgestellt, die im Kontext der Digitalisierung in der zivilen Sicherheit sowie mobilen und ubiquitären Geräte im Katastrophenschutz an enormer Bedeutung gewinnen.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Reuter, Christian and Kaufhold, Marc-André and Klös, Jonas},
    editor = {Burghardt, M. and Wimmer, R. and Wolff, C. and Womser-Hacker, C.},
    year = {2017},
    keywords = {HCI, Student, UsableSec, Security, Projekt-KontiKat, Projekt-CRISP, Projekt-CROSSING},
    pages = {33--41},
    }

  • Jens Pottebaum, Christian Erfurth, Christian Reuter (2017)
    IT-Rettung 2017: IT-Unterstützung in Emergency Management & Response
    INFORMATIK 2017, Lecture Notes in Informatics (LNI) Bonn.
    [BibTeX] [Abstract] [Download PDF]

    Notfallsituationen sind kritische Situationen, in denen eine Gefahr für Menschen, Infrastrukturen und die Umwelt besteht. IT-Unterstützung kann in der Vermeidung sowie der Verbesserung der Vorbereitung, der Abwehr und der Bewältigung helfenkomplexe und kritische Situationen zu beherrschen. Allerdings zeigen Erfahrungen, dass der Einsatz von IT als operatives Einsatzmittel oder Entscheidungsunterstützungswerkzeug auch für eine Zunahme der gefühlten Komplexität einer Einsatzlage bei vielen Beteiligten sorgen kann. Im Fokus des Workshops stehen die Herausforderungen und technischen Konsequenzen, die sich für die IT in diesem Umfeld ergeben. Neben der Ergebnisdarstellung werdenvor allem Erfahrungen aus der Anwendung wissenschaftlicher Methoden im Kontext der zivilen Sicherheit adressiert. Zieldes Workshops ist es, aus fallstudienorientierten Beiträgen –diese ergeben sich unter anderem aus der Struktur der Förderlandschaft in der zivilen Sicherheitsforschung –übertragbare Schlüsse abzuleiten.

    @inproceedings{pottebaum_it-rettung_2017,
    address = {Bonn},
    title = {{IT}-{Rettung} 2017: {IT}-{Unterstützung} in {Emergency} {Management} \& {Response}},
    url = {https://dl.gi.de/bitstream/handle/20.500.12116/3891/B16-0.pdf},
    abstract = {Notfallsituationen sind kritische Situationen, in denen eine Gefahr für Menschen, Infrastrukturen und die Umwelt besteht. IT-Unterstützung kann in der Vermeidung sowie der Verbesserung der Vorbereitung, der Abwehr und der Bewältigung helfenkomplexe und kritische Situationen zu beherrschen. Allerdings zeigen Erfahrungen, dass der Einsatz von IT als operatives Einsatzmittel oder Entscheidungsunterstützungswerkzeug auch für eine Zunahme der gefühlten Komplexität einer Einsatzlage bei vielen Beteiligten sorgen kann. Im Fokus des Workshops stehen die Herausforderungen und technischen Konsequenzen, die sich für die IT in diesem Umfeld ergeben. Neben der Ergebnisdarstellung werdenvor allem Erfahrungen aus der Anwendung wissenschaftlicher Methoden im Kontext der zivilen Sicherheit adressiert. Zieldes Workshops ist es, aus fallstudienorientierten Beiträgen –diese ergeben sich unter anderem aus der Struktur der Förderlandschaft in der zivilen Sicherheitsforschung –übertragbare Schlüsse abzuleiten.},
    booktitle = {{INFORMATIK} 2017, {Lecture} {Notes} in {Informatics} ({LNI})},
    publisher = {Gesellschaft für Informatik},
    author = {Pottebaum, Jens and Erfurth, Christian and Reuter, Christian},
    editor = {Eibl, Maximilian and Gaedke, Martin},
    year = {2017},
    keywords = {Ranking-CORE-C, Ranking-VHB-C, UsableSec, Projekt-KontiKat},
    pages = {1281--1282},
    }

  • Christian Reuter, Marc-André Kaufhold, Marén Schorch, Jan Gerwinski, Christian Soost, Sohaib S. Hassan, Gebhard Rusch, Petra Moog, Volkmar Pipek, Volker Wulf (2017)
    Digitalisierung und Zivile Sicherheit: Zivilgesellschaftliche und betriebliche Kontinuität in Katastrophenlagen (KontiKat)
    In: Gero Hoch, Hildegard Schröteler von Brandt, Volker Stein, Angela Schwarz: Sicherheit (DIAGONAL Jahrgang 38). Göttingen: Vandenhoeck & Ruprecht, , 207–224. doi:10.14220/digo.2017.38.1.207
    [BibTeX] [Abstract] [Download PDF]

    Das Thema Sicherheit durchzieht sowohl das Leben Einzelner als auch das Zusammenleben von Personenkollektiven. In diesem Heft geht es um das Wahrnehmen und Wertschätzen sowie die Stabilisierung von Situationen, in denen Gefahren und Risiken reduziert werden. Außerdem stehen die Instrumentarien, Methoden und Maßnahmen im Fokus, mit denen Sicherheit geschaffen werden soll. Besonders in komplexen Systemen wird Sicherheit zu einem schwierig zu fassenden Thema, zu dessen Begleiterscheinungen beispielsweise die Beschneidung von Freiheit zählt. Sicherheit wird in allen Lebensgebieten relevant – von der Politik, Gesellschaft, Wirtschaft und Recht über die Arbeitswelt bis hin in Medien, Technologie, Ökologie und Medizin. Zudem ist der Umgang mit Sicherheit landeskulturell geprägt.

    @incollection{reuter_digitalisierung_2017,
    address = {Göttingen},
    title = {Digitalisierung und {Zivile} {Sicherheit}: {Zivilgesellschaftliche} und betriebliche {Kontinuität} in {Katastrophenlagen} ({KontiKat})},
    isbn = {978-3-8471-0739-2},
    url = {http://www.peasec.de/paper/2017/2017_ReuterKaufholdSchorchetal_DigitalisierungSicherheitKontiKat_Diagonal.pdf},
    abstract = {Das Thema Sicherheit durchzieht sowohl das Leben Einzelner als auch das Zusammenleben von Personenkollektiven. In diesem Heft geht es um das Wahrnehmen und Wertschätzen sowie die Stabilisierung von Situationen, in denen Gefahren und Risiken reduziert werden. Außerdem stehen die Instrumentarien, Methoden und Maßnahmen im Fokus, mit denen Sicherheit geschaffen werden soll. Besonders in komplexen Systemen wird Sicherheit zu einem schwierig zu fassenden Thema, zu dessen Begleiterscheinungen beispielsweise die Beschneidung von Freiheit zählt. Sicherheit wird in allen Lebensgebieten relevant – von der Politik, Gesellschaft, Wirtschaft und Recht über die Arbeitswelt bis hin in Medien, Technologie, Ökologie und Medizin. Zudem ist der Umgang mit Sicherheit landeskulturell geprägt.},
    booktitle = {Sicherheit ({DIAGONAL} {Jahrgang} 38)},
    publisher = {Vandenhoeck \& Ruprecht},
    author = {Reuter, Christian and Kaufhold, Marc-André and Schorch, Marén and Gerwinski, Jan and Soost, Christian and Hassan, Sohaib S. and Rusch, Gebhard and Moog, Petra and Pipek, Volkmar and Wulf, Volker},
    editor = {Hoch, Gero and Schröteler von Brandt, Hildegard and Stein, Volker and Schwarz, Angela},
    year = {2017},
    doi = {10.14220/digo.2017.38.1.207},
    keywords = {Cooperation, Crisis, HCI, SocialMedia, UsableSec, Projekt-KontiKat, Infrastructure, RSF},
    pages = {207--224},
    }

    2016

  • Christian Reuter, Tilo Mentler, Stefan Geisler, Michael Herczeg, Thomas Ludwig, Volkmar Pipek, Simon Nestler, Johannes Sautter (2016)
    Proceedings des Workshops „Mensch-Computer-Interaktion in sicherheitskritischen Systemen“
    Aachen, Germany: Gesellschaft für Informatik e.V..
    [BibTeX] [Download PDF]

    @book{reuter_proceedings_2016,
    address = {Aachen, Germany},
    title = {Proceedings des {Workshops} "{Mensch}-{Computer}-{Interaktion} in sicherheitskritischen {Systemen}"},
    url = {https://www.wineme.uni-siegen.de/paper/2016/2016_proc-sicherheitskritischemmi_muc.pdf},
    publisher = {Gesellschaft für Informatik e.V.},
    author = {Reuter, Christian and Mentler, Tilo and Geisler, Stefan and Herczeg, Michael and Ludwig, Thomas and Pipek, Volkmar and Nestler, Simon and Sautter, Johannes},
    editor = {Weyers, B. and Dittmar, A.},
    year = {2016},
    note = {Publication Title: Mensch \& Computer: Workshopband},
    keywords = {Crisis, HCI, Projekt-EmerGent, UsableSec},
    }

  • Christian Reuter, Gordian Geilen, Robin Gellert (2016)
    Sicherheit vs. Privatsphäre: Zur Akzeptanz von Überwachung in sozialen Medien im Kontext von Terrorkrisen
    Informatik 2016: von Menschen für Menschen Klagenfurt.
    [BibTeX] [Abstract] [Download PDF]

    Nach den terroristischen Anschlägen in Paris 2015 und Brüssel 2016 wurde das Bedürfnis nach mehr Sicherheit und Überwachung im Internet laut. Als Folge der Enthüllungen der Überwachungs- und Spionagetechniken der National Security Agency (NSA) durch Edward Snowden 2013 konnte in der Bevölkerung aber auch ein Aufschrei nach erhöhtem Schutz der Privatsphäre im Internet wahrgenommen werden. Die geschilderten Ereignisse verdeutlichen die gegensätzlichen Wünsche nach Sicherheit und Überwachung im Internet sowie Schutz der Privatsphäre. Im ersten Teil dieses Beitrags stellen wir den Stand der Forschung im Bereich Terror, Sicherheit und Privatsphäre in sozialen Medien dar. Im zweiten Teil führen wir eine explorative Studie durch, um zu beleuchten, ob Bürgerinnen und Bürger in Krisenzeiten bereit wären, ihre Privatsphäre im Internet, vor allem in sozialen Netzwerken, zugunsten von Sicherheit zu reduzieren. Basierend auf qualitativen Daten zeigt diese Arbeit Meinungscluster und Tendenzen in Bezug auf das Nullsummenspiel „Sicherheit und Privatsphäre“.

    @inproceedings{reuter_sicherheit_2016,
    address = {Klagenfurt},
    title = {Sicherheit vs. {Privatsphäre}: {Zur} {Akzeptanz} von Überwachung in sozialen {Medien} im {Kontext} von {Terrorkrisen}},
    url = {http://subs.emis.de/LNI/Proceedings/Proceedings259/P-259.pdf#page=1760},
    abstract = {Nach den terroristischen Anschlägen in Paris 2015 und Brüssel 2016 wurde das Bedürfnis nach mehr Sicherheit und Überwachung im Internet laut. Als Folge der Enthüllungen der Überwachungs- und Spionagetechniken der National Security Agency (NSA) durch Edward Snowden 2013 konnte in der Bevölkerung aber auch ein Aufschrei nach erhöhtem Schutz der Privatsphäre im Internet wahrgenommen werden. Die geschilderten Ereignisse verdeutlichen die gegensätzlichen Wünsche nach Sicherheit und Überwachung im Internet sowie Schutz der Privatsphäre. Im ersten Teil dieses Beitrags stellen wir den Stand der Forschung im Bereich Terror, Sicherheit und Privatsphäre in sozialen Medien dar. Im zweiten Teil führen wir eine explorative Studie durch, um zu beleuchten, ob Bürgerinnen und Bürger in Krisenzeiten bereit wären, ihre Privatsphäre im Internet, vor allem in sozialen Netzwerken, zugunsten von Sicherheit zu reduzieren. Basierend auf qualitativen Daten zeigt diese Arbeit Meinungscluster und Tendenzen in Bezug auf das Nullsummenspiel „Sicherheit und Privatsphäre“.},
    booktitle = {Informatik 2016: von {Menschen} für {Menschen}},
    publisher = {GI-Edition-Lecture Notes in Informatics (LNI)},
    author = {Reuter, Christian and Geilen, Gordian and Gellert, Robin},
    editor = {Mayr, Heinrich C. and Pinzger, Martin},
    year = {2016},
    keywords = {HCI, SocialMedia, Student, Ranking-CORE-C, Ranking-VHB-C, UsableSec, Security, Peace, Projekt-KOKOS},
    }

  • Christian Reuter, Robin Gellert, Gordian Geilen (2016)
    Reception of Terror in Germany – Security, Privacy and Social Media
    Environmental Informatics – Stability, Continuity, Innovation. Current trends and future perspectives based on 30 years of history. Adjunct Proceedings of the EnviroInfo 2016 conference Berlin.
    [BibTeX] [Download PDF]

    @inproceedings{reuter_reception_2016,
    address = {Berlin},
    title = {Reception of {Terror} in {Germany} – {Security}, {Privacy} and {Social} {Media}},
    url = {http://www.peasec.de/paper/2016/2016_ReuterGeilenGellert_ReceptionTerrorGermany-SecurityPrivacySocialMedia_EnviroInfo_selbst.pdf},
    booktitle = {Environmental {Informatics} – {Stability}, {Continuity}, {Innovation}. {Current} trends and future perspectives based on 30 years of history. {Adjunct} {Proceedings} of the {EnviroInfo} 2016 conference},
    author = {Reuter, Christian and Gellert, Robin and Geilen, Gordian},
    editor = {Wohlgemuth, Volker and Fuchs-Kittowski, Frank and Wittmann, Jochen},
    year = {2016},
    keywords = {SocialMedia, UsableSec, Security, Peace, Projekt-KOKOS},
    pages = {151--156},
    }

    2015

  • Christian Reuter, Thomas Ludwig, Timo Funke, Volkmar Pipek (2015)
    SOMAP: Network Independent Social-Offline-Map-Mashup
    Proceedings of the Information Systems for Crisis Response and Management (ISCRAM) Kristiansand, Norway.
    [BibTeX] [Abstract] [Download PDF]

    Maps, showing the tactical or the administrative situation at any particular time, play a central role in disaster management. They can be realized as interactive map mashups. In addition to classical information (weather, water levels, energy network, forces), they can also be used to present a view on citizen-generated content, e.g. from social media. In this paper we offer insights into how mobile map mashups can assist citizens during infrastructure failures that often occur in large-scale emergencies. Based on a review of approaches and mobile applications from literature and especially from practice, we present SOMAP (social offline map), a mobile app we developed in Android. It offers offline map functionality in terms of (A) pro-active loading and storing of potentially needed maps of the respective area as well as (B) the possibility of exchanging information from social media using Bluetooth. The application was evaluated qualitatively, to gain insights into the potential of such applications.

    @inproceedings{reuter_somap_2015,
    address = {Kristiansand, Norway},
    title = {{SOMAP}: {Network} {Independent} {Social}-{Offline}-{Map}-{Mashup}},
    url = {https://www.wineme.uni-siegen.de/paper/2015/2015_reuterludwigfunkepipek_somap-socialofflinemap_iscram.pdf},
    abstract = {Maps, showing the tactical or the administrative situation at any particular time, play a central role in disaster management. They can be realized as interactive map mashups. In addition to classical information (weather, water levels, energy network, forces), they can also be used to present a view on citizen-generated content, e.g. from social media. In this paper we offer insights into how mobile map mashups can assist citizens during infrastructure failures that often occur in large-scale emergencies. Based on a review of approaches and mobile applications from literature and especially from practice, we present SOMAP (social offline map), a mobile app we developed in Android. It offers offline map functionality in terms of (A) pro-active loading and storing of potentially needed maps of the respective area as well as (B) the possibility of exchanging information from social media using Bluetooth. The application was evaluated qualitatively, to gain insights into the potential of such applications.},
    booktitle = {Proceedings of the {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
    publisher = {ISCRAM},
    author = {Reuter, Christian and Ludwig, Thomas and Funke, Timo and Pipek, Volkmar},
    editor = {Palen, Leysia and Büscher, Monika and Comes, Tina and Hughes, Amanda Lee},
    year = {2015},
    keywords = {Cooperation, HCI, SocialMedia, Student, Projekt-EmerGent, UsableSec, Security, Infrastructure},
    }

  • Christian Reuter (2015)
    Betriebliches Kontinuitätsmanagement in kleinen und mittleren Unternehmen – Smart Services für die Industrie 4.0
    Mensch und Computer – Workshopband .
    [BibTeX] [Abstract] [Download PDF]

    Betriebliches Kontinuitätsmanagement (Business Continuity Management, kurz: BCM) ist im Sinne des betrieblichen Notfallmanagements integraler Bestandteil ziviler Sicherheit. BCM ist laut ISO 22301 (2014) ein ganzheitlicher Managementprozess, der potenzielle Bedrohungen für Organisationen und deren Auswirkungen auf Geschäftsabläufe ermittelt. Bei Betrachtung der aktuellen Studienlage liegt der Schluss nahe, dass die Anwendung von BCM in kleinen und mittleren Unternehmen (KMU) unterrepräsentiert ist und der Sicherheitslevel teilweise im nicht-wirtschaftlichen Bereich liegt. Dieser Beitrag stellt den Einsatz von BCM in KMU vor und diskutiert diesbezügliche Forschungsergebnisse. Hierauf aufbauend wird eine Matrix zu möglichen Auswirkungen vs. Umfang und Qualität des Notfallmanagements verschiedener Akteure dargestellt. Abschließend werden leichtgewichtige und einfach zu handhabende BCM-Sicherheitslösungen, in Form von Smart Services, als möglicher Lösungsansatz für die vermehrt von kontinuierlichem IT-Einsatz abhängigen Industrie 4.0 vorgestellt.

    @inproceedings{reuter_betriebliches_2015,
    title = {Betriebliches {Kontinuitätsmanagement} in kleinen und mittleren {Unternehmen} – {Smart} {Services} für die {Industrie} 4.0},
    url = {https://www.wineme.uni-siegen.de/paper/2015/2015_reuter_bcminkmu_smartservicesindustrie40_muc.pdf},
    abstract = {Betriebliches Kontinuitätsmanagement (Business Continuity Management, kurz: BCM) ist im Sinne des betrieblichen Notfallmanagements integraler Bestandteil ziviler Sicherheit. BCM ist laut ISO 22301 (2014) ein ganzheitlicher Managementprozess, der potenzielle Bedrohungen für Organisationen und deren Auswirkungen auf Geschäftsabläufe ermittelt. Bei Betrachtung der aktuellen Studienlage liegt der Schluss nahe, dass die Anwendung von BCM in kleinen und mittleren Unternehmen (KMU) unterrepräsentiert ist und der Sicherheitslevel teilweise im nicht-wirtschaftlichen Bereich liegt. Dieser Beitrag stellt den Einsatz von BCM in KMU vor und diskutiert diesbezügliche Forschungsergebnisse. Hierauf aufbauend wird eine Matrix zu möglichen Auswirkungen vs. Umfang und Qualität des Notfallmanagements verschiedener Akteure dargestellt. Abschließend werden leichtgewichtige und einfach zu handhabende BCM-Sicherheitslösungen, in Form von Smart Services, als möglicher Lösungsansatz für die vermehrt von kontinuierlichem IT-Einsatz abhängigen Industrie 4.0 vorgestellt.},
    booktitle = {Mensch und {Computer} - {Workshopband}},
    publisher = {Oldenbourg-Verlag},
    author = {Reuter, Christian},
    editor = {Schmidt, Albrecht and Weisbecke, Anette and Burmester, Michael},
    year = {2015},
    keywords = {Projekt-EmerGent, UsableSec, Security, Projekt-KOKOS, Infrastructure},
    pages = {37--44},
    }

  • Christian Reuter (2015)
    Emergente Kollaborationsinfrastrukturen – Technologiegestaltung am Beispiel des inter-organisationalen Krisenmanagements
    In: Steffen Hölldobler: Ausgezeichnete Informatikdissertationen 2014. GI- Edition-Lecture Notes in Informatics (LNI), D-14. Bonner Köllen Verlag, , 209–218.
    [BibTeX] [Abstract] [Download PDF]

    Am Beispiel des Krisenmanagements untersucht die hier vorgestellte Dissertation die Herausforderungen und Möglichkeiten der Technologiegestaltung für emergente, d.h. dynamische und nicht vorhersehbare, Kontexte. Hierfür wird empirisch die kollaborative Arbeit von Polizei, Feuerwehr, Energienetzbetreibern und Bürgern im inter-organisationalen Katastrophenschutz erforscht, um exemplarische Kollaborationspraktiken zu ermitteln, die Limitationen der Arbeitsinfrastruktur aufdecken. Hierauf aufbauend werden neuartige Konzepte und IT-Artefakte gestaltet, implementiert und evaluiert, die emergente Kollaboration ermöglichen sollen. Neben der Erforschung potentieller organisationaler Effekte auf die Fähigkeit mit Emergenz umzugehen, werden methodische Implikationen für die Technologiegestaltung abgeleitet.

    @incollection{reuter_emergente_2015,
    title = {Emergente {Kollaborationsinfrastrukturen} – {Technologiegestaltung} am {Beispiel} des inter-organisationalen {Krisenmanagements}},
    url = {https://www.wineme.uni-siegen.de/paper/2015/2015_reuter_emergentekollaborationstechnologien_gi-dissertationspreis.pdf},
    abstract = {Am Beispiel des Krisenmanagements untersucht die hier vorgestellte Dissertation die Herausforderungen und Möglichkeiten der Technologiegestaltung für emergente, d.h. dynamische und nicht vorhersehbare, Kontexte. Hierfür wird empirisch die kollaborative Arbeit von Polizei, Feuerwehr, Energienetzbetreibern und Bürgern im inter-organisationalen Katastrophenschutz erforscht, um exemplarische Kollaborationspraktiken zu ermitteln, die Limitationen der Arbeitsinfrastruktur aufdecken. Hierauf aufbauend werden neuartige Konzepte und IT-Artefakte gestaltet, implementiert und evaluiert, die emergente Kollaboration ermöglichen sollen. Neben der Erforschung potentieller organisationaler Effekte auf die Fähigkeit mit Emergenz umzugehen, werden methodische Implikationen für die Technologiegestaltung abgeleitet.},
    booktitle = {Ausgezeichnete {Informatikdissertationen} 2014. {GI}- {Edition}-{Lecture} {Notes} in {Informatics} ({LNI}), {D}-14},
    publisher = {Bonner Köllen Verlag},
    author = {Reuter, Christian},
    editor = {Hölldobler, Steffen},
    year = {2015},
    keywords = {Crisis, HCI, Projekt-InfoStrom, SocialMedia, Ranking-CORE-C, Ranking-VHB-C, UsableSec, Infrastructure, RSF},
    pages = {209--218},
    }

    2014

  • Christian Reuter, Michael Ritzkatis, Thomas Ludwig (2014)
    Entwicklung eines SOA-basierten und anpassbaren Bewertungsdienstes für Inhalte aus sozialen Medien
    Informatik 2014 – Big Data – Komplexität meistern Stuttgart, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Dieser Beitrag soll aufzeigen, wie ein anpassbarer Bewertungsdienst die Nutzung bürgergenerierter Inhalte aus sozialen Medien unterstützen kann. Dabei soll insbesondere geklärt werden, wie dieser gestaltet werden kann und wie Nutzer die Qualitätskriterien angemessen artikulieren können. Nach einer Darstellung von Grundlagen und verwandten Arbeiten wird anhand einer empirischen Vorstudie der Umgang von Behörden und Organisationen mit Sicherheitsaufgaben (BOS) mit bürgergenerierten Informationen betrachtet. Basierend auf den dort gewonnen Erkenntnissen wurde ein service-orientierter Bewertungsdienst entwickelt und in eine Anwendung integriert, welche so den Zugang zu bürgergenerierten Informationen aus verschiedenen sozialen Medien inklusive einer anpassbaren Qualitätsbewertung ermöglicht. Eine abschließende Evaluation illustriert deren mögliche Anwendung in der Praxis.

    @inproceedings{reuter_entwicklung_2014,
    address = {Stuttgart, Germany},
    title = {Entwicklung eines {SOA}-basierten und anpassbaren {Bewertungsdienstes} für {Inhalte} aus sozialen {Medien}},
    url = {https://www.wineme.uni-siegen.de/paper/2014/2014_reuterritzkatisludwig-soabewertungsozialemedien_inf.pdf},
    abstract = {Dieser Beitrag soll aufzeigen, wie ein anpassbarer Bewertungsdienst die Nutzung bürgergenerierter Inhalte aus sozialen Medien unterstützen kann. Dabei soll insbesondere geklärt werden, wie dieser gestaltet werden kann und wie Nutzer die Qualitätskriterien angemessen artikulieren können. Nach einer Darstellung von Grundlagen und verwandten Arbeiten wird anhand einer empirischen Vorstudie der Umgang von Behörden und Organisationen mit Sicherheitsaufgaben (BOS) mit bürgergenerierten Informationen betrachtet. Basierend auf den dort gewonnen Erkenntnissen wurde ein service-orientierter Bewertungsdienst entwickelt und in eine Anwendung integriert, welche so den Zugang zu bürgergenerierten Informationen aus verschiedenen sozialen Medien inklusive einer anpassbaren Qualitätsbewertung ermöglicht. Eine abschließende Evaluation illustriert deren mögliche Anwendung in der Praxis.},
    booktitle = {Informatik 2014 - {Big} {Data} - {Komplexität} meistern},
    publisher = {GI-Edition-Lecture Notes in Informatics (LNI)},
    author = {Reuter, Christian and Ritzkatis, Michael and Ludwig, Thomas},
    editor = {Plöderereder, E. and Grunske, L. and Schneider, E. and Ull, D.},
    year = {2014},
    keywords = {Crisis, HCI, SocialMedia, Projekt-EmerGent, Ranking-CORE-C, Ranking-VHB-C, UsableSec},
    pages = {977--988},
    }

  • Christian Reuter, Thomas Ludwig, Volkmar Pipek (2014)
    Ad Hoc Participation in Situation Assessment: Supporting Mobile Collaboration in Emergencies
    ACM Transactions on Computer-Human Interaction (TOCHI) ;21(5):1–26. doi:10.1145/2651365
    [BibTeX] [Abstract] [Download PDF]

    Emergencies are characterized by high complexity and unpredictability. In order to assess and manage them successfully, improvisation work and informal communication, even beyond local and organizational boundaries, is needed. Such informal practices can facilitate ad hoc participation of units in situation assessment, but this may lack overall situation awareness. This paper presents a study on how emergent ‘collaboration needs‘ in current work of response teams, who are located on-site and in the control center, could be supported by mobile geo-collaboration systems. First, we present the results of an empirical study about informal work and mobile collaboration practices of emergency services. Then we describe the concept of a mobile geo-collaboration system that addresses the aspects detected in the empirical study and that was implemented as an Android application using web sockets, a technology enabling full-duplex ad hoc communication. Finally we outline the findings of its evaluation in practice and its implications.

    @article{reuter_ad_2014,
    title = {Ad {Hoc} {Participation} in {Situation} {Assessment}: {Supporting} {Mobile} {Collaboration} in {Emergencies}},
    volume = {21},
    url = {http://www.wineme.uni-siegen.de/paper/2014/2014_reuterludwigpipek_adhocparticipation_tochi.pdf},
    doi = {10.1145/2651365},
    abstract = {Emergencies are characterized by high complexity and unpredictability. In order to assess and manage them successfully, improvisation work and informal communication, even beyond local and organizational boundaries, is needed. Such informal practices can facilitate ad hoc participation of units in situation assessment, but this may lack overall situation awareness. This paper presents a study on how emergent ‘collaboration needs' in current work of response teams, who are located on-site and in the control center, could be supported by mobile geo-collaboration systems. First, we present the results of an empirical study about informal work and mobile collaboration practices of emergency services. Then we describe the concept of a mobile geo-collaboration system that addresses the aspects detected in the empirical study and that was implemented as an Android application using web sockets, a technology enabling full-duplex ad hoc communication. Finally we outline the findings of its evaluation in practice and its implications.},
    number = {5},
    journal = {ACM Transactions on Computer-Human Interaction (TOCHI)},
    author = {Reuter, Christian and Ludwig, Thomas and Pipek, Volkmar},
    month = nov,
    year = {2014},
    note = {Publisher: ACM},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, Selected, UsableSec, A-Paper, Ranking-CORE-A*, Ranking-ImpactFactor, Ranking-VHB-B, Ranking-WKWI-A, AuswahlUsableSec},
    pages = {1--26},
    }

  • Christian Reuter (2014)
    Emergent Collaboration Infrastructures: Technology Design for Inter-Organizational Crisis Management (Ph.D. Thesis)
    University of Siegen, Institute for Information Systems, Germany: Springer Gabler. doi:10.1007/978-3-658-08586-5
    [BibTeX] [Abstract] [Download PDF]

    Using the domain of crisis management, Christian Reuter explores challenges and opportunities for technology design in emergent environments. He therefore empirically analyzes collaborative work in inter-organizational crisis – such as the police, fire departments, energy network operators and citizens – in order to identify collaboration practices that reveal work infrastructure limitations. He also designs, implements and evaluates novel concepts and ICT artifacts towards the support of emergent collaboration. Besides the discovery of potential organizational effects on the ability to deal with emergence he presents methodological implications for technology design.

    @book{reuter_emergent_2014,
    address = {University of Siegen, Institute for Information Systems, Germany},
    title = {Emergent {Collaboration} {Infrastructures}: {Technology} {Design} for {Inter}-{Organizational} {Crisis} {Management} ({Ph}.{D}. {Thesis})},
    isbn = {978-3-658-08585-8},
    url = {http://www.springer.com/springer+gabler/bwl/wirtschaftsinformatik/book/978-3-658-08585-8},
    abstract = {Using the domain of crisis management, Christian Reuter explores challenges and opportunities for technology design in emergent environments. He therefore empirically analyzes collaborative work in inter-organizational crisis – such as the police, fire departments, energy network operators and citizens – in order to identify collaboration practices that reveal work infrastructure limitations. He also designs, implements and evaluates novel concepts and ICT artifacts towards the support of emergent collaboration. Besides the discovery of potential organizational effects on the ability to deal with emergence he presents methodological implications for technology design.},
    publisher = {Springer Gabler},
    author = {Reuter, Christian},
    year = {2014},
    doi = {10.1007/978-3-658-08586-5},
    note = {Backup Publisher: University of Siegen},
    keywords = {HCI, Projekt-InfoStrom, Selected, SocialMedia, Projekt-EmerGent, UsableSec, Infrastructure, AuswahlUsableSec, Dissertation},
    }

  • Christian Reuter (2014)
    Emergent Collaboration Infrastructures: Technology Design for Inter-Organizational Crisis Management (Ph.D. Thesis)
    University of Siegen, Institute for Information Systems, Germany: Universitätsbibliothek Siegen.
    [BibTeX] [Abstract] [Download PDF]

    The complexity and interconnectedness of current working environments encourages organizations, businesses and individuals to collaborate beyond spatial, temporal as well as organizational boundaries. These collaborations are potentially supported by information and communication technology (ICT) among mobile and ubiquitous systems. The academic field Computer-Supported Cooperative Work (CSCW) is primarily recognized for focusing on ICT support for collaboration practices as opposed to the computerizing of formal procedures. ICT, in this view, needs to reflect the dynamic nature of cooperation and collaboration. The notion emergence as coined by Lewes (1875) and interpreted by Goldstein (1999) refers to dynamic contexts that cannot be anticipated in their full extent before they actually occur. Emergent collaboration refers to the need for spontaneous collaboration in novel and changing structures and occurs in application fields such as inter-organizational crisis and emergency management, which by definition contain the unforeseeable. This dissertation contributes to research into infrastructures for emergent collaboration. Using the example of crisis management, it addresses (1) emergent collaboration practices and how they reveal work infrastructure limitations, (2) novel concepts and artifacts to support emergent collaboration, (3) their effects on the ability to deal with emergent situations and (4) methodological implications for technology design for emergent collaboration infrastructures in inter-organizational settings. Design case studies (Wulf et al., 2011), inspired by action research (Lewin, 1958) and following Hevner and Chatterjee’s suggestion (2010) to integrate action research with design research, are applied as a practice oriented research method. They contain three phases: an empirical analysis of the practices in the field, the development of innovative ICT artifacts with continuous participation of end-users related to the empirical findings and the evaluation of their appropriation (Pipek, 2005) in practice. In the case reported here, the empirical study on emergent collaboration by police and fire services, aid agencies, energy network operators and citizens in emergencies in two counties in Germany outlined the importance of improvisation work in situation assessment as well as mobile collaboration and reporting practices. The ICT design aimed towards the support of these emergent practices, illustrated by various concepts and prototypes. They comprise (1) an inter-organizational social network for emergency management (SiRena), (2) an inter-organizational situation assessment client (ISAC) aswell as mobile applications for (3) the ad hoc participation in mobile collaboration (MoCo) and (4) the articulation of information needs in mobile reporting (MoRep). Based on the empirical, technical and practical findings, the subsequent analysis uses the concept of infrastructuring (Pipek & Wulf, 2009), the integrated perspective on the design and use of information systems, and derives implications for emergent collaboration infrastructures, which contribute overall to the academic fields CSCW, Human Computer Interaction (HCI) and Information Systems (IS).

    @book{reuter_emergent_2014-1,
    address = {University of Siegen, Institute for Information Systems, Germany},
    title = {Emergent {Collaboration} {Infrastructures}: {Technology} {Design} for {Inter}-{Organizational} {Crisis} {Management} ({Ph}.{D}. {Thesis})},
    url = {http://dx.doi.org/10.25819/ubsi/10370},
    abstract = {The complexity and interconnectedness of current working environments encourages organizations, businesses and individuals to collaborate beyond spatial, temporal as well as organizational boundaries. These collaborations are potentially supported by information and communication technology (ICT) among mobile and ubiquitous systems. The academic field Computer-Supported Cooperative Work (CSCW) is primarily recognized for focusing on ICT support for collaboration practices as opposed to the computerizing of formal procedures. ICT, in this view, needs to reflect the dynamic nature of cooperation and collaboration. The notion emergence as coined by Lewes (1875) and interpreted by Goldstein (1999) refers to dynamic contexts that cannot be anticipated in their full extent before they actually occur. Emergent collaboration refers to the need for spontaneous collaboration in novel and changing structures and occurs in application fields such as inter-organizational crisis and emergency management, which by definition contain the unforeseeable.
    This dissertation contributes to research into infrastructures for emergent collaboration. Using the example of crisis management, it addresses (1) emergent collaboration practices and how they reveal work infrastructure limitations, (2) novel concepts and artifacts to support emergent collaboration, (3) their effects on the ability to deal with emergent situations and (4) methodological implications for technology design for emergent collaboration infrastructures in inter-organizational settings.
    Design case studies (Wulf et al., 2011), inspired by action research (Lewin, 1958) and following Hevner and Chatterjee’s suggestion (2010) to integrate action research with design research, are applied as a practice oriented research method. They contain three phases: an empirical analysis of the practices in the field, the development of innovative ICT artifacts with continuous participation of end-users related to the empirical findings and the evaluation of their appropriation (Pipek, 2005) in practice. In the case reported here, the empirical study on emergent collaboration by police and fire services, aid agencies, energy network operators and citizens in emergencies in two counties in Germany outlined the importance of improvisation work in situation assessment as well as mobile collaboration and reporting practices. The ICT design aimed towards the support of these emergent practices, illustrated by various concepts and prototypes. They comprise (1) an inter-organizational social network for emergency management (SiRena), (2) an inter-organizational situation assessment client (ISAC) aswell as mobile applications for (3) the ad hoc participation in mobile collaboration (MoCo) and (4) the articulation of information needs in mobile reporting (MoRep).
    Based on the empirical, technical and practical findings, the subsequent analysis uses the concept of infrastructuring (Pipek \& Wulf, 2009), the integrated perspective on the design and use of information systems, and derives implications for emergent collaboration infrastructures, which contribute overall to the academic fields CSCW, Human Computer Interaction (HCI) and Information Systems (IS).},
    publisher = {Universitätsbibliothek Siegen},
    author = {Reuter, Christian},
    year = {2014},
    keywords = {HCI, Projekt-InfoStrom, SocialMedia, Projekt-EmerGent, UsableSec, Infrastructure, Dissertation},
    }

    2013

  • Volkmar Pipek, Christian Reuter, Benedikt Ley, Thomas Ludwig, Torben Wiedenhoefer (2013)
    Sicherheitsarena – Ein Ansatz zur Verbesserung des Krisenmanagements durch Kooperation und Vernetzung
    Bonn, Germany: 2013.
    [BibTeX] [Download PDF]

    @techreport{pipek_sicherheitsarena_2013,
    address = {Bonn, Germany},
    title = {Sicherheitsarena – {Ein} {Ansatz} zur {Verbesserung} des {Krisenmanagements} durch {Kooperation} und {Vernetzung}},
    url = {http://www.peasec.de/paper/2013/2013_PipekReuterLeyLudwigWiedenhoefer_Sicherheitsarena_CrisisPrevention.pdf},
    number = {3},
    author = {Pipek, Volkmar and Reuter, Christian and Ley, Benedikt and Ludwig, Thomas and Wiedenhoefer, Torben},
    year = {2013},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, UsableSec},
    pages = {58--59},
    }

  • Thomas Ludwig, Christian Reuter, Volkmar Pipek (2013)
    Mobiler Reporting-Mechanismus für örtlich verteilte Einsatzkräfte
    Mensch & Computer 2013: Interaktive Vielfalt Bremen, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Die im Katastrophenschutz beteiligten Behörden und Organisationen mit Sicherheitsaufgaben (BOS) benötigen für Entscheidungen eine aktuelle und akkurate Informationsbasis. Einige dieser Informationen, z.B. Wetterinformationen, können über externe Dienste in Leitstellensystemen visualisiert werden. Andere müssen seitens der zuständigen Einheiten vor Ort via Funk gemeldet werden. Unsere Design-Fallstudie untersucht interaktive Unterstützungsmöglichkeiten dieser Reporting-Prozesse: In einer qualitativen empirischen Studie wurden die Kommunikationspraktiken von Polizei und Feuerwehr untersucht. Darauf aufbauend wurde ein Konzept zur semi-strukturierten Artikulation von Informationsbedarfen erstellt, welches als mobile Android Applikation implementiert und mit potentiellen Nutzern evaluiert wurde. Unser Beitrag illustriert, wie zielgerichtete Informationsanfragen unter Berück-sichtigung angemessener Metadaten das Reporting örtlich verteilter Einsatzkräfte unterstützen können.

    @inproceedings{ludwig_mobiler_2013,
    address = {Bremen, Germany},
    title = {Mobiler {Reporting}-{Mechanismus} für örtlich verteilte {Einsatzkräfte}},
    url = {http://www.peasec.de/paper/2013/2013_LudwigReuterPipek_MobileReporting_MenschComputer.pdf},
    abstract = {Die im Katastrophenschutz beteiligten Behörden und Organisationen mit Sicherheitsaufgaben (BOS) benötigen für Entscheidungen eine aktuelle und akkurate Informationsbasis. Einige dieser Informationen, z.B. Wetterinformationen, können über externe Dienste in Leitstellensystemen visualisiert werden. Andere müssen seitens der zuständigen Einheiten vor Ort via Funk gemeldet werden. Unsere Design-Fallstudie untersucht interaktive Unterstützungsmöglichkeiten dieser Reporting-Prozesse: In einer qualitativen empirischen Studie wurden die Kommunikationspraktiken von Polizei und Feuerwehr untersucht. Darauf aufbauend wurde ein Konzept zur semi-strukturierten Artikulation von Informationsbedarfen erstellt, welches als mobile Android Applikation implementiert und mit potentiellen Nutzern evaluiert wurde. Unser Beitrag illustriert, wie zielgerichtete Informationsanfragen unter Berück-sichtigung angemessener Metadaten das Reporting örtlich verteilter Einsatzkräfte unterstützen können.},
    booktitle = {Mensch \& {Computer} 2013: {Interaktive} {Vielfalt}},
    publisher = {Oldenbourg-Verlag},
    author = {Ludwig, Thomas and Reuter, Christian and Pipek, Volkmar},
    editor = {Boll, Susanne and Maaß, Susanne and Malaka, Rainer},
    year = {2013},
    keywords = {Cooperation, HCI, Projekt-InfoStrom, SocialMedia, UsableSec},
    pages = {317--320},
    }

  • Christian Reuter, Michael Ritzkatis (2013)
    Unterstützung mobiler Geo-Kollaboration zur Lageeinschätzung von Feuerwehr und Polizei
    Proceedings of the International Conference on Wirtschaftsinformatik (WI) (Best Paper Award Nominee) Leipzig, Germany.
    [BibTeX] [Abstract] [Download PDF]

    Aufgrund komplexer und dringlicher Aufgaben steht die Zusammenarbeit über örtliche und organisationale Grenzen hinweg bei Behörden und Organisationen mit Sicherheitsaufgaben (BOS), wie Feuerwehr und Polizei, an der Tagesordnung. Ziel dieses Beitrags ist es zu untersuchen, wie die Kollaboration von Einsatzkräften vor Ort und jenen in der Leitstelle durch mobile Geokollaborationssysteme unterstützt werden kann. Nach einer Darstellung verwandter Arbeiten werden anhand einer qualitativen empirischen Studie die Informations- und Kommunikationspraktiken mobiler Einsatzkräfte vorgestellt. Hierauf aufbauend folgt die Konzeptionierung und Umsetzung eines mobilen Geokolla- borationssystems, welches an ein bestehendes Krisenmanagementsystem und Geoinformationssystem (GIS) angebunden ist und als Android-App realisiert wurde. Abschließend werden die Evaluationsergebnisse dieses Systems im Anwendungsfeld vorgestellt.

    @inproceedings{reuter_unterstutzung_2013,
    address = {Leipzig, Germany},
    title = {Unterstützung mobiler {Geo}-{Kollaboration} zur {Lageeinschätzung} von {Feuerwehr} und {Polizei}},
    url = {http://www.peasec.de/paper/2013/2013_ReuterRitzkatis_MobileGeoKollaboration_WI.pdf},
    abstract = {Aufgrund komplexer und dringlicher Aufgaben steht die Zusammenarbeit über örtliche und organisationale Grenzen hinweg bei Behörden und Organisationen mit Sicherheitsaufgaben (BOS), wie Feuerwehr und Polizei, an der Tagesordnung. Ziel dieses Beitrags ist es zu untersuchen, wie die Kollaboration von Einsatzkräften vor Ort und jenen in der Leitstelle durch mobile Geokollaborationssysteme unterstützt werden kann. Nach einer Darstellung verwandter Arbeiten werden anhand einer qualitativen empirischen Studie die Informations- und Kommunikationspraktiken mobiler Einsatzkräfte vorgestellt. Hierauf aufbauend folgt die Konzeptionierung und Umsetzung eines mobilen Geokolla- borationssystems, welches an ein bestehendes Krisenmanagementsystem und Geoinformationssystem (GIS) angebunden ist und als Android-App realisiert wurde. Abschließend werden die Evaluationsergebnisse dieses Systems im Anwendungsfeld vorgestellt.},
    booktitle = {Proceedings of the {International} {Conference} on {Wirtschaftsinformatik} ({WI}) ({Best} {Paper} {Award} {Nominee})},
    author = {Reuter, Christian and Ritzkatis, Michael},
    editor = {Alt, Rainer and Franczyk, Bogdan},
    year = {2013},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, SocialMedia, Student, Ranking-CORE-C, Ranking-VHB-C, UsableSec, Ranking-WKWI-A},
    pages = {1877--1891},
    }

    2011

  • Christian Reuter (2011)
    IT-basierte Kooperationsunterstützung im interorganisationalen Krisenmanagement
    In: Michael Koch: Doktoranden-Kolloquium der Tagung Mensch & Computer 2011. .
    [BibTeX] [Abstract] [Download PDF]

    Die Dezentralität einer Organisation hat maßgeblichen Einfluss auf die Ausgestaltung von Kooperationsprozessen und deren Unterstützung durch IT-basierte Kooperationssysteme. Mein Dissertationsvorhaben untersucht momentane und potentielle Kooperationsprozesse im Spannungsfeld von Behörden und Organisationen mit Sicherheitsaufgaben, Unternehmen, Organisationen und Bürgern im interorganisationalen Krisenmanagement bei Großschadenslagen. Ziel ist die Beantwortung der Frage, wie IT-basierte Kooperationsunterstützung dezentraler Organisationen am Beispiel des Krisenmanagements erfolgen kann.

    @incollection{reuter_it-basierte_2011,
    title = {{IT}-basierte {Kooperationsunterstützung} im interorganisationalen {Krisenmanagement}},
    url = {https://peasec.de/paper/2011/2011_Reuter_ITbasierteKooperationsunterstuetzungKrisenmanagement-MuCDoc.pdf},
    abstract = {Die Dezentralität einer Organisation hat maßgeblichen Einfluss auf die Ausgestaltung von Kooperationsprozessen und deren Unterstützung durch IT-basierte Kooperationssysteme. Mein Dissertationsvorhaben untersucht momentane und potentielle Kooperationsprozesse im Spannungsfeld von Behörden und Organisationen mit Sicherheitsaufgaben, Unternehmen, Organisationen und Bürgern im interorganisationalen Krisenmanagement bei Großschadenslagen. Ziel ist die Beantwortung der Frage, wie IT-basierte Kooperationsunterstützung dezentraler Organisationen am Beispiel des Krisenmanagements erfolgen kann.},
    booktitle = {Doktoranden-{Kolloquium} der {Tagung} {Mensch} \& {Computer} 2011},
    author = {Reuter, Christian},
    editor = {Koch, Michael},
    year = {2011},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, UsableSec, Projekt-RSBE, Security},
    }

  • Torben Wiedenhoefer, Christian Reuter, Benedikt Ley, Volkmar Pipek (2011)
    Inter-organizational crisis management infrastructures for electrical power breakdowns
    Proceedings of the Information Systems for Crisis Response and Management (ISCRAM) Lisbon, Portugal.
    [BibTeX] [Abstract] [Download PDF]

    Major electricity breakdowns like the Northeast Blackout (USA) in 2003 or the blackout in most parts of Western Europe in 2005, have shown the fundamental role of electricity in our everyday life. The experiences of these accidents show that power suppliers, firefighters, police, county administration and citizens face multifarious challenges in inter-organizational communication, information and coordination processes during coping and recovery work. In this work-in-progress paper we describe early research dealing with inter-organizational issues in emergency management (EM). We are mainly focusing on supporting social practices in inter-organizational EM, for example collaborative interpretation of emergency situations, ad-hoc coordination or supporting citizen communication and helping routines. Identified from our experiences from related projects, discussions and literature studies, we suggest potential questions and future topics in user-driven software engineering processes for EM and domain specific problems, such as supporting citizen participation, coping with information uncertainties and quality variations or enhancing inter-organizational learning.

    @inproceedings{wiedenhoefer_inter-organizational_2011,
    address = {Lisbon, Portugal},
    title = {Inter-organizational crisis management infrastructures for electrical power breakdowns},
    url = {http://www.peasec.de/paper/2011/2011_WiedenhoeferReuterLeyPipek_CrisisManagementInfrastructures_ISCRAM.pdf},
    abstract = {Major electricity breakdowns like the Northeast Blackout (USA) in 2003 or the blackout in most parts of Western Europe in 2005, have shown the fundamental role of electricity in our everyday life. The experiences of these accidents show that power suppliers, firefighters, police, county administration and citizens face multifarious challenges in inter-organizational communication, information and coordination processes during coping and recovery work. In this work-in-progress paper we describe early research dealing with inter-organizational issues in emergency management (EM). We are mainly focusing on supporting social practices in inter-organizational EM, for example collaborative interpretation of emergency situations, ad-hoc coordination or supporting citizen communication and helping routines. Identified from our experiences from related projects, discussions and literature studies, we suggest potential questions and future topics in user-driven software engineering processes for EM and domain specific problems, such as supporting citizen participation, coping with information uncertainties and quality variations or enhancing inter-organizational learning.},
    booktitle = {Proceedings of the {Information} {Systems} for {Crisis} {Response} and {Management} ({ISCRAM})},
    publisher = {ISCRAM},
    author = {Wiedenhoefer, Torben and Reuter, Christian and Ley, Benedikt and Pipek, Volkmar},
    year = {2011},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, UsableSec, Projekt-RSBE, Security},
    }

    2010

  • Norbert Balduin, Georg Becker, Jürgen Brand, Michael Görgen, Mario Hannappel, Patrick Hasenfuß, Benedikt Ley, Volkmar Pipek, Florian Probst, Christian Reuter, Thomas Rose, Gebhard Rusch, Torben Wiedenhoefer, Andreas Zinnen (2010)
    InfoStrom: Learning information infrastructures for crisis management in case of medium to large electrical power breakdowns.
    Future Security – Proceedings of the Security Research Conference Berlin, Germany.
    [BibTeX] [Abstract] [Download PDF]

    One of the most important infrastructures in modern industrialized societies is the electricity network. Due to its fundamental role for many aspects of our everyday life, power infrastructures manifest a strong dependence between power suppliers and customers. Customers take the infrastructure for granted; it appears mostly invisible to them as long as it works, but in the case of breakdowns in power supply customers become aware of the dependence on electricity. They join professional actors in the recovery and coping work with regard to the electricity breakdown: Maintenance workers of the power provider, police, firefighters, red cross, etc. These institutions are professionalized for dealing with such situations, but the people affected by a power outage also need to be considered as actors.

    @inproceedings{balduin_infostrom_2010,
    address = {Berlin, Germany},
    title = {{InfoStrom}: {Learning} information infrastructures for crisis management in case of medium to large electrical power breakdowns.},
    url = {http://www.peasec.de/paper/2010/2010_Balduinetal_LearningInfrastructuresCrisisManagement_FutureSecurity.pdf},
    abstract = {One of the most important infrastructures in modern industrialized societies is the electricity network. Due to its fundamental role for many aspects of our everyday life, power infrastructures manifest a strong dependence between power suppliers and customers. Customers take the infrastructure for granted; it appears mostly invisible to them as long as it works, but in the case of breakdowns in power supply customers become aware of the dependence on electricity. They join professional actors in the recovery and coping work with regard to the electricity breakdown: Maintenance workers of the power provider, police, firefighters, red cross, etc. These institutions are professionalized for dealing with such situations, but the people affected by a power outage also need to be considered as actors.},
    booktitle = {Future {Security} - {Proceedings} of the {Security} {Research} {Conference}},
    publisher = {Fraunhofer VVS},
    author = {Balduin, Norbert and Becker, Georg and Brand, Jürgen and Görgen, Michael and Hannappel, Mario and Hasenfuß, Patrick and Ley, Benedikt and Pipek, Volkmar and Probst, Florian and Reuter, Christian and Rose, Thomas and Rusch, Gebhard and Wiedenhoefer, Torben and Zinnen, Andreas},
    year = {2010},
    keywords = {Cooperation, Crisis, HCI, Projekt-InfoStrom, UsableSec, Projekt-RSBE, Security, Infrastructure},
    }

    2008

  • Christian Reuter (2008)
    Computerunterstütztes kollaboratives Training im Krisenkommunikations-Management am Beispiel eines Energieversorgungsunternehmens (Diplomarbeit)
    Siegen: .
    [BibTeX] [Download PDF]

    @book{reuter_computerunterstutztes_2008,
    address = {Siegen},
    title = {Computerunterstütztes kollaboratives {Training} im {Krisenkommunikations}-{Management} am {Beispiel} eines {Energieversorgungsunternehmens} ({Diplomarbeit})},
    url = {https://peasec.de/paper/2008/2008_Reuter_KrisentrainingEnergieversorger_Diplomarbeit_Auszug.pdf},
    author = {Reuter, Christian},
    editor = {Pipek, Volkmar and Wulf, Volker},
    year = {2008},
    keywords = {Cooperation, Crisis, HCI, UsableSec, Security, Projekt-RWE},
    }