The attack on Ukraine's energy grid in 2015 impressively demonstrated that cyber attacks on critical infrastructure have long been a reality. The next attack in 2016 was even more impressive because it was characterised by a high degree of automation. Automated business processes that recklessly or unknowingly damage critical infrastructure are also becoming increasingly common. From the first report in 2012 to the "power shortage" in July 2017, which was most likely due to speculation, these also pose a threat. Critical infrastructure (CRITICAL) for energy, water, food, finance and insurance, or transport and traffic are of central importance to our modern society. Very high demands are placed on their operational safety, as failures or impairments of KRITIS can have substantial negative consequences. The ongoing digitalisation in many sectors is also increasingly affecting critical infrastructures, whose operation must be automated, reliable, secure, economical and resource-efficient. However, the growth of ICT for monitoring, control and market-based optimisation is also making infrastructure more complex and dependent on the smooth interaction of digital components and the existing physical infrastructure. Maintaining the operational security of these cyber-physical systems (CPS) poses a new challenge due to their complexity. This is all the more true when people are involved in their use and operation, or when modern technologies such as learning systems take on tasks at the application level. In addition, the integration of digital technologies into KRITIS also leads to new dependencies and vulnerabilities, not only for actual malicious attackers, but also in terms of systemic misconduct.

In the PYRATE project, funded by the Federal Ministry of Education and Research for three years, the three project partners OFFIS, Bremen University of Applied Sciences and the University of Oldenburg are developing an intelligent, learning system for analysing CPS. This involves the use of software agents that adapt fully automatically to the CPS, which is represented in the investigation by a so-called digital twin, based solely on a description of the existing sensors and actuators. PYRATE independently develops a model of the system. To do this, software agents coordinate to find a vulnerability where the subdomains of the overall system operate within nominal parameters, but the overall system is destabilised by new effects arising from the interaction of the domains. In particular, so-called attackers who exploit "loopholes" in regulations are the target of the analysis strategy. PYRATE enables experts to close these loopholes, which would not have been noticed in a traditional analysis of a CPS. The attackers are also countered by AI defenders, whose job is to keep the system operational. They learn their strategy for maintaining operational security directly from the attackers.