In the field of meteorology, early-warning systems have centuries of experience to draw upon. Early-warning systems in IT, on the other hand -- which essentially comprise monitoring approaches -- are only just getting started and do not have such an abundance of consolidated empirical knowledge at their disposal. Given the importance of IT systems as integral components of crucial business processes and critical infrastructure, it is all the more important that this deficit be addressed as quickly as possible.

For this reason, people all around the world are making an effort to develop appropriate concepts and systems for early warnings in IT. This is one of the areas of focus in the BSI's research, as well, which is why it is working closely with a number of academic institutions and seasoned IT security providers on various approaches to make corresponding advancements. These activities have made it clear that progress needs to be made in both technical, sensor-based data collection and source-based information analysis.

Furthermore, it is important to distinguish between early warnings from centralised entities with related responsibilities (the National IT Situation Centre, for example) and early warnings for people responsible for the security of complex IT systems (or even end users of IT systems). While the National IT Situation Centre analyses the current threat landscape based on early-warning information to determine what actions need to be taken in response, the latter entities are the ones who have to implement the countermeasures recommended -- by the Warning and Information Service (WID), for instance.

At the core of many such efforts is the awareness that the combined cooperative assessment of different partial perspectives is what provides the comprehensive overview that is often so urgently needed. This principle guides the BSI's two main projects related to early warnings in IT:

• The Internet Analysis System (IAS)
• The CarmentiS project (which involves early warnings in the German internet)

. Only by merging and correlating the various partial aspects in hand is it possible to arrive at a representative overall picture of a given situation.

The particular challenge that all solution strategies for early warnings in IT have to face lies in defining indicators that describe the conditions identified and signal a need for action. To this end, a broad basis of empirical insights needs to be established in order to properly assess such observations and measurements.

All this serves the ultimate goal of early warnings in IT: to detect threats and sound the alarm early on to leave more options open for response.