Protecting digital nervous systems.
Text: Andreas Lorenz-Meyer
IT networks are becoming ever larger and more complex. Their security depends not only on how well individual devices are protected but also on the structure of the network. A spin-off from the University of Basel is providing targeted solutions to improve network security.
Networks form the basis of our digital infrastructure. Whether in hospitals, at universities or at energy companies, these networks need to work not only reliably but also quietly, invisibly and around the clock. If they fail, whether due to a fault or a cyberattack, operations grind to a halt. Data fails to arrive, devices cannot communicate and processes come to a standstill. The larger and more diverse these networks become, however, the harder it becomes to maintain an overview. At the university, for example, the network acts like a central nervous system, drawing together numerous things that initially appear to be unrelated: the High Performance Computing Center, which processes huge volumes of data for research; an electron microscope that delivers measurement data from a lab; medical equipment used in clinical trials; and intelligent door locks that control access. Everything depends, whether directly or indirectly, on the same network.
The Basel spin-off Narrowin has developed an approach that shows how a network actually works and where its vulnerabilities lie. This start-up has its origins at Basel University, where the computer scientists Mischa Diehm and Patrick Weber worked in the network and security team and built a mini firewall for individual devices. Together with Tim Senn, an expert in digitalization, they founded Narrowin in 2020 and expanded the concept from protection for individual devices to protection of the entire network architecture.
Which measure is most effective?
After all, this architecture is central — and its structure must be such that faults or attacks remain localized and cannot spread across the network. This is difficult for many companies and organizations, however, because their IT networks have developed over a long period of time.
With more and more devices added to them over the years, nobody knows the exact structure anymore. In these cases, the Network Explorer from Narrowin allows people to regain an overview. “We use this tool to create a digital twin of the existing network that visualizes the entire infrastructure: which areas are connected and how, and which devices communicate with one another and how,” explains Diehm. The idea is to work out where a measure will be most effective: Which subnetworks need to be separated more clearly, and which security measures need to be supplemented? Where is the “single point of failure” that, if it were to fail, could have a catastrophic impact?
It’s important that the network always be analyzed as a whole, says Diehm. This includes not only the classical information technology (IT), such as workplaces, servers and storage devices, but also operational technology (OT), such as systems that control and monitor industrial machinery or medical equipment. “Nowadays, these two things are closely interwoven.”
In hospitals and at energy companies
Narrowin’s digital twin is used when networks are particularly complex. In hospitals, for example, thousands of devices are connected across multiple buildings, from medical technology to laboratory systems and building automation. Other groups of users include energy companies, whose infrastructure — transformer substations, smart meters or district heating stations — is often spread across an entire region and interconnected over large distances. Particularly in networks of this kind, the digital twin can help to improve stability and security.
“These solutions have to act quickly without making operations more complicated,” explains Senn. “Our approach is all about simplicity. Reducing complexity is much harder than constantly adding new features.”
AI as a network assistant
The start-up is also developing new solutions in other areas, including automation. The larger and more dynamic networks become, the harder it is to guarantee their stability and security manually. “Network and security teams already have a heavy workload in many organizations,” says Senn. With this in mind, Narrowin recently developed a method for interconnecting hundreds of buildings and measurement stations in the energy sector quickly and automatically.
Another recent development is a new artificial intelligence that answers questions during network operation, such as: “Has anything changed about this configuration since last Wednesday?” This allows anomalies in the network to be located quickly and potential security gaps to be spotted in good time. Interaction with the AI does not require a cloud connection — in other words, no data leaves the network. This is another key aspect of security that Narrowin took into account.
More articles in this issue of UNI NOVA (May 2026).