In today's world, virtually every area of our lives relies on modern communications systems. Information technology is an important driver for innovations in many fields and serves to secure Germany's competitiveness. The issue of IT security is coming more into focus because we all depend on safe and reliable information technology - be it in the fields of energy supply, healthcare, logistics and transport or in the field of finance.
Cyber attacks are becoming increasingly frequent and increasingly professional. The Federal Government's networks are subject to three to five serious attacks every day. Almost every SME in Germany has experienced security incidents. According to a BITCOM study, more than 39 percent of all German companies were affected in 2012 alone. These incidents usually involve the theft of data, the violation of company secrets, computer fraud, data espionage and interception, damage to systems and computer sabotage. The manipulation of accounting and financial data is also a growing problem. The Federal Criminal Police Office confirmed a 3.4 percent increase in computer crimes in 2012, with a total of 87,871 cases. Figures showed that crimes involving the alteration of data and computer sabotage (+ 133.8 percent) are becoming an increasing hazard.
The damage caused to industry and society is immense. Industry is suffering considerable financial losses due to loss of value creation, loss of trust and industrial espionage. According to a study by Corporate Trust, the damage to German industry caused by industrial espionage totals approximately €4.2 billion per year.
The economic and societal development of today's modern industrial societies is linked inseparably with the security of their ITC systems.
IT security "Made in Germany" is an internationally recognized mark of quality. In order to secure and enhance Germany's position, the BMBF, as the German Ministry responsible for this area, has established research into innovative approaches to IT security as a priority task. This long-term research funding programme focuses on strengthening Germany's position as an industrial location and protecting the data and privacy of its citizens.
We must start today to research and develop the solutions of tomorrow if we are to deal effectively with future threats from cyberspace. We must use foresight to identify societal developments and challenges and develop and apply sustainable strategies on this basis. The BMBF has provided funding of around €66 million for projects in IT security since 2009 and supports innovative procedures and technologies to protect IT systems where data protection plays an important role from attack and unauthorized access.
In 2009, the BMBF and the Federal Ministry of the Interior (BMI) agreed in a joint declaration on cooperation in the field of IT security research to strengthen IT security as a key area of research funding in the information and communication technologies and to enhance the innovative potential of cutting-edge research. The "IT Security Research" working programme establishes the basis for achieving these objectives and for research and development work on new security technologies.
Further information is available at: http://www.vdivde-it.de/KIS/sichere-ikt/it-sicherheitsforschung
The BMBF has been supporting three competence centres for IT security since 2011 with a view to developing new approaches in this area. These centres are:
. CISPA - Center for IT Security, Privacy and Accountability in Saarbrücken
. EC-SPRIDE - European Center for Security and Privacy by Design in Darmstadt
. KASTEL - Competence Center for Applied Security Technology in Karlsruhe
The competence centres pool the abilities of the best universities and non-university research establishments in the field of cybersecurity research. Apart from bringing experts in the region together, they are also becoming increasingly important from the point of view of interdisciplinary cooperation.
Further information is available at: http://www.vdivde-it.de/KIS/sichere-ikt/kompetenzzentren
Cyber attacks often take advantage of security gaps in application software. Because inadequate attention is given to security issues when developing or integrating application software, use of this software repeatedly offers new targets for attack. Current reactive methods (firewalls, virus scanners, CERTS and other response structures) can no longer adequately deal with such attacks. Nor does the expensive retroactive implementation of security solutions eliminate problems in the long term. Privacy and security by design concepts integrate security demands into the development of products, IT applications and business models from an early stage. They do not simply react to attacks but consider and integrate questions of IT security into the design phase of the software development process. The joint strategy report issued by the three competence centres supported by the BMBF "Entwicklung sicherer Software durch Security by Design" (Developing secure software by means of security by design) describes the development pathway of security by design.
Further information is available at: www.kastel.kit.edu/downloads/Entwicklung_sicherer_Software_durch_Security_by_Design.pdf
Routers represent the crossroads on the Internet data highways. They regulate traffic and ensure the smooth transport of data from origin to destination. These routers must satisfy the highest demands; in particular, they must ensure the security of the data at all times. Simple electronic routers can be replaced by new integrated optical-electronic technologies in order to create secure, energy-efficient and robust routing technologies. The BMBF-funded EUREKA research project entitled "Safe and Secure European Routing - SASER" is bringing together partners from five European states to find scientific, technical and systemic solutions for powerful communications networks with high security standards and a sustainable cost and energy structure.
Further information is available at: www.vdivde-it.de/KIS/sichere-ikt/safe-and-secure-european-routing-saser
Small and medium-sized enterprises mainly use firewalls, port filters, virus scanners and spam filters to identify attacks. Unfortunately, these isolated systems usually fail to recognize targeted attacks on companies. Large companies use Security Information and Event Management (SIEM) systems to combine the various security systems. However, SIEM systems call for considerable specialist knowledge and involve high costs. Under the BMBF's "SME innovative" programme, the project "SIEM for SMEs" (SIMU) is studying how SIEM systems can be adapted for use in SMEs.
Further information is available at: http://www.vdivde-it.de/KIS/foerderbekanntmachungen/kmu-innovativ
Cloud computing is still considered to be a field with great economic potential. But it is also true that cloud products have yet to establish the confidence that is needed to enable their wide-scale use above and beyond private applications. The Federal Ministry of Education and Research has taken up the recommendations of the "Secure Identities" forward-looking project for the "Secure Cloud Computing" research area of the Industry-Science Research Alliance as a new research priority and is implementing this in close coordination with the "Trusted Cloud" activity of the Federal Ministry of Economics and Technology. The research projects are focusing on data protection and data safety in the cloud. One way of achieving these goals is to focus on the fundamental question of how to go about determining and assessing the security of a cloud service.
Further information is available at: http://www.vdivde-it.de/KIS/sichere-ikt/sicheres-cloud-computing
Digital communication and data processing procedures are entering all fields of our lives, thus increasingly questioning our cultural notion regarding the relationship between privacy and the public realm. In particular, social practices on the Internet and the growing demand for private data on the part of the state and industry are shifting the boundaries between the private and the public realm and frequently producing conflicts with social and legal norms. The "Privacy" research priority is studying the effects that this development could have in future as well as potential instruments that can and must adequately protect privacy in an Internet "that forgets nothing". The German Academy of Science and Engineering (acatech) has published an analysis of internet privacy within the framework of a project sponsored by the BMBF and has drafted recommendations for action. The BMBF has set up an interdisciplinary group of advisers on "Privacy" which will identify and devise concrete projects based on the results of the acatech project.
Further information is available at: http://www.vdivde-it.de/KIS/leben-in-der-digitalen-welt
Quantum communication uses quantum-cryptographically protected communication channels for the bug-proof transfer of information. Quantum-mechanically connected pairs of photons transport confidential information securely and reliably. Today, this method only allows information to be transported via glass fibres over a maximum of approximately 100 kilometres due to the absorption of the light used to convey the data. In order to achieve greater distances, the BMBF is funding research into quantum repeaters which use entanglement swapping to stationary quantum states over a distance of more than 100 kilometres.
Further information is available at: http://www.vdivde-it.de/KIS/sichere-ikt/quantenkommunikation
Training qualified personnel is an important aspect of the sustainability of German IT security research. Students at the BMBF-funded KASTEL competence centre can gain a Certificate as specialist in the field of IT security. This is comparable to a specialized master's degree. The TU Darmstadt has been offering a Master of Science degree course in IT Security since the summer semester 2010. People in employment can attend courses on the fundamentals of security at the Center for Advanced Security Research Darmstadt (CASED), leading to a certificate in IT security.