Cybersecurity research to boost Germany's competitiveness

Cyber attacks are a daily reality affecting companies, public institutions as well as private individuals.

Cyber attacks are a daily reality affecting companies, public institutions as well as private individuals. 96 percent of all German small and medium-sized enterprises (SMEs) have already had unpleasant experiences involving IT security incidents. In recent years, research funding by the Federal Ministry of Education and Research (BMBF) to protect IT infrastructures and systems has helped to make Germany one of the leading nations in the area of IT security.

In today's world, virtually every area of our lives relies on modern communications systems. Information technology is an important driver for innovations in many fields and serves to secure Germany's competitiveness. The issue of IT security is coming more into focus because we all depend on safe and reliable information technology – be it in the fields of energy supply, healthcare, logistics and transport or in the field of finance.

Sicherheitskonzept: Sichern digitalen Hintergrundes
© Thinkstock / camij

Cyber attacks are becoming increasingly frequent and increasingly professional. The Federal Government's networks are subject to three to five serious attacks every day. Almost every SME in Germany has experienced security incidents. According to a BITCOM study, more than 39 percent of all German companies were affected in 2012 alone. These incidents usually involve the theft of data, the violation of company secrets, computer fraud, data espionage and interception, damage to systems and computer sabotage. The manipulation of accounting and financial data is also a growing problem. The Federal Criminal Police Office confirmed a 3.4 percent increase in computer crimes in 2012, with a total of 87,871 cases. Figures showed that crimes involving the alteration of data and computer sabotage (+ 133.8 percent) are becoming an increasing hazard.

The damage caused to industry and society is immense. Industry is suffering considerable financial losses due to loss of value creation, loss of trust and industrial espionage. According to a study by Corporate Trust, the damage to German industry caused by industrial espionage totals approximately €4.2 billion per year.

The economic and societal development of today’s modern industrial societies is linked inseparably with the security of their ITC systems.

IT security affects each and every one of us

IT security "Made in Germany" is an internationally recognized mark of quality. In order to secure and enhance Germany's position, the BMBF, as the German Ministry responsible for this area, has established research into innovative approaches to IT security as a priority task. This long-term research funding programme focuses on strengthening Germany's position as an industrial location and protecting the data and privacy of its citizens.

  • Industry 4.0: The German economy depends on exports of high technology goods. Production processes must be as efficient as possible in order to maintain the competitiveness of German industry. This involves using innovative IT systems which enable entirely new production methods – under the catchword "Industry 4.0". Industry 4.0 means extensive networking. IT security and protection against espionage are turning into key issues for the German machine and plant construction industry as machines, plants and products become increasingly intelligent and involve intensive exchanges of data.
  • Privacy: Many areas of life are changing fundamentally as a result of digitalization and the Internet. Global social networks are opening up new opportunities for communication and interaction; search engines are contributing to the procurement of information and are supporting education and the acquisition of knowledge. The Internet serves as a global market place, encourages democratic innovations and individual fulfilment. At the same time, the Internet also allows personal data to be stored and linked to an unprecedented extent. The many different Internet services and applications often meet with justified reservations on the part of the public as they frequently entail involuntary insights into people's private lives. This personal data is not only of great interest to industry, it is also often used to a considerable extent by state institutions. One of the key challenges facing IT security therefore is to develop processes and tools which enable members of the public to enforce their right to informational self-determination.
  • Critical infrastructures: Many areas of social and economic life depend on efficient and reliable ICT systems, and on people’s trust in the security of these systems. This is particularly obvious with regard to the use of ICT in critical infrastructures such as electricity supply, communications networks, water supply and transport. Germany, like all other modern industrial nations, depends on the efficiency of these infrastructures. In recent years, complex and in some cases prolonged attacks on the IT systems of industrial plants and infrastructures – such as Stuxnet and Duqu – have shown just how vulnerable these facilities are. Deutsche Telekom reports around 450,000 attacks per day – and this number is increasing all the time. High priority is therefore being given to projects to research and develop new solutions for IT security at critical infrastructures.
  • Safe cloud computing: Cloud computing is establishing itself throughout the world as a ubiquitous and ever-available, flexible and expandable method of providing IT services. However, established security technologies can often only be applied to cloud applications to a limited extent, or not at all. At the same time, cloud-based infrastructures that are distributed throughout the world offer attractive targets. New, verifiable security concepts must therefore be developed and implemented in order to make full use of the potential of cloud computing. Only then will users have confidence in cloud computing as a business model.

BMBF funding: Research for the IT security of tomorrow

We must start today to research and develop the solutions of tomorrow if we are to deal effectively with future threats from cyberspace. We must use foresight to identify societal developments and challenges and develop and apply sustainable strategies on this basis. The BMBF has provided funding of around €66 million for projects in IT security since 2009 and supports innovative procedures and technologies to protect IT systems where data protection plays an important role from attack and unauthorized access.

Strengthening interdepartmental cooperation: “IT Security Research” working programme

In 2009, the BMBF and the Federal Ministry of the Interior (BMI) agreed in a joint declaration on cooperation in the field of IT security research to strengthen IT security as a key area of research funding in the information and communication technologies and to enhance the innovative potential of cutting-edge research. The "IT Security Research" working programme establishes the basis for achieving these objectives and for research and development work on new security technologies.

Further information is available at:

Conducting research together: Competence centres for IT security

The BMBF has been supporting three competence centres for IT security since 2011 with a view to developing new approaches in this area. These centres are:

  • CISPA - Center for IT Security, Privacy and Accountability in Saarbrücken
  • EC-SPRIDE - European Center for Security and Privacy by Design in Darmstadt
  • KASTEL – Competence Center for Applied Security Technology in Karlsruhe

The competence centres pool the abilities of the best universities and non-university research establishments in the field of cybersecurity research. Apart from bringing experts in the region together, they are also becoming increasingly important from the point of view of interdisciplinary cooperation.

Further information is available at:

Giving hackers the slip: Protecting privacy and security by design

Cyber attacks often take advantage of security gaps in application software. Because inadequate attention is given to security issues when developing or integrating application software, use of this software repeatedly offers new targets for attack. Current reactive methods (firewalls, virus scanners, CERTS and other response structures) can no longer adequately deal with such attacks. Nor does the expensive retroactive implementation of security solutions eliminate problems in the long term. Privacy and security by design concepts integrate security demands into the development of products, IT applications and business models from an early stage. They do not simply react to attacks but consider and integrate questions of IT security into the design phase of the software development process. The joint strategy report issued by the three competence centres supported by the BMBF "Entwicklung sicherer Software durch Security by Design" (Developing secure software by means of security by design) describes the development pathway of security by design.

Further information is available at:

Expanding the data highway: Security and energy efficiency through optical processes

Routers represent the crossroads on the Internet data highways. They regulate traffic and ensure the smooth transport of data from origin to destination. These routers must satisfy the highest demands; in particular, they must ensure the security of the data at all times. Simple electronic routers can be replaced by new integrated optical-electronic technologies in order to create secure, energy-efficient and robust routing technologies. The BMBF-funded EUREKA research project entitled "Safe and Secure European Routing - SASER" is bringing together partners from five European states to find scientific, technical and systemic solutions for powerful communications networks with high security standards and a sustainable cost and energy structure.

Further information is available at:

Mobilizing strengths to deal with cyber attacks: Systems for small and medium-sized enterprises

Small and medium-sized enterprises mainly use firewalls, port filters, virus scanners and spam filters to identify attacks. Unfortunately, these isolated systems usually fail to recognize targeted attacks on companies. Large companies use Security Information and Event Management (SIEM) systems to combine the various security systems. However, SIEM systems call for considerable specialist knowledge and involve high costs. Under the BMBF's "SME innovative" programme, the project "SIEM for SMEs" (SIMU) is studying how SIEM systems can be adapted for use in SMEs.

Further information is available at:

Protecting data in the cloud – Cloud computing can be safe

Cloud computing is still considered to be a field with great economic potential. But it is also true that cloud products have yet to establish the confidence that is needed to enable their wide-scale use above and beyond private applications. The Federal Ministry of Education and Research has taken up the recommendations of the "Secure Identities" forward-looking project for the "Secure Cloud Computing" research area of the Industry-Science Research Alliance as a new research priority and is implementing this in close coordination with the "Trusted Cloud" activity of the Federal Ministry of Economics and Technology. The research projects are focusing on data protection and data safety in the cloud. One way of achieving these goals is to focus on the fundamental question of how to go about determining and assessing the security of a cloud service.

Further information is available at:

Protecting private data: Research priority to protect privacy

© Thinkstock

Digital communication and data processing procedures are entering all fields of our lives, thus increasingly questioning our cultural notion regarding the relationship between privacy and the public realm. In particular, social practices on the Internet and the growing demand for private data on the part of the state and industry are shifting the boundaries between the private and the public realm and frequently producing conflicts with social and legal norms. The "Privacy" research priority is studying the effects that this development could have in future as well as potential instruments that can and must adequately protect privacy in an Internet "that forgets nothing". The German Academy of Science and Engineering (acatech) has published an analysis of internet privacy within the framework of a project sponsored by the BMBF and has drafted recommendations for action. The BMBF has set up an interdisciplinary group of advisers on "Privacy" which will identify and devise concrete projects based on the results of the acatech project.

Further information is available at:

Bug-proof communication: Quantum communication

Quantum communication uses quantum-cryptographically protected communication channels for the bug-proof transfer of information. Quantum-mechanically connected pairs of photons transport confidential information securely and reliably. Today, this method only allows information to be transported via glass fibres over a maximum of approximately 100 kilometres due to the absorption of the light used to convey the data. In order to achieve greater distances, the BMBF is funding research into quantum repeaters which use entanglement swapping to stationary quantum states over a distance of more than 100 kilometres.

Further information is available at:

Recruiting young researchers in the field of cybersecurity: Study programmes and training courses

Techniker im Serverraum
© Thinkstock

Training qualified personnel is an important aspect of the sustainability of German IT security research. Students at the BMBF-funded KASTEL competence centre can gain a Certificate as specialist in the field of IT security. This is comparable to a specialized master's degree. The TU Darmstadt has been offering a Master of Science degree course in IT Security since the summer semester 2010. People in employment can attend courses on the fundamentals of security at the Center for Advanced Security Research Darmstadt (CASED), leading to a certificate in IT security.