In their secUnity roadmap, 30 renowned European IT security experts of the BMBF-funded secUnity collaboration outlined how digital threats on the European level can be responded to more efficiently in the future. Among these experts also are researchers from Karlsruhe Institute of Technology (KIT). Today, the secUnity scientists will present the roadmap in Brussels and hand it over officially to the ENISA European Union Agency for Network and Information Security.
The experts strongly criticize the frequent use of hardware solutions without any IT security check. This threatens digital sovereignty of Europe. "This situation might be improved by European testing institutes that independently analyze the technology," says Professor Michael Waidner, Director of the National Research Center for Applied Cyber Security CRISP and of the SIT Fraunhofer Institute in Darmstadt. Moreover, open-source software and hardware solutions should be developed transparently in the EU.
But approaches to developing trustworthy European solutions are not sufficient to effectively protect interconnected systems, as they will continue to incorporate a large number of inexpensive, but insecure hardware and software components in the future. Using the smart home as an example, Professor Claudia Eckert, Director of the AISEC Fraunhofer Institute in Munich, says: "We need solutions to minimize the risks of such components and to operate the systems in a resilient way. Cameras, door openers, heating controls, any automatic device at home may be the gateway for big attacks. Secure gateways to connect insecure components ensure that sensitive information will not leave home and control components cannot be accessed from outside." Resilience in spite of uncalculable components has to be guaranteed in particular for critical infrastructures, such as healthcare and energy supply systems, as well as for public authorities and companies.
Development of quantum computers that is being pushed worldwide also entails major risks. Jörn Müller-Quade warns: "A quantum computer big enough to threaten the security of current cryptographic methods has not yet been built, but this might change quickly. Current progress in quantum technology is such that we have to take precautions today already. We have to provide our complex interconnected systems with reliable encryption methods. These still remain to be studied in more detail."
Also artificial intelligence methods with their many new applications are associated with severe risks for IT security: machine learning processes can be attacked easily by specific manipulations during the learning and operation phases. "Before these technologies can be applied in critical areas or to improve the quality of life, trust in these processes and in their reliability will have to be placed on a scientific basis," Professor Thorsten Holz from Ruhr-Universität Bochum demands.
The new opportunities associated with the information society, such as smart grids that make everyday life more comfortable and help save energy, give rise to questions regarding the legal basis and in particular data security legislation. "In view of the fundamental risks caused by the digitization of entire industry sectors and of critical infrastructures, such as power and energy supply, we urgently need a harmonized legal framework for IT security in Europe," says Dr. Oliver Raabe of KIT's Center for Applied Legal Studies (ZAR). Legal standards as to which risks are acceptable and which security measures can be taken by companies still remain to be developed. The same applies to requirements relating to quality assurance and integrity of big da