Cyber Security for the Future

Cyber security is the basic prerequisite for digitalization. Whether it is in automotive, production, critical infrastructure or digital services, confidence in the safety of new technologies is indispensable.

Cyber Security for the Future

Digital transformation opens up and encourages new business models. There is little doubt, however, that digitalization will not be a success without security and without trust in new technologies. Connected cars, Industrie 4.0, digital services or the energy turnaround are unthinkable without maximum cyber security.

Automotive cyber security

Whether it’s about driverless cars or electric transport, digitalization is changing vehicles and the industry that makes them. Modern cars now contain more programming code than an aircraft, and their drivers leave data trails such as movement and speed profiles. Car manufacturers use this data to improve their products. Insurance companies may offer discounts to careful drivers based on how they drive. Data protection activists, however, have a more critical perspective: up until now, drivers have not known what data they are disclosing, and have had no influence over doing so. Researchers from the Fraunhofer Institute for Secure Information Technology SIT now want to change that along with their partners from research organizations, the German government and the industry in a project entitled “Self-Protection of Data in Networked Vehicles” (Selbstdatenschutz im vernetzten Fahrzeug, SeDaFa for short).

As vehicle IT becomes ever more complex, the risk of cyber attacks grows. In a number of EU projects, Fraunhofer researchers are therefore developing integrated end-to-end IT security concepts for Car2X communication that will ensure authenticity, integrity, and confidentiality whenever sensitive data is exchanged.

Current Projects

 

Self-protected privacy in networked vehicle

Connected cars send data to manufacturers, workshops, insurance and spare parts producer.  In the project SeDaFa – self-protected privacy in networked vehicle - Fraunhofer SIT develops solutions that allow car users to determine which data may be accessed.

 

Secure vehicle-to-x communication systems

The EU research project PRESERVE aims in designing, implementing and testing a secure and scalable subsystem for vehicle-to-vehicle communication, which takes into account the particular needs of IT security.

 

More security for automotive IT

Several innovations in the automotive industry are based on IT systems and their internet connection. However, increasing connectivity also poses new vulnerabilities. Fraunhofer SIT has developed a software platform where secure control units can be developed based on a TPM 2.0.

Cyber security in manufacturing

© Photo Fraunhofer IWU

Thus far, manufacturing facilities have rarely been connected to the Internet – and have therefore been safe from online attacks. That is changing in the course of Industrie 4.0, as machines now communicate with each other, and networks are becoming more open – either within the company or for external partners. As a consequence, manufacturing facilities are now more vulnerable: data theft, espionage, and sabotage cause annual losses of more than 22 billion euros in the manufacturing industry, according to figures released by the BITKOM industry association in 2016.

To protect connected industrial facilities effectively against cyber attacks and espionage, a “National Reference Project for IT Security in the Era of Industrie 4.0” (IUNO), has been launched in Germany. Its 21 partners – including three Fraunhofer Institutes along with Bosch, Siemens and Volkswagen – are now all pooling their efforts.

The IT security laboratory at the Fraunhofer Institute for Optronics, System Technologies and Image Exploitation IOSB was specifically designed for production and automation technology. Scientists there can simulate a factory’s entire complex IT infrastructure – including the office network as well as the networks for planning, monitoring and controlling production.

Researchers from a number of Fraunhofer Institutes, together with other partners, have examined the legal, organizational and technical aspects of "IT security for industry". That is also the title of the report in which Germany’s Federal Ministry of Economic Affairs and Energy published their results.

Current Projects

 

Industrial Rights Management

Fraunhofer SIT has developed a concept companies can use to protect their manufacturing data both in distributed and networked Industry 4.0 environments. This aids companies in the realization of new inter-organizational business models.

 

Industrial Data Space

Digitalization is both driver and enabler of innovative business models. Key resource for enterprises to succeed in this endeavor is data. A prerequisite for smart services, innovative value propositions and automated business processes is the secure exchange and the easy combination of data within value networks. 

 

Security for Industrial IT Networks

To improve production, control and maintenance processes, companies increasingly interconnect their industrial environments with office IT and internet. This also intensifies the threat that operation flow may be impaired or that attackers may specifically manipulate or sabotage industrial equipment and machines.  

Cyber security for critical infrastructure

© Photo Fraunhofer

If cyber attacks paralyze critical infrastructure such as the power grid, water supplies, or medical services, the repercussions are massive. Yet small utility companies in particular often find it difficult to protect their own – and thus the entire – system adequately. Fraunhofer researchers are facilitating protection and risk analysis for this target group in particular.

The challenge lies in the fact that in the energy turnaround, facilities are connected with each other not only directly, but also increasingly via the Internet. What makes a great deal of sense in terms of energy policy represents a major challenge when it comes to cyber security, a challenge that demands robust security solutions. For those in positions of responsibility in power plants, this means the need to maintain state-of-the-art IT security across the board at all times – and not for one centralized structure, but for any number of heterogeneous, regional companies. Yet it is these companies in particular that often have difficulty in guaranteeing security.

While the Federal Office for Information Security in Germany has a standard assessment form – essentially a comprehensive questionnaire – designed to identify risks, it is far too complex for small companies. Researchers at the Fraunhofer Institute for Applied and Integrated Security AISEC are therefore involved in the MOSAIK project, intended to trim the questionnaire down: “We are shortening the process from 100 steps to 10, thereby making it much more manageable for smaller companies,” says Dr. Jörn Eichler, the head of department at Fraunhofer AISEC.

In the long term, it might even be possible to run through various measures in advance, and to test how helpful they might be against identified threats without disrupting operations.

Current Projects

 

Smart Grid Protection Against Cyber Attacks

The future smart grid represents a significant evolution in the way electric grids function. At the core of this change is an increased use of ICT to implement enhanced monitoring and control in the distribution network at medium and low-voltage levels. Ensuring the cybersecurity and resilience of smart grids is of paramount importance.

 

PREVENT – Security for data centers

The business processes of banks depend on functioning IT-Systems.  Malfunctions or outages, especially in complex data centers could result in high losses right up to insolvency of individual financial institutions. The PREVENT project develop methods and tools for a systematic security evaluation of data centers.

 

Fraud Mining for deception recognition

An efficient risk and deception management gets more and more important for electronic payments. Fraud Mining technologies help to identify deception patterns quickly and reliably to avoid credit card abuse. In addition, Fraunhofer IAIS and the PAYMINT AG have developed MINTify rule, a new deception recognition system.

Cyber security for digital services

© Photo shutterstock

Whether it’s search engines or online shops, data-driven digital services that are always accessible make everyday life easier. But how do things look when it comes to the security of services, data protection, and even users’ personal assets and identity? “Data has become the fourth production factor,” according to Michael Ochs, business unit manager at the Fraunhofer Institute for Experimental Software Engineering IESE. “The protection of an individual’s privacy, identity, and intellectual property, as well as the ability to trust the services on offer, has become a crucial issue in the use of digital services.”

The use of particular services usually requires accepting their terms and conditions: either yes or not at all. What this means, however, is that users have no influence over who does what with their personal data or when they do so (»going white«).  If  users would rather not be that transparent, the only option is not to use such services (»going black«). Fraunhofer researchers are now giving users a third – and above all, a secure – option, that of »going grey«.

Current Projects

 

Data Usage Control

The research area of Data Usage Control extends classic access control. The fundamental idea is to create comprehensive control possibilities that you can use to control your data in a fine-grained manner, even after you have granted others access to your data.

 

Cloudless Framework for privacy and data security

Especially smaller enterprises are often reluctant to use Software-as-a-service as the handle highly sensible data, thus giving away significant efficiency potential. The Cloudless Framework is solving this Problem with a technological approach.

Security made easy

© Photo shutterstock

That pills have to be bitter and security solutions need to be complex if they are to be effective is a popular misconception. In fact, it would be possible to prevent many attacks if security technologies were correctly implemented or if users chose not to bypass them. For that to happen, security technologies need to be easier to use. The aim of the usable security approach is to have technology adapt to those using it rather than the other way around, as has too often been the case in the past. Here the focus is not just on end users, but primarily on software developers: they are the people who from the start have to give some thought to security mechanisms, and embed them in their products. The easier this is, the fewer mistakes will be made as security mechanisms are embedded, and products will be all the more secure.

Current Projects

 

Volksverschlüsselung - Simply secure

End-to-end encryption protects against mass surveillance. Even though there are a number of solutions on the market, such technologies are scarcely used, because on a daily basis their use is much too complicated for most people. With Volksverschlüsselung Fraunhofer SIT is developing a simple potential use for end-to-end encryption.

 

Security by SDN

With OrchSec (Orchestrator for Security Applications) Fraunhofer SIT has developed an innovative and multifunctional SDN-based network security solution. Utilizing features and advantages of SDN, OrchSec comes as a customizable security entity providing a higher level of network security compared to what can be achieved in conventional networks.