Standards and specifications for secure & innovative information systems

The world of tomorrow is connected: Many different applications and industries require an infrastructure that is increasingly convergent. However, the required communication interfaces are often proprietary – so interoperability and protective measures are inadequate.

Cyberattacks on companies, energy providers and governmental agencies have now become a daily routine. Hackers exploit vulnerabilities in systems, putting entire industrial plants out of operation, and in the worst-case scenario endangering the national energy supply.

The DKE offers combined expertise in the areas of industry, science and politics. Rely on global security specifications with the application of international standards. Trust in CERT@VDE – Germany’s first IT security platform for industrial companies.

Area of work: Cybersecurity at DKE

Cybersecurity at DKE focuses on security in information and communications technology. The IT security field of action in the cybersecurity department is being expanded to include all of cyberspace. As a result of the global increase in digitalization and networking, cybersecurity is becoming more and more significant, especially in the fields of, e.g. industrial automation or power supply.

Within DKE, cybersecurity is handled on an interdisciplinary basis. One of the main goals is to understand cybersecurity as an innovation topic and anchor it in the relevant domains.

What is the objective of standards and specifications in the field of cybersecurity?

Industry, energy, traffic, private sector: The infrastructures are merging and information technology is this revolutionary development’s enabler. As a result of the diverse communication interfaces between the various systems, there are a whole range of threats in information security and data protection that have to be considered. Many of the existing solutions are still proprietary and there is a lack of interoperability. There is an obvious need for standards and specifications.

Standards and specifications provide for the standardization of requirements and implementation variants necessary in the field of cybersecurity so systems can securely interact with each other and can ultimately be coordinated across branches.

The objective is to increase the general level of security in information technology systems and networks within and across companies and promote the development of pioneering technologies.

Where do standards and specifications apply in this field and how do we benefit from them?

Security standards create, for instance, the basis for data security and data protection on a smart grid. They ensure a dedicated security level on the technical, organizational and process-related levels. This is very important for, among other things, electrical vehicles because massive data streams are generated as a result of their communication on a smart grid.

The same applies to information streams in a smart home in which all of the appliances are networked and communicate with each other. The increased complexity of the overall system has resulted in a number of opportunities for attacks. In the context of increasing cybercrime, the importance of cybersecurity is indisputable.

Secure identities are the starting point for the security chain that secures the data streams on the hardware, software and process level. Standards and specifications ensure that every machine and every piece of hardware, has its own unique identity that simultaneously complies with privacy protection requirements. If an attacker successfully and illegally assumes an identity, all of the security measures built on that identity, for instance, access protection, are useless.

To prevent decreases in usability of systems as a result of all of the security solutions, standards and specifications also implement cybersecurity that protects technologies and users from risks, while IT systems remain usable by and acceptable to the user.

What does cybersecurity mean for DKE?

Cybersecurity deals with all aspects of security in information and communications technology. The classic IT (information technology) security field of action is being expanded to include all of cyberspace. This comprises all of the information technology connected to the Internet and comparable networks and includes communication, applications, processes and processed information based thereon. That means, as a result of increasing digitalization and networking, cybersecurity is becoming more and more significant in the fields of, e.g. industrial automation or power supply.

Within DKE, the topic of cybersecurity is handled on an interdisciplinary basis. One of the main goals is to understand cybersecurity as an innovation topic and anchor it in the relevant domains. A major challenge in this context is that well-known and established solution approaches from IT cannot be transfered one-to-one to applications in an industrial environment (operational technology = OT). The mini-computers used there (embedded systems) have to meet hard real-time requirements and the requirements of functional security. The related reprioritization of cybersecurity protection targets results in “availability” and not “confidentiality” being the highest protection priority in the industrial sector.