Transfer Centre for Cybersecurity in SMEs
Cybersecurity for SMEs
Research focus
Safety, Security and Law
Digitalization offers companies great opportunities to develop connected and, therefore, attractive products – from autonomously driving vehicles to smart electricity meters and networked manufacturing plants to smart refrigerators. However, the topic is highly complex: it is necessary to consider technical aspects, such as questions of functional safety and IT security, and regulatory framework conditions, such as liability or data protection. For many producers, these are major obstacles.
With its research focus “Safety, Security and Law”, the FZI is a competent partner for small and medium-sized enterprises (SMEs) – especially when it comes to clarifying related questions and researching new approaches to solutions: here, specialists for secure software and hardware development and cryptography cooperate closely with legal experts who focus on IT law and the legal evaluation of digitalized and connected products.
In an interdisciplinary process, our researchers develop new concepts for secure digitalized products, considering legal and technical aspects, together with research partners.
A key objective is improving IT security in the German market, especially for SMEs. The FZI will focus on two future technologies that promise strong economic effects: Artificial Intelligence (AI) and post-quantum cryptography.
In the field of AI, the FZI will focus more intensively on the mutual influence of AI on information safety and data security. How can AI methods for problem analysis be advanced and AI systems themselves be protected from attacks and manipulation by security mechanisms?
For SMEs, the FZI has set itself the goal of developing a strategy for post-quantum cryptography. Previous encryption methods are at risk regarding the advancing development of quantum computers. Companies’ products, services, and systems must be prepared for future security requirements.
Through its work, the FZI will increasingly support processes that strengthen the privacy and sovereignty of individuals. Critical infrastructures must be made resilient in the administration and for the citizens. Methods of IT security must be aligned through secure digital identities for citizens and empower them to handle their data with sovereignty.
Expertise
- FZI expertise mix of cryptography, security testing, incident response, hardware security and law
- IT security and AI: Methods for securing AI systems
- Approaches to increasing security using AI methods
- Development of competences in organizational aspects of IT security (including research on information security management systems and awareness measures)
Are you interested in our expertise?
Please feel free to contact us about possible collaborations or research commissions.
Transfer
Secure communication and systems for Industry 4.0, ideas on law and technology, integration into the Karlsruhe IT Security Region
A digitalization driver for small and medium-sized enterprises. This is what the Mittelstand-Digital Zentrum Klima.Neutral.Digital (SME Digital Center Climate.Neutral.Digital), which opened at the end of 2022, stands for. Thanks to digitalization, companies are to be supported on their way to carbon-neutral production by 2035. With the IT Security Competence Center, the related digitization measures are also analyzed from a cybersecurity perspective and suitable recommendations made. The Cyberwehr Baden-Württemberg’s many years of experience with cyberattacks on companies provide a basis of experience for accomplishing this.
Another structure that ensures IT security knowledge transfer to the public – which the FZI would like to intensify cooperation with in 2025 – is the Karlsruhe IT Security Region with KASTEL – Institute of Information Security and Dependability, the Competence Center for IT Security at the FZI, the DIZ | Digital Innovation Center and the Karlsruher IT-Sicherheitsinitiative (KA-IT-Si – Karlsruhe IT security initiative). The network of security specialists and cybersecurity companies established by Cyberwehr Baden-Württemberg is also to be further expanded and the exchange with similar projects and CERTs in Germany intensified.
Reliable and secure communication and a high level of system security are the most important key technologies for exploiting the added value of digitalization – especially in Industry 4.0. In the SASVI – Sicherheit auf allen Systemschichten durch Vertrauensketten und Isolierung (security on all system layers via trust chains and isolation) project, risks are evaluated at system and component level, zoning concepts and trust chains are defined and isolation measures developed and integrated. The aim of this project is to advance a concept for trust chains with continuous isolation across all system layers. In addition, a strong focus is placed on the secure and continuous integration of the components into a trustworthy overall system that is suitable for industrial applications. The SASVI concept, which can be applied in a variety of ways, will be used in the project for an industrial IoT pump application and for mobile cranes.
Research Infrastructure
Penetration tests for SMEs, online training in IT security, security testing of future mobility systems
- An essential concern of the research focus regarding the future research infrastructure is the further development of tools and methods for the efficient implementation of penetration tests for SMEs.
- In this context, the setup of a virtual computer infrastructure for the implementation of online training courses in IT security and penetration tests is to be launched.
- In the already established test laboratory for IT security, the security testing of future mobility systems is to be given increased attention. One focus here is on securing digital communication between vehicles and with the traffic infrastructure (V2X communication).
Research projects
Safety, Security and Law
InnoSecBW
Innovation with Cybersecurity for SMEs in Baden-Württemberg
FreeSBee
Hardening of embedded RISC-V software by means of code transformations
EDIH-AICS
European Digital Innovation Hub applied Artificial Intelligence and Cybersecurity
RepliCar
Reference sensor platform for high-precision sensor validation for automated driving
Shuttle2X
Safe use of automated shuttle vehicles in urban traffic through supporting infrastructure networking
Kompetenzzentrum KARL
Artificial Intelligence for Work and Learning in the Karlsruhe Region
SASVI
Security at multiple system layers based on chains of trust and isolation
ANYMOS
Competence Cluster Anonymization for Interconnected Mobility Systems
Mittelstand-Digital Zentrum Klima.Neutral.Digital
Actively addressing the challenges posed by climate change and using them as an opportunity for the German economy.