Competence Center for IT Security

Applied security research for our industry

With the Competence Center for IT Security (KIS), the FZI has created a central point of contact for applied IT security research with the support of the state of Baden-Württemberg. The center offers problem-solving expertise in questions of IT security for small and medium-sized enterprises in Baden-Württemberg. At the Competence Center for IT Security, research is conducted on security technologies that are easy to understand and apply.

Contact

PD Dr.-Ing.
Ingmar Baumgart

Division Manager

New challenges posed by digitalization and the Internet of Things

Ever-advancing digitalization across all industries is making it necessary for IT systems to be increasingly networked. Systems that previously operated in complete isolation are now being connected to the Internet. This leads to a greatly increased attack surface and can enable worldwide attackers to gain access. Particularly worth protecting in this context are critical infrastructures such as power plants or hospitals – attacks on such systems can have serious consequences for the safety of people and the environment.

Likewise, the Internet of Things brings with it new security challenges. To meet these challenges, pure expertise in IT security methods and mechanisms is not enough. The key to success lies in supplementing this knowledge with in-depth expertise of the respective application domain.

Play Video

A holistic approach to secure IoT systems

The increasing complexity and global networking of IT systems brings new security challenges. To meet these challenges, pure knowledge of IT security methods and mechanisms is not enough. The key to success lies in a holistic approach. Designing and implementing a secure IoT system is an interdisciplinary endeavor. Comprehensive expertise in fundamental IT security methods and mechanisms is required:

Hardware security
Cryptography
Secure software development
Network security
IT security management
Legal aspects (e.g., data protection, liability, …)

An IT system is always designed with a specific application in mind. To ensure not only a secure but suitable system design as well, in-depth expertise in the system’s respective application domain is also required (e.g., automation and robotics, healthcare, mobility):

Terminology
Domain-specific protocols and mechanisms (e.g. OPC-UA, CAN, ETSI ITS G5)
Domain-specific requirements (e.g., availability, real-time capability)
Established development processes (e.g., V-model, SDL, …)

Our offer

The researchers at the FZI have many years of experience in application-oriented research and the transfer of research into application. At the Competence Center for IT Security, we complement this experience with deep-rooted expertise in the field of IT security. However, IT security is not the result of a one-time effort, but plays a role in all phases of the product lifecycle. Therefore, it is not least important to know which IT security methods and measures are best suited in which phases. Our work always has a strong research focus. Within this framework, we support companies in various IT security issues, such as:

Threat analysis
Best practices and methods of IT security
Technology assessment
Research on novel and applicable security solutions
Identification of legal barriers
Implementation of legal requirements for innovation technology
Pentesting
Awareness and training