Skip to main content
DSI Publications
Book Chapter
In Oxford Handbook of Cyber Security, edited by Paul Cornish, Oxford: Oxford University Press.
Secondary Title
Oxford Handbook of Cyber Security
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
open science, open educational resources, law, copyright law, data protection, privacy
The book provides an overview of legal questions in regard to open science, with a particular focus on issues of copyright and data protection.
Pages
156
ISBN
978-3-943423-66-2
ISBN (Online)
978-3-943423-67-9
Conference Proceeding
In Secure IT systems, 1st ed., 11252 vols. 236–254. Olso, Norway: Springer International Publishing.
23rd Nordic Conference, NordSec 2018, Oslo, Norway, Proceedings
2018 Best Paper Award
Subject(s)
Information technology and systems
Keyword(s)
Moving target defense, attack simulation, attack graphs, network modeling
New network security techniques and strategies, such as Moving Target Defense (MTD), with promising narratives and concepts emerge on a regular basis. From a practical point of view, some of the most essential questions in judging a new defense technique are: What kind of attacks - and under which conditions - can be prevented? How does it compare to the state-of-the-art? Are there scenarios in which this technique poses a risk? Answering these questions is often difficult and no common framework for evaluating new techniques exists today. In this paper we present an early operational version of such a practical evaluation framework that is able to incorporate static and dynamic defenses alike. The main idea is to model realistic networks and attacks with a high level of detail, integrate different defenses into this model, and measure their contribution to security in a given scenario with the help of simulation. To show the validity of our approach we use a small but realistic enterprise network as a case study in which we incorporate different realizations of the MTD technique VM migration. The quantitative results of the simulation based on attacker revenue reveal that VM migration actually has a negative impact on security. Using the log files containing the individual attack steps of the simulation, a qualitative analysis is performed to understand the reason. This combination of quantitative and qualitative analysis options is one of the main benefits of using attack simulation as an evaluation tool.
Secondary Title
Secure IT systems
Edition
1st ed.,
Journal Pages
236–254
DSI Industrial & Policy Recommendations Series (IPR)
DSI Industrial & Policy Recommendations Series (IPR)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
Blockchain, distributed ledger, strategy, policy, innovation
In its 2018 coalition agreement, the German federal government has set itself the goal of adopting a "Blockchain strategy" in this legislative period. As part of the planned promotion of Distributed Ledger and Blockchain technologies, the government wants to create a framework for the development and application of these technologies and test them in public administration. The Federal Ministry of Economics and Energy and the Federal Ministry of Finance are jointly in charge of developing the strategy. On this occasion, in a workshop on 3 July 2018 at the Digital Society Institute of ESMT Berlin, 35 experts from politics, business and science discussed how a national blockchain strategy can be practically organized. The discussion focused on the questions of what goals such a strategy should have, what the central enablers and appropriate framework conditions for the development and application of Distributed Ledger technologies such as blockchain can be in Germany, and what role the state plays in promoting the technology and managing risks in this technology field. Sarah Basic and André Eid (Federal Ministry for Economic Affairs and Energy), Dr. Christian Hampel (Ernst & Young GmbH), Dr. Jürgen Kohr (Fujitsu), Dr. Manfred Lochter (Federal Office for Security in Information Technology) and Kai Wagner (Jolocom) gave input speeches to the debate. Based on the workshop discussion, this paper outlines requirements for a national blockchain strategy. [Die Bundesregierung hat sich in ihrem Koalitionsvertrag das Ziel gesetzt, in dieser Legislaturperiode eine „Blockchain-Strategie“ zu verabschieden. Im Rahmen der geplanten Förderung von Distributed Ledger und Blockchain Technologien sollen die Rahmenbedingungen für Entwicklung und Einsatz der Technologien verbessert und diese auch in der öffentlichen Verwaltung erprobt werden. Mit der Erarbeitung der Strategie sind federführend das Bundesministerium für Wirtschaft und Energie (BMWi) und das Bundesministerium der Finanzen (BMF) betraut. Aus diesem Anlass erörterten in einem Workshop am 3. Juli 2018 am Digital Society Institute der ESMT Berlin 35 Experten aus Politik, Wirtschaft und Wissenschaft, wie eine nationale Blockchain-Strategie praktisch organisiert sein kann. Im Zentrum der Diskussion standen die Fragen, welche Ziele eine solche Strategie haben sollte, was zentrale Ermöglicher und geeignete Rahmenbedingungen für die Entwicklung und Anwendung von Distributed Ledger Technologien wie Blockchain in Deutschland sein können, und welche Rolle dem Staat bei der Förderung und Bekämpfung von Risiken in diesem Technologiefeld zukommt. Impulsvorträge für die Diskussion hielten Sarah Basic und André Eid (Bundesministerium für Wirtschaft und Energie), Dr. Christian Hampel (Ernst & Young GmbH), Dr. Jürgen Kohr (Fujitsu), Dr. Manfred Lochter (Bundesamt für Sicherheit in der Informationstechnik) und Kai Wagner (Jolocom). Auf der Grundlage der Workshop-Diskussion skizziert dieses Papier Anforderungen an eine nationale Blockchain-Strategie.]
Pages
14
Book Review

IT-Sicherheitsrecht [IT-security law]

Review of Buchbesprechungen. Paul Voigt, IT-Sicherheitsrecht, Cologne: Computer und Recht
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
Cybersecurity, information security
Book review of Paul Voigt, “IT-Sicherheitsrecht”, (IT security law), 2018
Secondary Title
Buchbesprechungen. Paul Voigt, IT-Sicherheitsrecht
Journal Pages
r81–r81
Book
SpringerBriefs in Cybersecurity, 1st ed.,New York City, New York: Springer
Subject(s)
Economics, politics and business environment; Information technology and systems
Keyword(s)
Cybersecurity, cyber defense, critical infrastructure protection, digital sovereignty, data protection, policy, strategy, regulation
JEL Code(s)
K24, N44, O25, O38
With the digitization of nearly all aspects of life, our societies increasingly depend on the resilience and security of computing and communication technologies. Hence, the protection of information technology (IT) against unauthorized access, attack, and accidental failure, has become a priority for nation-states around the world. Throughout the past one or two decades, most countries have adopted strategies, policies, and practical steps to protect the security of IT and critical infrastructures within their territory, and, by extension, their citizens. These practices are generally subsumed under the umbrella of cybersecurity. The book provides an analysis of the evolution of cybersecurity policy in Germany over the past two and a half decades. It highlights development lines as well as upcoming strategic challenges of the German cybersecurity policy.
Volume
1st ed.,
Pages
76
ISBN
978-3-319-90013-1
ISBN (Online)
978-3-319-90014-8
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
Cybersecurity, information security, legislation, risk management
With the increasing importance of the security of information technology for all areas of life, the IT security law has developed step by step without the European and German legislation being able to follow an overall draft. At the latest with the IT security regulations in the General Data Protection Regulation and the expansion of sector-specific regulations on IT security, questions of the systematization of the new area of law arise. The authors examine three key questions - the modeling of systems subject to the law, the concept of risk management, and the determination of the state of the art security measures. Finally, they outline the main elements of a restructuring of IT security law. [Das IT-Sicherheitsrecht will die IT-Sicherheit schützen, folgt aber weder auf europäischer noch auf deutscher Gesetzgebungsebene einem Gesamtentwurf. Der Beitrag geht drei Schlüsselfragen nach – der Modellierung der dem Recht unterworfenen Systeme (II.), dem Risikobegriff (III.) sowie der Ermittlung des Standes der Technik (IV.) – und entwirft Grundzüge einer Strukturierung des IT-Sicherheitsrechts (V.).]
Volume
34
Journal Pages
706–720
ISSN (Online)
2194-4172
DSI Industrial & Policy Recommendations Series (IPR)
DSI Industrial & Policy Recommendations Series (IPR) 2018 (2)
Oliver Raabe, Martin Schallbruch, Anne Steinbrück (2018)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
IT security law, state of the art, protection goals, risk definition, systematization
The report deals with the current situation of IT security law and the chance that there are going to be changes in the near future. Further, it explains the system classification of IT security law and that definitions and regulations are different in every field of expertise. Finally, it deals with the state of the art and gives recommendations.
Volume
2018
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
Cybersecurity, information security, national security, legislation
This article describes the newly enacted or rewritten regulations for the defense against IT attacks as part of IT security law: first the relevant criminal offenses, then the powers of the police and intelligence services, then of the IT security authorities and Internet providers. At the end, the political statements for the 19th parliamentary term will be compared with the remaining need for action in IT security law. Furthermore, the future of IT security law will be discussed in the context of implementation, ongoing development and consolidation.
Volume
34
Journal Pages
215–224
ISSN (Online)
2194-4172
Conference Proceeding
IET Conference & Seminar Publications CP740
Subject(s)
Health and environment; Information technology and systems
Keyword(s)
Medical devices, e-health, IoT, governance, cybersecurity, safety
As healthcare is increasingly digitized and interconnected, medical systems are exposed to IT security threats that can endanger patient health and safety. This paper examines how the convergence of safety and security risks in connected healthcare challenges the governance of medical systems safety in Europe. The analysis shows that the management of safety and security risks of medical systems requires the extension of existing governance mechanisms, including regulation, standards, and industry best practices, to combine both safety and IT security in healthcare. It puts forward policy and industry recommendations for the improvement of medical systems' cyber security in Europe, including pre-market certification and post-market monitoring and surveillance programs, effective information sharing, vulnerability handling, and patch management. The paper draws comparisons with medical device cyber security guidelines in the United States, and with technical controls, standards, and best practices in the domain of industrial control systems (ICS) security.