Skip to main content
DSI Publications
Subject(s)
Information technology and systems; Strategy and general management; Technology, R&D management
Keyword(s)
Cybersecurity, cyberattack, cyber defence
Cyberattacks have become part of every company’s daily routine. Every business leader must therefore prepare for a situation in which their company is successfully attacked. Defending against a cyberattack requires many parallel activities – assessing the impact, implementing technical defense measures, collecting evidence, rebuilding reliable IT systems and business processes, and communicating with customers and partners. The article describes five lessons that will help business leaders on Day X to successfully manage a serious and complex cyberattack.
ISSN (Print)
0015-6914
Subject(s)
Information technology and systems
Keyword(s)
Surveillance, constitutional law, human rights, freedom of information, freedom of expression, journalism, disinformation, fake news
The Federal Chancellery recently finished its first draft of the revised Foreign Intelligence Service Law (BND-Gesetz) that has become necessary subsequent to the judgment of the Federal Constitutional Court in May of 2020. While the draft bill contains numerous improvements, some crucial provisions pertaining to the treatment of journalists and their trusted sources remain insufficient. The article analyses some of the problems.
Magazine article
Informationen zur politischen Bildung 344 (3): 52–61
Henning Christian Lahmann, Philipp Otto (2020)
Keyword(s)
digital transformation, human rights, cyberwar, surveillance, espionage, cybercrime, autonomous weapons systems
Over the past two decades, the progressing digital transformation has brought along a growing number of challenges in the context of security: internet crime, cyberwar and espionage, surveillance and autonomous weapons systems. While increased security measures seem indispensable, they need to be weighed against individual human rights guarantees. This chapter provides an overview of the pertinent questions.
Volume
344
Journal Pages
52–61
Subject(s)
Technology, R&D management
Keyword(s)
Cybersecurity, Cybersicherheit, hackback
The article analyses the proposed hack back/active cyber defence legislation from the perspective of international law. It concludes that while such a policy would not be contrary to Germany's obligations under international law per se, it would be hard to justify in the majority of cases. This is because the remedies self-defence and countermeasures will likely be unavailable due to the persistent problem of timely attribution of cyber operations, and the requirements of the alternative plea of necessity will rarely be met in practice.
Subject(s)
Strategy and general management; Technology, R&D management
Keyword(s)
Digital sovereignty, technology, EU, 5G, cybersecurity
For more than a year, EU member states have been debating whether and how to restrict the participation of the Chinese technology group Huawei in the expansion of their 5G mobile networks. Caught between its two main trading partners, the US and China, the EU is facing a geopolitical test on several levels. Will Europe be able to ensure the security and reliability of digital infrastructures of key economic and social importance? Will it lead the way in 5G and the associated next wave of industrialisation, or will lose out on innovation? How should EU member states deal with their dependence on foreign technologies and strengthen its "digital sovereignty", a political priority of the EU Commission under Ursula von der Leyen? The latter in particular could be the most important strategic challenge the EU has to face in the long term - especially in the context of the intensifying trade conflict between the US and China and the threat of a "decoupling" of technological supply chains.
[Über ein Jahr lang debattieren EU-Mitgliedsstaaten bereits darüber, ob und wie sie die Beteiligung des chinesischen Technologiekonzerns Huawei an dem Ausbau ihrer 5G-Mobilfunknetze einschränken sollen. Gefangen zwischen ihren beiden wichtigsten Handelspartnern, den USA und China, steht die EU vor einem geopolitischen Test auf mehreren Ebenen. Wird Europa langfristig in der Lage sein, die Sicherheit und Zuverlässigkeit digitaler Infrastrukturen von zentraler Bedeutung für Wirtschaft und Gesellschaft zu gewährleisten? Wird es bei 5G und der damit verbundenen nächsten Welle der Industrialisierung tonangebend sein oder weiter an Innovationskraft verlieren? Wie sollen die EU-Mitgliedsstaaten mit der Abhängigkeit von ausländischen Technologien umgehen und jene „digitale Souveränität“ erreichen, deren Stärkung eine der politischen Prioritäten der EU-Kommission unter Ursula von der Leyen ist? Insbesondere letztere könnte die wichtigste strategische Herausforderung sein, der sich die EU langfristig stellen muss – vor allem im Kontext des sich intensivierenden Handelskonflikts zwischen den USA und China und einer drohenden „Entkopplung“ technologischer Lieferketten.]
Pages
10
Keyword(s)
COVID-19, WHO, international law, international responsibility, International Court of Justice, reparation, compensation, pandemic, International Health Regulations, no harm principle, causality
Analysis
In The convergence puzzle: Australia, Germany and emerging cybersecurity trends, 3 vols. edited by Katja Theodorakis, 35–40. Barton, Australia: Konrad-Adenauer Foundation.
Subject(s)
Strategy and general management; Technology, R&D management
Keyword(s)
5G, technological sovereignty, Europe, cybersecurity, industrial policy
The challenges that the EU faces with 5G go beyond cyber and national security threats. For Europe, the rollout of the 5G infrastructure has become a geopolitical test on several levels. Will Europe be a shaper or taker of 5G technology and the new era of industrialization it promises to propel? How will it be able to control the security and reliability of such key digital infrastructures in the long-term? Eventually, how should EU member states manage their dependencies on foreign technologies and strengthen their “technological sovereignty” – a political priority of the incoming EU Commission led by Ursula von der Leyen? The latter might be the most important strategic issue the EU will need to tackle in the long-term and will be decisive for the Union’s ability to shape its own future in the digital age.


Secondary Title
The convergence puzzle: Australia, Germany and emerging cybersecurity trends
Pages
35–40
Subject(s)
Health and environment; Information technology and systems
Keyword(s)
COVID-19, pandemic, cyberattacks, necessity, attribution, rule of law, international law, hospitals
Conference Proceeding
Lecture Notes in Computer Science (LNCS) 11833: 40–54
Nils Wisiol, Georg T. Becker, Marian Margraf, Tudor A. A. Soroceanu, Johannes Tobisch, Benjamin Zengin (2020)
Subject(s)
Information technology and systems
Keyword(s)
Applications, Physically Unclonable Function, machine learning, modelling attack
Physical Unclonable Functions (PUFs) and, in particular, XOR Arbiter PUFs have gained much research interest as an authentication mechanism for embedded systems. One of the biggest problems of (strong) PUFs is their vulnerability to so called machine learning attacks. In this paper we take a closer look at one aspect of machine learning attacks that has not yet gained the needed attention: the generation of the sub-challenges in XOR Arbiter PUFs fed to the individual Arbiter PUFs. Specifically, we look at one of the most popular ways to generate sub-challenges based on a combination of permutations and XORs as it has been described for the "Lightweight Secure PUF". Previous research suggested that using such a sub-challenge generation increases the machine learning resistance significantly.
Our contribution in the field of sub-challenge generation is three-fold: First, drastically improving attack results by Rührmair et al., we describe a novel attack that can break the Lightweight Secure PUF in time roughly equivalent to an XOR Arbiter PUF without transformation of the challenge input. Second, we give a mathematical model that gives insight into the weakness of the Lightweight Secure PUF and provides a way to study generation of sub-challenges in general. Third, we propose a new, efficient, and cost-effective way for sub-challenge generation that mitigates the attack strategy we used and outperforms the Lightweight Secure PUF in both machine learning resistance and resource overhead.
Volume
11833
ISBN
978-3-030-42068-0
Journal Pages
40–54
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
IT-Security, Digital Sovereignty, Industrial policy
The public hearing of the Digital Agenda Committee on the topic of "IT security of hardware and software as a precondition for digital sovereignty" on Wednesday, December 11, 2019, analyzed how citizens, companies, but also public administration organizations in Germany are positioned with regard to digital sovereignty . The Committee led by Hansjörg Durz (CDU/CSU) focused primarily on the current state of Germany's IT infrastructure and governance, the need for legislative action, and security gaps.
In her statement, Isabel Skierka gives an assessment of Germany's industrial policy position in the field of digital technologies and the IT security situation and recommendations for strengthening digital sovereignty and IT security at the national and European level.

[Wie die Bürger, Unternehmen, aber auch die Verwaltung in Deutschland hinsichtlich der digitalen Souveränität aufgestellt sind, dazu gaben die Sachverständigen bei einer öffentlichen Anhörung des Ausschusses Digitale Agenda zum Thema „IT-Sicherheit von Hard- und Software als Voraussetzung für Digitale Souveränität“ am Mittwoch, 11. Dezember 2019, unterschiedliche Einschätzungen ab. Bei der Expertenbefragung unter Leitung von Hansjörg Durz (CDU/CSU) ging es vor allem um den Ist-Zustand der IT-Struktur Deutschlands, gesetzgeberischen Handlungsbedarf und Sicherheitslücken.
In ihrer Stellungnahme gibt Isabel Skierka eine Einsch¨ätzung zur industriepolitischen Stellung Deutschlands im Bereich digitaler Technologien sowie der IT-Sicherheitslage und Empfehlungen für die Stärkung digitaler Souveränität und der IT-Sicherheit auf nationaler und europäischer Ebene.]