Research and development

Secure Digital Identities: Accompanying Research for a Digital Identity Ecosystem in Germany

Secure Digital Identities: Accompanying research for the development of secure digital identities

In collaboration with Ernst & Young and Nimbus Technologieberatung, DSI leads the accompanying research for the technology Showcase Programme “Secure Digital Identities” of the German Federal Ministry for Economic Affairs and Climate Action. Until the end of 2024, the three partners will support the ministry with scientific monitoring, networking, and the transfer of the results of the innovation programme into standardisation and implementation. The Showcase Programme “Secure Digital Identities” promotes projects throughout Germany that focus on the development and broadly application of secure digital identities. Numerous cities and municipalities, commercial enterprises, and scientific institutions are involved. With support from the accompanying research, the various projects are intended to lay the foundation for a networked ecosystem of digital identities that will form the basis for new types of trustworthy Internet services throughout Germany.

Our experts:

Isabel Skierka, Researcher and Project Lead, DSI
Dr. Christoph Thiel, Senior Researcher and Program Lead, DSI
Konstantin Schaarschmidt, Researcher, DSI

ITSR.sys Project: Systematizing German IT Security Law

The German Federal Ministry for Education and Research (BMBF) supports the systematization of the entire legal field of IT security

IT security requirements are part of a growing number of legal regulations. In addition to "general" regulations, there is also "sector-specific" IT security legislation, for example in the fields of telecommunications or banking. Additionally, there are "primary" IT security regulations, whose objectives are the classic protection goals of confidentiality, integrity and availability of the systems, as well as "secondary" regulations, in which the IT security objectives are intermediaries for certain objectives, such as tax secrecy or the security of transactions. In the future, regulations on IT security will encompass all areas of German and European law.

Together with Karlsruhe Institute of Technology, Digitial Society Institute's "ITSR.sys" project is developing an approach for the systematization of the entire legal field of IT security. The goal is a model of a "general IT security law" that spans all areas, sectors and policy fields. "General IT Security Law", which serves as a basis for the systematic separation of general and sector-specific regulations and in this way contribute to the contribute to the consistency and coherence of the developing field of law. The project will be carried out in close cooperation with the stakeholders of IT security law in the economy, administration and science with funding from July 2020 to December 2022 provided by the Federal Ministry for Education and Research as part of the “HighTech Strategie 2025”. On the basis of an inventory of the existing legal regulations, cross-sectoral character and joint workshops with the organizations affected by IT security law affected organizations in different sectors, a model is being that addresses three areas of regulation areas: the classification of systems in IT security law, appropriate risk assessment and the integration of technologies’ level of sophistication for determining adequate IT security measures. The model is critically analyzed with external stakeholders and applied on a trial basis in three sectors in order to realize an implementable solution.

Our experts:

Nils Wehkamp, Researcher and Project Lead, DSI
Dr. Henning Lahmann, former Senior Researcher, DSI

Berlin Senate Department for the Interior and Sports: research project on cyber security of critical infrastructures

Berlin's critical infrastuctures are interrelated and a vulnerable goal for cyberattacks

The digitization of all areas of life increases our dependence on secure ICT. This can particularly create risks for our critical infrastructures (CRITIS). For our societies, they are of vital importance, and their failure could lead to lasting supply bottlenecks or significant disruptions to public safety and order. Especially in a major city like Berlin, CRITIS are highly vulnerable. Failures in one area, can affect others.

For this reason, the DSI was conducting a comprehensive research project on the cyber security of critical infrastructures (CRITIS) on behalf of Berlin’s Interior Senate. Through hosting of several dialogue workshops, we identified risks and dependencies besides analysing them. In collaboration with the Senate and critical infrastructure providers, based on the ISO 27000-series, Lola Attenberger developed a model for an Urban-Cyber-Risk-Analysis (UCR). This model is a pioneer model, aiming to function as a basis for an international standard to improve local cyber crisis prevention. The model entails in addition to technical and organizational risks, cross-sectoral risks on the meta-level. Furthermore, the workshops served the purpose to establish networks for streamlined crisis communication and cooperation among the invited stakeholders, a process supported scientifically by DSI through modelling information and communication relationships. In this way, the project aimed at connecting the relevant actors in order to increase resilience of Berlin's CRITIS against cyberattacks and to improve the reactive abilities in a promptly and coordinated manner in case of emergencies.

Our experts:

Lola Attenberger, Former Researcher & Project Lead, Digital Society Institute Berlin, ESMT Berlin
Nils Wehkamp, Researcher & Project Lead, Digital Society Institute Berlin, ESMT

TÜV Nord AG: Industrial Cyber Security

TÜV Nord supported a research project on industrial and embedded information technology (IT) security with a research grant from August 2016 to July 2020.

In the project, we examined and evaluated methods for the management of information security risks, as well as broader industrial cyber security, digital policy and innovation issues. The project focused on the management of converging IT security and safety risks in industrial environments as well as on processes to evaluate and certify IT security.

IT is now an inherent part of safety-critical systems whose failure can lead to severe damage of property or the environment, or even the loss of human life. Hence, systems controlling the provision of critical services like electricity and water, industrial production processes, or health and automotive systems now depend on the reliable functioning of the IT components and networks they are connected to.

Our expert:

Isabel Skierka, Researcher, Digital Society Institute Berlin, ESMT Berlin

Rheinmetall AG: Moving Target Defense – a paradigm shift in network security

Securing your corporate network against intruders becomes increasingly challenging with the increased number of connected devices, as well as cloud services.

To date, attackers have generally been at an advantage: An attacker would only need to find a single hole in the defenses in order to launch an attack, and the attack surface has been ever increasing. Moving Target Defense is an innovative concept that tries to eliminate this imbalance. The network constantly readjusts itself and hides each participant within it, constantly changing the attack surface. The latter can thereby be significantly decreased since an attacker only has access to a small portion of the system at any one time. In this way, Moving Target Defense can help level the playing field between attackers and defenders by providing a means to decrease the attack surface despite the increased complexity of modern networks.

Here at DSI, we looked at this promising technology from a scientific perspective. Together with our project funder Rheinmetall, we evaluated the new concepts and tried to put them on a sound theoretical basis. In particular, we developed modeling techniques that allowed us to make very concrete statements about the added benefits of different Moving Target Defense techniques and analyzed their efficiency compared with traditional countermeasures such as firewalls.

Our experts:

Dr. Georg T. Becker; Senior Researcher, Digital Society Institute Berlin, ESMT Berlin
Alexander Bajic; Researcher, Digital Society Institute Berlin, ESMT Berlin

CYDEF 2018 NATO SPS ARW on Cyber Defense Capacity Building

This NATO SPS Advanced Research Workshop, directed by Dr. Sandro Gaycken, explored requirements and options for individual and collective cyber capacity building with a focus on the special regional requirements of Japan and neighboring countries.

The event brought together international key experts in strategic and technical cyberdefense to discuss and narrow down the options and to assist in establishing a military cyber stability in the region. It aimed for enhancing mutual understanding, exchange of ideas and future collaboration in the field.

Besides the Digital Society Institute, the Ministry of Defense, Japan, the Army Cyber Institute, US Army, the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE), the Economic Research Institute, the Japan Society for the promotion of Machine Industry, the Defense Structure Improvement Foundation and the Governance Architect Foundation actively supported the event.

As an overarching goal the event aimed at deepening and further expanding diplomatic relations between the collaborating countries and was considered of high value by NATO´s Secretary General Jens Stoltenberg.

Our expert:

Dr. Sandro Gaycken; Director, Digital Society Institute Berlin, ESMT Berlin

NATO SPS project on cyber defense in the Middle East

This NATO SPS project, directed by Dr. Sandro Gaycken, developed the national military cyberdefense strategy for Jordan, and implemented the strategy jointly with the Jordan Armed Forces.

As technical tasks of the project, a MILCERT was selected, acquired and set up, a cyber training center was conceptualized and set up, and a security testing center was devised and set up. As tactical, strategic and political tasks, trainings for cyber officers in EUR and US were organized, a national awareness, training and education program was designed, cyber security cooperative networks, regional and international and PPP, were built, a national framework for information security standards and policies was devised, university curriculas were proposed and counter-propaganda measures against extremists’ Internet propaganda were recommended. Capacity-building aimed to create resilience against sophisticated regional cyber threats.

Our expert:

Dr. Sandro Gaycken; Director, Digital Society Institute Berlin, ESMT Berlin

Hensoldt Holding GmbH: High Assurance Cyber Military Systems

Militaries deploy sophisticated IT-based technologies to defend their countries. However, most of these systems are not sufficiently secure to avoid manipulation or disruption in critical ways.

Hardware and software manipulations are an underestimated practical threat, and even more, military systems require tailored IT security countermeasures, addressing and hardening every single layer of IT to a military level. Jointly with Hensoldt Cyber, we developed a high assurance cyber military system solution to achieve total cybersecurity on a military level. We designed, evaluated, and implemented a tailored security concept addressing all key elements in hardware, operating system, and software. Secure IT instead of IT security.

Our expert:

Dr.-Ing. Pawel Swierczynski, Senior Researcher, Digital Society Institute Berlin, ESMT Berlin

Verimi GmbH: Platform design for identity and payment services in Europe

The Digital Society Institute (DSI) conducted a research project in cooperation with VERIMI GmbH.

VERIMI is a secure and user-friendly trust platform for identity services and payments at the European level. The platform aims to offer consumers, businesses and public authorities the possibility of quick and easy identification and, in addition, to enable cross-sector cooperation.

DSI conducted research on the success factors for the anchoring of platforms in society. The project focused on the role platforms can play in different sectors such as health care and education, as well as on cross-cutting issues such as data sovereignty. To this end, the DSI conducts policy-oriented research.

Our experts:

Martin Schallbruch, Deputy Director, Digital Society Institute Berlin, ESMT Berlin
Tanja Strüve, Researcher, Digital Society Institute Berlin, ESMT Berlin
Isabel Skierka, Researcher, Digital Society Institute Berlin, ESMT Berlin

DCSO GmbH: Public Private Partnerships on Cybersecurity in Germany

Together with the German Cyber Security Organization GmbH (DCSO), the Digital Society Institute has been assessing existing PPPs in the realm of cybersecurity in Germany in order to find a way to advance the system of public-private cybersecurity governance.

After an exhaustive stocktaking and systematization of current initiatives that involve both governmental and private stakeholders, the project evaluated the present cybersecurity infrastructure in Germany. In particular focusing on the perspective of business stakeholders, valuable input was provided through an intensive working relationship with a research group consisting of representatives of eight leading German companies (Allianz, BASF, Bayer, Bertelsmann, Daimler, E.ON, Siemens, and Volkswagen) over the course of the project.

On the basis of the results of this evaluation phase, and with a comparative view towards cybersecurity governance models in the United States, the United Kingdom, and Israel, the project resulted in an annotated and consolidated list of 12 forward-looking yet workable and realistic proposals for the future advancement of the public-private cybersecurity architecture in Germany.

Our experts:

Martin Schallbruch, Deputy Director, Digital Society Institute Berlin, ESMT Berlin
Dr. Henning Lahmann, Senior Researcher, Digital Society Institute Berlin, ESMT Berlin

Bundesdruckerei GmbH: Digital Identity Management in Germany and Europe

From September 2020 until May 2021, the Innovation Unit of Bundesdruckerei supported a DSI research project on digital identity management in Germany and Europe. The project examines organizational, political and technical success factors for digital identities and governance models for a national and European identity ecosystem. Together with a project team of Bundesdruckerei’s Innovation Unit, DSI researcher Isabel Skierka explored these topics from a multidisciplinary perspective, combining political science, computer science, and behavioral science approaches.

Our expert:

Isabel Skierka, Researcher, Digital Society Institute Berlin, ESMT Berlin

Research and development