Who owns my company's data? How should firmware and software be designed? And what do developers have to do to keep products secure for years to come? These and other questions relating to IT security were discussed by representatives from business and science at the Experts Meet Up on the topic of "Cybersecurity - Implementation, Data Protection and Legal Aspects". Prof. Günter Schäfer, Head of the Telematics/Computer Networks Group at the TU Ilmenau, Heiko Langenhan, Managing Director of Computer System Ilmenau GmbH, and Michael Rätze, Legal Coordinator at the Mittelstand-Digital Zentrum of the TU Chemnitz, provided important input.
Cyber security: Better awareness of security issues and investment urgently needed
Not only since incidents such as the cyberattack on the German Bundestag in 2015 or the universities paralyzed by attacks in recent years have security issues in the digital, networked space played an increasingly important role. The potential damage in the event of a cyber attack is immense, and the trend is rising as digitization progresses. Against this backdrop, scientists from TU Ilmenau met with entrepreneurs and regional stakeholders in May to discuss the topic of "Cybersecurity".
In a short keynote speech, Prof. Günter Schäfer spoke about complex network infrastructures, their security problems and the challenges that security experts are increasingly facing. From the field, he reported on affected universities, the sometimes devastating impact of cyberattacks on academic institutions, and the often inadequate security measures in place. Existing measures such as emergency plans usually only covered a minimum. In view of the further development of technologies and increasingly sophisticated attacks, he sees an urgent need for action here.
Heiko Langenhan reported on the situation in the SME sector. The initial situation is depressing according to Langenhan: The number of reported attacks is constantly increasing, but most small and medium-sized enterprises (SMEs) fundamentally lack financial and human resources for IT security. Worse still, there is often a lack of awareness of the problem, Langenhan said: IT security, which is often regarded merely as a cost item, is unfortunately often neglected - until something happens. Even then, investments in IT security are often only made to the absolute minimum required, Langenhan reported. Better awareness of security issues is urgently needed in business, as is better investment in their own security, he is convinced and pointed out that the federal ministries offer numerous consulting and support services that are used far too seldom.
Michael Rätze spoke from the perspective of a lawyer on questions of data protection, exploitation options and data ownership. He also addressed legal aspects that are often little or not at all known and are relevant to security issues.
Too little awareness of IT security issues
In the discussion, a consensus emerged relatively quickly that - with a few exceptions - there is still too little awareness of IT security issues across all sectors. Many companies see this primarily as a cost factor on which they are happy to make savings. This situation is exacerbated by the shortage of skilled workers, which is particularly noticeable in IT. The situation with regard to IT security is also precarious at universities. There was also agreement on the desire to raise awareness of IT security in general. Emergency plans or drills - comparable to a fire alarm, but currently virtually non-existent across the board - are also urgently needed for scenarios such as cyberattacks, since most employees in companies and universities do not know how to react in an emergency. A desirable first step would therefore be to create awareness for the topic through information events or internal training.
The next Experts Meet Up will be held on November 16, 2023, at 3 p.m. on the topic of "Rapid Prototyping." The venue will be announced later.