Press Releases

The mechanical and plant engineering sector has shown significant progress in defending against cyber-risks. According to a current study titled Industrial Security, conducted by the German Mechanical Engineering Industry Association (VDMA) in cooperation with the Fraunhofer Institute for Applied and Integrated Security AISEC, more and more companies are investing in digital protective measures. In spite of these improvements, cyberattacks continue to cause considerable damage, with harm totaling in the nine figures. Further action is needed, especially for smaller enterprises. Social engineering and phishing represent the biggest threat to companies, followed by human error and sabotage.

Data is the key to AI, but its use requires the highest security standards. This is where the TRUSTED project from the European Commission steps in: Over the next three years, the project will develop a prototype data space for personal data that complies with the requirements of current data protection regulations (GDPR, eIDASv2, EUDI wallet, etc.) as well as the specifications of European data spaces (GAIA-X, IDSA, etc.) and provides a trustworthy service for federated learning* in the medical sector. The Fraunhofer Institute for Applied and Integrated Security AISEC is a research partner and supports TRUSTED with state-of-the-art cybersecurity and data protection technologies. The project is to receive around four million euros from the Horizon Europe program and comprises a consortium of ten partners, two research organizations, three SMEs, two large companies, two NGOs and one clinical partner.

With increasing digitalization and interconnectedness, cybersecurity is gaining ever more importance. At the same time, the risks posed by cyber attacks are increasing dramatically. Russia's war against Ukraine in particular has significantly exacerbated the threat over the past three years. At the 11th Munich Cyber Security Conference (MCSC) leading cybersecurity experts from the worlds of politics, business and science addressed the key levers for tackling this challenge: We must overcome our complacency and invest massively in our cybersecurity, all stakeholders involved must cooperate far more than before and we must make greater use of artificial intelligence (AI) and quantum computing as the biggest technological drivers of the future for cybersecurity. At the same time, we must not place too high expectations on these technologies. After all, people are and will remain the decisive factor.

The pilot line for “Advanced Packaging and Heterogeneous Integration for Electronic Components and Systems” (APECS) marks a major leap forward in strengthening Europe’s semi-conductor manufacturing capabilities and chiplet innovation as part of the EU Chips Act. APECS will make a significant contribution to the European Union´s goals of increasing technological resilience, strengthening cross-border collaboration and enhancing its global competitiveness in semiconductor technologies. The Fraunhofer Institute for Applied and Integrated Security AISEC develops security features for trusted electronics in the heterointegration of chiplets.

Microelectronics is a key technology in the technical transformation, underpinning everything from everyday objects such as smartphones and ID cards to industrial manufacturing processes and medical diagnostic systems. This makes it all the more important to ensure that electronics are reliable and trustworthy. The Velektronik research platform has teamed up with the Association for Electrical, Electronic & Information Technologies (VDE) to create a new VDE expert group titled Trusted Electronics. It is to function as a central point of contact, bringing industry, the research sector, and government agencies together to advance the topic of trusted electronics in Germany. The group’s objectives are to cultivate awareness of and support for trusted electronics, consolidate existing research activities, transfer research findings into application, and help to shape industry standards.

With its Cyber Resilience Act (CRA), the EU will in future require manufacturers to guarantee the IT security of products with digital elements. Once the CRA comes into force, which is expected to be in 2024, they will have a maximum of 36 months to demonstrate that their products comply with the new standard. However, due to complex architecture designs and the use of third-party com-ponents, assessing the need for action in concrete terms is a challenge. The Fraunhofer Institute for Applied and Integrated Security AISEC is conducting research into automated compliance testing of software components with “Confirmate”. The tool will help to automatically assess compliance with the CRA and determine the individual need for action. “Confirmate” compares the security settings with the CRA specifications and helps to quickly identify spe-cific vulnerabilities in the product. The analysis therefore saves valuable time for planning and implementing security measures. Fraunhofer AISEC will be presenting the tool's current range of functions and its application for the first time at this year’s it-sa Expo&Congress (Nuremberg, October 22–24, 2024) at the joint Fraunhofer booth in Hall 6, Booth 6-314.

Harnessing the potential of artificial intelligence (AI) is key to the future viability of companies. However, they often have limited knowledge of how to use AI in a secure way. The SENSIBLE-KI (sensitive AI) project, funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK), has brought together science and industry to analyze the security and trust-worthiness of mobile and embedded systems using the example of Android systems. The key findings and results of the project are as follows: Software-based security measures can be used effectively today. Intensive research and work is being carried out on hardware-based measures, but their use is currently restricted. Two biometric demonstrators are used to show the practical use of security technologies.

Prognoses suggest that the first quantum computers capable of breaking current cryptographic processes will be available by the early 2030s. For this reason, the development of secure algorithms for post-quantum cryptography is a major focus in politics, industry and research. After several selection rounds, the first PQC standards from the US National Institute of Standards and Technology (NIST) will be made available in 2024. At the PQC Update 2024 from the Fraunhofer Institute for Applied and Integrated Security AISEC, the German-speaking PQC community met for the third time on May 13 – 14 to discuss the current state of development of post-quantum cryptography.

In the EU project EMERALD, the Fraunhofer Institute for Applied and Integrated Security AISEC is working with partners to develop an automated certification process for providers and auditors of cloud services and applications. The aim is to pave the way for an efficient Certification-as-a-Service (CaaS) that both reliably verifies compliance with the security requirements of cloud services and applications and can also flexibly take new regulatory requirements into account. To this end, EMERALD wants to raise the Technology Readiness Level (TRL) of the technologies developed in the predecessor project MEDINA from 5 (validation in relevant environment) to 7 (prototype in operational environment).

The new VDMA study “Industrial Security and Product Piracy 2024” shows that protection against cyber attacks is becoming increasingly important for companies in the mechanical and plant engineering sector. At the same time, combating product and brand piracy remains extremely important. The study was compiled by the Fraunhofer Institute for Applied and Integrated Security AISEC. A good 100 VDMA member companies took part.