Dependable Computing

As society and industry become increasingly dependent on digital services, the need for very high availability of data and services also increases.

This means that the services must be reliably protected by technical measures not only against unavailability due to aging or system errors, but also against acts of sabotage.

This cannot be done through redundancy and physical and logical protection of systems alone. In addition, far more sophisticated procedures are required to protect the data and systems.

real-cis is researching, developing and deploying highly innovative approaches to master this challenge.

Digital sovereignty as motivation for a secure IT ecosystem in Germany and Europe.

Information technology is firmly anchored in every area of everyday life and is the basis of digitalization. "Digital sovereignty" is a crucial precondition for Europe's competitiveness, especially with regard to "Industry 4.0", but equally for the operation of critical infrastructures or public services.

Currently, this Digital Sovereignty does not exist for several reasons:

  • There are strong dependencies on external technology producers.
  • Deployed technologies are complex, non-transparent systems.
  • Sustainable IT security does not seem to be a decision criterion.

It is neither realistic, necessary nor desirable to have all elements of a digital infrastructure developed and manufactured by European manufacturers. However, a promising and goal-oriented strategy is to have selected areas covered by European suppliers. Regaining digital sovereignty can be achieved by:

  • Reducing digital dependence on non-European providers and 
  • turning away from harmful design paradigms

as well as

  • favoring more responsible buyer behavior.

Two position papers of the IT Security Association Germany (TeleTrusT) Secure Platform Working Group have been prepared, with recommendations for action addressed to the relevant stakeholders who can ensure a new Data Sovereignty.
 

Technical recommendations for the European IT ecosystem

The TeleTrusT working group's second handout is a comprehensive work that adequately addresses the issue of dependency on Far Eastern and US-dominated supply chains. The starting point continues to be the promotion of Digital Sovereignty by strengthening or creating a European IT ecosystem to technically ensure tamper-proof processing. It builds on the established IT layer model and expands it in a targeted manner. An attack model with state actors, suppliers, operators and external attackers is superimposed to derive concrete starting points for technical recommendations.

The fundamental approach, taking into account standardization activities, risk-based procurement decisions, and security by design principles, is that in the ecosystem, the highest security categories need

  • robust supply with multiple independent suppliers per component,
  • verifiable tamper-resistant technology and
  • independence of auditors.

An expert estimate provides ideally achievable security categories per attack vector and the required implementation effort. The rough estimate yields the unsurprising statement that several thousand person-years of work are required to create the European ecosystem. On the positive side, it is considered fundamentally possible with appropriate prioritization and focus.

For more information, do not hesitate to contact us: