This research agenda is about the human factor in the IT.
Usability must be systematically improved at all level
of IT security. Additionally there is more information
about the research agenda in NRW.
Prof. Thorsten Holz, Prof. Norbert Pohlmann – if(is),
Prof. Eric Bodden, Prof. Matthew Smith,
Information technology is now a part of nearly all aspects of our daily lives. Whilst communication and entertainment have already been thoroughly transformed for end users by smartphones, tablets and smart TVs, other technological developments, such as smart homes, smart production and the smart grid, are on the cusp of refashioning major aspects of private and commercial life from the ground up. At the same time, the increased networking of industrial production by means of information and
communications technologies poses a significant challenge (Industry 4.0). Economic expectations are high: these technologies will lead to the development of new business models and value chains and, at the same time, enable new service models that were previously unimaginable.
One of the most significant obstacles standing in the way of progress, however, is the existence – and increasing recognition – of real shortcomings in IT security. Despite years of intensive research
and development on secure IT systems, the number of successful attacks, and their degree of severity, continues to increase with every passing year. An April 2015 study produced by the digital association Bitkom revealed that more than half (51 per cent) of all German companies have been victims of digital economic espionage, sabotage or data theft during the preceding two years, resulting in annual loses in Germany of around 51 billion euros. It is estimated that these damages will cost some 306 billion euros in coming years. Intensified digitisation and the implementation of other technological advances will only increase the vulnerability of deployed IT systems. How can this be explained, and how can we meet these threats head-on?
The authors of this research agenda have identified the human factor as one of the key problems when it comes to IT. Existing research initiatives in other federal states, for example, devote more attention to the secure development of hardware/software systems or to investigating the principles behind security by design/privacy by design. The question that has remained overwhelmingly unexamined thus far is how security mechanisms at all levels of the value chain can be designed such
that relevant user groups can apply them more effectively. We believe that NRW possesses a unique strength as a location for top-quality research when it comes to this challenge. And it is an urgent
one. Whilst research on IT security over the past several years has focused especially on innovative technological solutions, it is ultimately people who implement and utilise these solutions.