The manifesto is about the necessary level of maturity in terms of IT security.
It sets out the problem areas and identifies the important tasks that lie ahead.
Six joint propositions point out possible ways to overcome existing challenges.
Prof. Norbert Pohlmann (Institut für Internet-Sicherheit)
Chairman of TeleTrust – Federal Association for IT Security
Dr. Thomas Endres
Chairman of the Executive Board of VOICE – Federal Association of IT Users
IT is the ‘driving force’ and the basis for the well-being of our modern, global information- and knowledge-based society. We have to acknowledge that, since the emergence of IT, IT security problems have got larger every year rather than smaller. Current IT architectures of our devices, servers and network components are not securely designed and constructed to withstand the skills of smart hackers.
Every day the media report on how criminal hackers are taking advantage of the inadequate quality of software to carry out successful attacks, install malware, steal passwords and identities, and spy on our devices. Users and businesses are too tolerant of unsecure IT systems. If security
is to be improved, there will have to be a radical shift in such attitudes in future given the significance of IT in our society.
Maintaining appropriate, secure and reliable IT systems and infrastructures together is key to ensuring the successful future of our information- and knowledge-based society. Lastly, efforts to achieve digitisation must also embrace sustainability as a strategic goal. That can be achieved only
if IT technologies and services are secure and reliable.
All interested parties must develop and apply improved and effective IT solutions so that a common, secure and reliable IT network can be successfully and sustainably implemented. This requires a detailed specification of users’ requirements as well as the willingness to implement
these requirements using secure and reliable IT solutions supplied by IT manufacturers. In the future, we will implement and adopt risk-based approaches and adaptive IT security architectures both in primary applications and in industrial control components (machines and
systems). The increasingly rapid digitisation process means that IT security considerations must be incorporated into new IT architectures, IT applications and industrial control components. To achieve this successfully, regard must be given to both information technology (IT) and operational technology (OT) and the interfaces must be standardised jointly. IT security is not only a business enabler, but is also a fundamental requirement in the end-to-end process. A distinction must be drawn in connection with IT technologies and IT security requirements
between communicative digitisation and industrial digitisation, but consideration must be given to a joint IT security strategy.
From a national perspective, qualitative IT security is a major USP. ‘IT Security made in Germany’ has already established itself as the standard for IT security and data protection in Germany.
However, the development and promotion of sovereignty over IT security remains a significant challenge that must be overcome.
Hardware and software loopholes must be closed by manufacturers as soon as possible. Users have a duty to take up the improvements offered without delay. It is well known that a majority of successful attacks are perpetrated by targeting outdated software. Familiar concepts upon which current software development is based must be reviewed from the perspective of IT security and redesigned where necessary. The security level of an IT product must be clearly identifiable, verifiable and comparable with that of other products. Hardware-related IT solutions, such as in the Internet of Things (IoT) for example, also require innovative concepts so that loopholes can be patched quickly and simply. Manufacturers, integrators, operators and users of IT security solutions must take their responsibility more seriously.