Europe's IT security offensive

Hackers took over Twitter accounts of well-known entrepreneurs and politicians in mid-July for fraudulent transactions. In May, supercomputers throughout Europe were compromised. And the German IT industry association Bitkom estimates the damages caused by attacks on companies' IT systems in 2019 at more than 100 billion euros in Germany alone - twice as much as in the previous year. "Cybersecurity is becoming increasingly important, CONCORDIA is therefore building up a competence network for the topic in Europe and wants to create awareness in all areas of society," explains Reinhard Gloger, who is coordinating the work for the EU research project at the Leibniz Supercomputing Centre (LRZ).

Bundling experience and know-how

CONCORDIA stands for "Cybersecurity Competence for Research and Innovation". Since 2019 it has built an ecosystem for cybersecurity experts made up of universities, scientific compute centres such as the LRZ and companies from diverse industries. By now a total of 60 partners and more than 220 participants has joined. They are all already working on technical solutions, cryptography and documentation methods, standards for data protection, data security and the control of IT and Internet services. CODE, the Research Centre for Cyber Defence at the Universität der Bundeswehr München (UniBW) is leading the efforts and continues to build and extend the ecosystem. The goal is to develop next-gen cybersecurity tools to improve IT products and services – all guided by the experience and the know-how existing in the project. "CONCORDIA is not a classic EU or Horizon2020 project," says Dr. Nils gentschen Felde, Head of Cyber Defence at CODE. "Instead of basic research, it is primarily about building the ecosystem and bundling existing experience and knowledge."

Almost 25 million Euros are being invested by the EU, individual nations and companies in the project, which is intended to further strengthen Europe's position in digital technology. In particular, the e-health, electromobility, autonomous driving and flying, finance and telecommunications sectors are at the centre of efforts to achieve security and standards, to create secure spaces for IoT and for human computer interaction.

Combining knowledge on platforms

concordia

After an mid-term project review in June 2020 CONCORDIA is making good progress: The website already links to a catalogue of various services ranging from job offers for security experts and information to research results and beneficial open source tools for small and medium-sized businesses. An interactive map of Europe shows qualification offers, specialists from various disciplines from forensics to risk management, from malware analysis to artificial security intelligence, monitoring or privacy issues are also listed. Founders and politicians can also find advice at CONCORDIA and contacts for the promotion of initiatives and business. Last but not least, the reporting procedures for cyber-attacks are currently being standardized in Europe, so that a clearing house can be formed from these reports to evaluate attack tactics.

The LRZ supports CONCORDIA as a service provider, organises communication services as well as platforms such as GitLab for the open source security tools. Above all, however, the LRZ is involved in training and research: "As task leader in this area, we are currently planning a so-called Cyber Range with various services in the Compute Cloud", reports Gloger. "This will allow attack scenarios to be simulated and strategic training to be improved." The software for setting up these virtual simulation environments is provided by partners such as the Czech Masaryk University in Brno. Together with KYPO, it has developed a platform for researching security risks and training defence mechanisms. In order to be able to use it online throughout Europe, interfaces are needed, also for the exchange of scenarios of other cyber ranges, which have been developed by UniBW, the University of Lorraine and other partners. The LRZ is developing a platform through which all these exercise scenarios can be accessed once centrally via the CONCORDIA website.

In addition, the LRZ cooperates with the Ludwig-Maximilians-Universität München (LMU) in Software Defined Networks, SDN: If even networks built from different technical components can be uniformly controlled online, this not only simplifies communication between the technology, but also increases security, because conflicts between different control modules are detected. CONCORDIA's SDN concepts could also help to better network different security solutions made in Europe and to intervene protectively in case of network manipulation.