This project will provide solutions to multiple problems. The first one is the security of information technology. The range of issues addressed includes zero-day exploits (e.g., WannaCry ransomware), denial of service attacks (e.g., Mirai), hardware attacks (e.g., based on the Meltdown and Spectre CPU flaws) up to novel types of hardware Trojans. The possibilities for these attacks originate from weaknesses in the long IT supply chains and threaten the confidentiality, integrity, and availability of systems.
The second problem is that these attacks can also threaten the safety of products, e.g., in energy infrastructures or in the automotive industry.
The third problem lies in the loss of value added because of a migration of production and competences towards competing economies (e.g., US and China). Sovereignty would mean to have full control of the characteristics of information technology, to be sure that no hidden features are implemented, that no business secrets can be stolen, and to benefit economically from such control.
These objectives are difficult to meet because any component involved in the supply chain may have multiple flaws, possibly even due to problems in the development tools used. Furthermore, while more secure components will reduce overall costs, developing them may initially increase costs. Hence, regulation making secure systems mandatory can help because competing companies would operate under the same conditions. Since other parts of the world are also working on controlling the supply chains, research on options and there implementation in industry is indispensable.
The project will include the following activities:
- Risk analysis
- Exploration of technical options, such as (1) the control of the entire supply chain, from the application layers through to the operating system and the hardware and tools used; (2) open, certified and proven paths; (3) migration paths of solutions, e.g., from small systems to large ones
- Exploration of supportive economic and legislative actions
- Contribution to setting up a transition process and participation in the development of prototypes
- Discussion of results, involving stakeholders, and refinement of options, prototypes, and product visions
The objectives will be pursued by means of expert interviews, dissemination activities, workshops, maintenance of a website, as well as participation in the specification and development of prototypes.