Greater cybersecurity visibility is required
Munich, 09 December 2022
Yesterday, 8 December 2022, was the designated national day for testing the warning infrastructure. Not only did alarms and sirens ring out, but many people also received an alert to their mobile phone from Cell Broadcast, which is one of many digital safety systems. At the same time, there are more and more digital interfaces in devices, machines, vehicles and critical infrastructures, leading to an increased risk of cyber attacks. In the interdisciplinary conference “Sicherheit im virtuellen Raum” (Security in the virtual space), acatech members discussed how digital security can be stepped up.
These days not only do we carry digital devices in our pockets but traffic systems, energy grids, vehicles and Industrie 4.0 equipment, even medical devices, are becoming increasingly more intelligent and networked. As they do so, the risks of downtime (safety) and targeted attacks (security) also rise. Having said that, knowing that cyber attacks are possible should not deter innovation and the digital transformation.
Taking part in the discussion on the requirements of safety and security today were Detlef Houdeau, Senior Director Business Development of Infineon Technologies AG, Carlos Arglebe, Head of Cybersecurity with Siemens Healthineers, and Klaus Mainzer, Professor of Philosophy and Philosophy of Science at the Technical University of Munich. The conference was moderated by Jörn Müller-Quade, spokesperson of the acatech Themennetzwerk Sicherheit and professor at the KIT, and Nadine Schlüter, private lecturer in the specialist field of product safety and quality at the University of Wuppertal. Carlos Arglebe and Jörn Müller-Quade are members of the project group “Cybersecurity – Current Situation and Future Challenges”.
One conclusion the discussion drew was that awareness of these two areas of digital security needs to be raised in many areas: in companies, in the healthcare sector and in government administration. Having said that, knowing that cyber attacks are possible should not deter innovation and the digital transformation. For that reason, a recent acatech IMPULSE worked up prospects for an ambitious cybersecurity strategy for Germany.
Some risks are hard to define
After acatech President Jan Wörner welcomed everyone, Jörn Müller-Quade (KIT, acatech member and spokesperson of the Themennetzwerk Sicherheit) introduced the subject of the conference: in his opinion, there can be a trade-off between safety and security. For example, having an emergency exit in a building increases safety in the event of a fire but presents new security risks. A major challenge for research is how to quantify risks; unlikely risks with major impacts in particular are hard to quantify. However, it is important to be able to measure risks, as only then is it possible to weigh up the cost and benefit of protective measures. Jan Wörner pointed out the underestimated risk posed by solar flares. An intense storm around 160 years ago caused fires in a number of telegraph stations in the US; it would be difficult to predict the consequences for the networked world of today.
The Internet of Things is getting smart
Detlef Houdeau, Senior Director Business Development of Infineon Technologies AG, explained the difference between endpoint and network security; that is, between securing end-user devices such as laptops, mobile phones, printers and servers, and securing network components such as firewalls and gateways. Since the number of end-user devices is steadily growing and these devices are getting smarter, the need for security measures at all levels is growing. The Internet of Things is becoming the Internet of Thinking Things.
Cybersecurity affects us personally
Carlos Arglebe, Head of Cybersecurity with Siemens Healthineers, then outlined the opportunities and risks of digital twins in the medical sector. Digital twins and artificial intelligence, on the one hand, facilitate better and more personalised treatments. According to him, they can, for example, increase the breast cancer detection rate from around 96 per cent to more than 99 per cent and help with evaluating the ever-larger number of studies. AI would also help doctors to keep up to date with the meteoric pace of medical progress, given the 5,000 new medical articles a day and around 16,000 scientifically documented clinical pictures.
On the other hand, the more data are recorded, the greater the risk of data leaks and cyber attacks. Cybersecurity is a personal matter in healthcare, a matter of life and limb, Carlos Arglebe emphasised. The lack of awareness around security issues along the entire chain of the data use and data sharing is particularly problematic. Every interface is an entry point. A new model of protection; a new approach is needed.
Humans remain central
Philosopher of science Klaus Mainzer, speaker of the Principles of Science and Engineering working group, then gave an overview of the change in artificial intelligence and its capabilities. As intelligent structures in all areas of society – from mobility to energy supplies, industry to healthcare and the military – become more networked, this allows infrastructures to mesh together like a brain. Ever-deeper AI algorithms often mean that the details of AI-based decisions cannot be followed like traditional programming codes – which raises new questions about responsibility. In the view of the experts, technical safety standards are not sufficient for systems with artificial intelligence. Ethical, legal and social norms must also be considered. We need intelligent algorithms to tackle complex problems, is the conclusion he draws. But the human factor must remain central.
Combine security with values
In the final discussion, Detlef Houdeau stated that in light of supply chain issues caused by the pandemic and the upheaval caused by Russia’s war on Ukraine, cybersecurity had been relegated to the background in many companies. At the same time, cyber criminals have made the healthcare sector a target. Carlos Arglebe pointed out the lack of awareness about the problem: at all levels, more skill in handling data is required. Klaus Mainzer emphasised that the development of artificial intelligence must be backed by values: artificial intelligence supplied the tools; it is up to humans to use them for a self-determined life.
As the possibilities of networked, AI-enabled systems grow, so too do the potential risks, said Jörn Müller-Quade in summary. The participants in the conference agreed that security remains a focus for acatech. The Academy will continue to work on developing a comprehensive security concept and up-to-date concepts for safety, security and the protection of data.