Objectives and Purpose
The secUnity slogan, “Supporting the Security Community,” describes our objective, i.e. to intensify IT security research in Germany and Europe. We strive for sustainable and interdisciplinary connectivity of all researchers, experts, software engineers and users, incorporating, in particular, economic and legal perspectives of IT security.
Existing research consortia are to be supported, new ones are to be established, and communities of young researchers are to be set up. To make transparent the multiplicity and the different competences in IT security research, an IT security map will be created. It will contain a differentiated list of key research items and will be open for permanent additions.
Moreover, we are developing a process in secUnity to identify joint research topics. In a close dialog with all researchers, experts, software engineers, users, we will assess gaps in IT security in order to develop a vision of a long-term policy of IT security research. One useful tool in this dialog is the push-pull platform. In addition, a roadmap of highly relevant research topics is being developed in secUnity which can serve as a basis for future consortial projects.
We organize and support various types of events ranging from scientific workshops to open topical evenings, sometimes political, which in many ways promote dialog among the players involved. In addition, we are going to run interdisciplinary summer schools or winter schools for active promotion of young researchers in IT security.
Law and IT Security
The impacts on governments and society caused by information technologies strongly challenge the legal area of cyber security law within the public and civil law framework. Consequently, it is essential to react on political conditions on the one hand by promoting innovation and on the other hand by implementing adequate control mechanisms and limitations.
In a society with a high degree of dependency on functioning IT, law must continuously imply regulatory solutions to phenomena in the real world: As a reaction or ideally in a prospective way. However Cybersecurity law has not been developed properly, yet (from a legal point of view) due to the accelerated technological change and because it needs to include a range of legal areas as well.
Legal informatics, as a relatively young discipline, has a strong impact on all classical fields of law (public law, criminal law, civil law) whenever related to certain aspects of information and telecommunications technologies.
Besides these aforementioned areas of law other sources of law contribute to the overall complexity, leading to challenges in matters of legal certainty. As cybersecurity law is mainly codified for critical infrastructures, the need to establish a legal and interdisciplinary community is essential also for providing new legal impulses within the interdisciplinary dialog.
Consequently the focus of the legal team in secUnity is on identifying legal experts in areas of cybersecurity law. Furthermore promoting the legal community and identifying new legal areas of research are also main purposes of the project. This serves the objective of establishing an interdisciplinary, network for cooperation in order to effectively meet the challenges arising by mediating between the interest of legal regulation and freedom of innovation within cybersecurity phenomena.
Business and IT Security
Increasing digitization and the general availability and utilization of internet-based services are changing the economic environment, the daily life of individuals, and society as a whole. What is also growing is vulnerability. Many businesses and users worry about their security and privacy. To diminish the probability, and also the level, of damage arising from security incidents, improved technical solutions are being developed continuously. However, for their further dissemination it is important that these solutions are designed to be user-friendly and, at the same time, cost-efficient. Against this background, the “IT Security Economics” research area studies the economic rules of supply and demand of / for IT security solutions.
Users of IT security solutions can be persons, companies or other institutions, such as public authorities. One major purpose of work in this research area, on the one hand, is the development of economic models offering support in decisionmaking about the question whether or not specific investments in IT security are worthwhile. Another building block is the assessment of the willingness of users to pay for IT security solutions. On the one hand, this implies empirical methods of business economics and, on the other hand, psychological aspects which must be taken into account. One example is the so-called privacy paradox which means that people indicate in opinion polls that their private sphere is very important to them while they do not behave accordingly (intention-behavior gap). Similar patterns of behavior can be found also for IT security solutions. For this reason as well, more awareness of IT security is to be solicited within the framework of activities in the “IT security” profile area.
From the provider’s perspective, i.e. the perspective of IT security vendors in the narrower and broader senses, the development of business models constitutes the focus of work. On the one hand, this means applying to IT security the findings derived from research and practical experience. Again, the economic rules in the IT security industry constitute an important foundation, as do the findings about the willingness of (potential) users to pay for IT security solutions. In this way, it is possible to derive recommendations for action for IT security vendors of any size, including startups, which can help improve sustainably the competitive position of these firms.
For this reason, IT security vendors are shown on the map in order to promote cooperative ventures and further advance connectivity. In this case as well, a distinction has to be made between IT security vendors in the narrower sense (e.g. vendors of specialized IT security solutions) and in the broader sense (e.g. vendors of IT products with specific IT security features).
Increasing digitization in particular affects young (university) graduates. As a consequence, a summer school about “Economics of IT Security and Privacy” is being planned for 2017 at the Darmstadt TU and is to provide international students with valuable knowledge about the economic aspects of IT security.