Secure Platform - Reclaim Digital Sovereignty with Secure Platforms in and from Europe
The security of any IT system depends largely on the secure design of each individual component that makes up the overall system. Current IT systems are multi-layered structures of hardware and software whose complexity is often difficult to penetrate even for experts. Commercial technologies are often non-transparent “black boxes” whose supply chain and production conditions are unknown. Vulnerabilities, which represent attack vectors, or “back doors” as hidden gateways, which the manufacturer has consciously or unconsciously integrated, can exist at practically every level of the IT system, including the hardware, i.e. the chips installed. Consequently, the actual security of a device can hardly be reliably assessed – not by an expert, and certainly not by a layman or an average end user with an affinity for IT. This represents a significant risk, especially in the professional environment, since sensitive operational information can be compromised regarding the classic protection goals of confidentiality, integrity and availability. Digital sovereignty in IT is largely non-existent today.
esatus Position - Solution Postulates for Current Problem Paradigms
Reduction of Complexity
Problem: Current systems are overloaded constructs. Implementing something that is available is easier than a design adapted to the requirements.
Solution: Design a system that contains only the components and code that are needed.
Controlled Supply Chain
Problem: Europe no longer plays a role as a supplier of mass technologies. Foreign technology manufacturers as a security risk for Europe.
Solution: Strengthening the European position in international competition by producing an attractive system solution within Europe.
Security by Design
Problem: No attention to security in conception, design and implementation of products. Time to market beats everything.
Solution: A system can only be truly secure if security is a design principle in every component and at every level of the architecture.
Problem: An update of system landscapes often requires a complete replacement. Expensive migration projects are the rule.
Solution: Long-term availability of system components and downward compatibility as a guaranteed goal.
Problem: Black boxes everywhere. Market-dominant system solutions are closed architectures that cannot be accessed by third parties.
Solution: All components in the system network should be open and thus visible and testable for everyone.
Problem: Product life cycles are extremely short, technological innovations must be integrated immediately. Design to fail - products are planned as disposable items.
Solution: Hardware that can be reconfigured during the operating life can be used longer. "Spectre & Meltdown" problems do not exist or can be solved.
Security as a Process
Problem: Short-term oriented approach in the product life cycle prevails. Corrections and (security) updates are not scheduled at all.
Solution: System security is a guaranteed product feature that is constantly questioned and optimized during the life cycle.
Problem: Technological product developments follow established paths. Risk aversion dominates.
Solution: Put niche technologies such as FPGA (known from prototyping and parallel signal processing) into everyday use.
Active Strands of Action at esatus AG
1. Expert Panels on "Secure Platform"
- The IT Security Association Germany (TeleTrusT) Working Group “Secure Platform” formulates recommendations for action to regain digital sovereignty in a politically and economically oriented position paper under the leadership of esatus AG. Architectural recommendations for KRITIS-K or GAIA-X components follow.
- An independent association of experts from the IT security industry evaluates and develops requirements for a “Secure Platform”, carries out practical tests with relevant technologies and explores market interest
2. Development Project "Secure Platform"
In cooperation with experts, esatus AG designs an open, sustainable and secure IT platform from Germany and tests it for practical suitability. The focus is on open components in software and hardware such as Linux and RISC-V. The central component of the technology stack is the productive use of FPGA (Field Programmable Gate Array) technology in business application fields. An operational concept as an operational model for production, sales, support and regular dedicated security audits by independent institutions is being developed.
3. Perspective Commitment
Establishment of a concrete open and secure IT platform alternative in Germany and Europe as a counterweight to international hardware and software manufacturers dominating the market.