Chairman of the Board
TeleTrusT Germany Association
http://www.teletrust.de
Prof. Dr.
Norbert Pohlmann
IT-Security
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Content
TeleTrusT Germany
IT Security and Trustworthiness from 1989 till now
The Situation today: A Critical Assessment
A Look into the Future: What are the challenges?
Summary
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Content
TeleTrusT Germany
IT Security and Trustworthiness from 1989 till now
The Situation today: A Critical Assessment
A Look into the Future: What are the challenges?
Summary
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
TeleTrusT Deutschland e.V.
Situation
Founded in 1989
Members 100+
Government institutions
(Federal German security agency, Federal police organization, …)
User Organizations
(Banks, DATEV (Tax consulting service provider), SAP, Siemens, …)
Security Companies
(Secunet, Rohde & Schwarz, PGP, SCM, Sirrix, nexus, …)
Research Institutes / University
(different Fraunhofer Institutes, UNI Podsdam, Institute for Internet-Security - if(is), …)
IT Security consultants
(Secorvo, TüvIT, INFORA, …)
Partner
(ECO, VOI, GDD, LSEC Association, …)
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
TeleTrusT Germany
What is the TeleTrusT Association?
Mission
Together for more Security and Trustworthiness in our connected Information and Knowledge Society
What is special about the TeleTrusT Association?
Competent network
Interdisciplinary
International
Projects
European Bridge CA
T.I.S.P. (TeleTrusT Information Security Professional)
ISSE (Information Security Solutions Europe)
RSA Conference
Network Electronic Commerce
…
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Content
TeleTrusT Germany
IT Security and Trustworthiness
from 1989 till now
The Situation today: A Critical Assessment
A Look into the Future: What are the challenges?
Summary
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 7
IT Security and Trustworthiness
~ 1989: Communication Security
IT Trend:
Individualization and decentralization of IT
Defense model:
Link- and Data Network Encryption
Our attitude:
We have to hurry, before
all security problems are solved.
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 8
IT Security and Trustworthiness
~ 1999: Perimeter and Infrastructure Security
IT Trend:
Professionalization of the Internet:
e-mail and web system
Defense model:
Firewall and VPN system
Digital Signature, e-mail security and PKI
Our attitude:
We have the IT security under control!
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 9
IT Security and Trustworthiness
~ 2009: Malware / Software Updates
IT Trend:
Smart Phones, Mobile Internet
Web 2.0
Defense model:
Anti-Malware, Software Upgrades,
Personal Firewalls Vulnerability by
software errors
Our attitude:
The IT Security problems are more than we can cope with!
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Content
TeleTrusT Germany
IT Security and Trustworthiness from 1989 till now
The Situation today:
A Critical Assessment
A Look into the Future: What are the challenges?
Summary
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 11
IT Security and Trustworthiness
Today: A Critical Assessment (1/4)
Changes, Progress, Future
Development into a connected information and knowledge society.
IT Security is a changing challenge
The Internet is going beyond all borders and culture!
Time and region don´t matter anymore!
Development and change in IT are faster than ever.
The users always need to adsorb knowledge to act in the right way.
The protected values are constantly rising.
The values that we have to protect are changing over the time.
We see an innovation in attack models and the attackers are getting more professional.
IT security mechanisms are getting more complex, more intelligent and more distributed.
Over the time our IT security problems are getting bigger and bigger!
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 12
IT Security and Trustworthiness
Today: A Critical Assessment (2/4)
Problems:
Computer Security
The quality of our software is not secure enough!
Weak detection rate for malware
only 75 to 90%! Every 25. computer has malware!
The internet users are badly prepared.
E-mail Security
Less than 4 % of the users encrypt e-mails (S/MIME, PGP, …)
Less than 6 % of the users sign e-mails (In the financial world we see much more)
More than 95 % Spam e-mails!
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 13
IT Security and Trustworthiness
Today: A Critical Assessment (3/4)
Problems:
Identity Management
Password, Password, Password, … are the tools in the Internet!
Identification spaces are in the companies and
customer environments! They are not international!
Federations are not used enough!
Web Server Security
Bad security for web server / web sides
Today the main distribution of malware comes over web server
A lot of web servers are badly implemented!
Patches are not installed and if so, often very late!
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 14
IT Security and Trustworthiness
Today: A Critical Assessment (4/4)
The level of IT Security and Trustworthiness
of our IT Systems are insufficient!
Ideas for solutions:
Responsibility of the producer
Demand of IT security / IT security branch
Trusted Computing
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Content
TeleTrusT Germany
IT Security and Trustworthiness from 1989 till now
The Situation today: A Critical Assessment
A Look into the Future:
What are the challenges?
Summary
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Very fast innovation
Intelligent IT devices and flexible IT services
© Alex Slobodkin | istockphoto
© Olegbabich | Dreamstime.com, © Xy | Dreamstime.com 16 Competent people
for fast innovation
Flexible IT devices and services for flexible working conditions
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Age pyramid
Secure and trustworthy collaboration
© www.exvo.com by Danny de Wit
© Fjvsoares | Dreamstime.com, © Andresr | Dreamstime.com 17 Twice the number of people
will retire from working life
Open „Object Security“ less „Perimeter Security“
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
More CPUs, more performance
Trusted Computing in all things
© http://4.bp.blogspot.com © iStockPhoto.com, © www.concept-phones.com, Yanko Design 18 Internet of Things
Spontaneous
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
More artificial intelligence
IT fairy – Software Assistant
© Geo Images © iStockPhoto.com, © www.concept-phones.com, Yanko Design 19 More power,
more Intelligence
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
More clever and complex
Attack models
© simscript.com 20 The digital world is dangerous
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V.
Content
TeleTrusT Germany
IT Security and Trustworthiness from 1989 till now
The Situation today: A Critical Assessment
A Look into the Future: What are the challenges?
Summary
Pro f. D r. N orb ert Poh lma nn, Tel eTr usT Deu tsc hla n d e. V. 22 We have to do something,
to make our digital future more secure and more trustworthy!
For that we need a quantum leap
in the Security Technology,
in the Procedure
in the Co-operation with other organizations.
The future starts now, so let us start together!
TeleTrusT is ready to take responsibility for that …
TeleTrusT Germany
Chairman of the Board
TeleTrusT Germany Association
http://www.teletrust.de
Prof. Dr.
