Cyber security
Safeguarding IT systems against attacks, espionage and sabotage
Cyber security refers to the protection of IT systems, networks, data, and digital infrastructures against cyberattacks, data loss, espionage and sabotage. In Germany, the “IT-” framework developed by the Federal Office for Information Security (BSI) forms the foundation for a robust and sustainable information security management system (ISMS).
The IT-addresses technical, organisational, infrastructural and personnel aspects in equal measure. In an increasingly interconnected world, research depends heavily on the security of information and communication systems. Researchers and institutions must therefore understand potential risks and protective measures as fundamental components of institutional security: as numerous examples in Germany and Europe have shown, both the likelihood and potential impact of cyberattacks are extremely high.
Risks include:
- Phishing and social engineering: attempts to manipulate individuals into revealing sensitive information (e.g. through forged emails)
- Malware and ransomware: malicious software that infects or encrypts systems, often to extort ransoms
- Data loss and unauthorised access: caused by security vulnerabilities or weak access controls
- Hacker attacks and espionage: attacks by external or internal actors to obtain research or personal data
- Poorly secured cloud services and mobile devices: risks due to unprotected storage and remote working environments
- Vulnerabilities in software and networks: unpatched systems and insecure applications as entry points for attacks
We provide essential resources to help you protect your research. Explore our cybersecurity guidance now!
Open Source Intelligence (OSINT)
OSINT refers to the practice of collecting, analysing, and interpreting information that is freely available in the public domain. The study “Open Source Intelligence (OSINT) application to illustrate the potential compromise of academic knowledge security systems” by DLR highlights security gaps in academic institutions and underscores the importance for institutions to not only defend against external threats but also safeguard sensitive information available across the internet.
National support measures and information (examples)
German Federal Office for Information Security (BSI)
The BSI offers expert advice and consulting services that address all facets of information security. It is the Central Reporting Office for IT Security within the federal administration.
Dutch National Cyber Security Centre (NCSC)
The NCSC identifies and clarifies risks and trends in the digital domain. It connects stakeholders, knowledge and information and provides expert support and advice.
Cybersecurity at European level
European Union Agency for Cybersecurity (ENISA)
At the European level, the European Agency for Cybersecurity (ENISA) was established in 2004 with the mission to “achieve a high common level of cybersecurity across Europe”.
EU Cybersecurity Act
The EU Cybersecurity Act is an instrument for EU cyber policy. It establishes an EU-wide cybersecurity certification framework for products, services and processes.
EU Cybersecurity Strategy
The European Commission and the High Representative of the Union Foreign Affairs and Security Policy have presented a new EU Cybersecurity Strategy. The strategy aims at ensuring a global and open internet with strong safeguards to build resilience to cyber threats.
NIS Directive
The Directive on security of network information and systems (NIS Directive) tackles the cross-border characteristic of cybersecurity by fostering the creation and cooperation of governmental bodies for supervision of cybersecurity in all EU Member States. Read more
European Cybersecurity Atlas
The European Cybersecurity Atlas lists research centres working on cybersecurity security issues in the EU.
EU Cybersecurity Policies
An overview of EU cybersecurity policies can be found on the European Commission’s website. Read more