“Whoever says digital must also say security” – Interview with Stefan Mangard

c Lunghammer – TU Graz
"Even if cyber attacks are on the rise: Things are not as bad as some think. The world is still under the control of the good guys," says Stefan Mangard, whose Institute for Applied Information Processing and Comunications is partly responsible for Graz's excellent reputation as an international cybersecurity stronghold.

The successes in uncovering hardware vulnerabilities at Intel & Co. - "Spectre" and "Meltdown" - earned the institute an enormous international reputation. Joint research projects with big names like Amazon, Google, Intel, NXP, Infineon & Co are on the agenda for researchers at the institute. In addition, a center for research, training, testing and certification in the field of IT security is currently being built on the Inffeld grounds as part of the "Cybersecurity Campus Graz" - in cooperation with the leading testing and certification company SGS.

The institute is currently enjoying a research success in the USA. The U.S. authority NIST (National Institute of Standards and Technology) announced a worldwide competition for the development of a new standard for so-called "Light weight Cryptography", which is finding its way into more and more applications, such as small sensors, and is capable of encrypting data with as little computing effort as possible. "Two out of ten finalists in this competition are from our institute, giving us a chance to define a global standard," Mangard explains.

A cryptographic method with participation from Graz is also on the short list in a second NIST competition - at the center of it: quantum computers. "Since these could quickly decrypt current systems thanks to their extreme performance, we will need entirely new cryptographic standards in the future to make IT systems fit for the quantum age," says Mangard, whose institute also works closely with local industry.

An information brochure has just been designed in cooperation with IV Steiermark, which contains recommendations for action both for prevention and for what to do if the worst should happen. "Industry 4.0 in particular is vulnerable to new threat scenarios. More and more machines or individual components are communicating not only with each other, but also with the manufacturing companies for updates or predictive maintenance," said Mangard, whose research focus "Secure Systems" deals with this topic. "An important area of research is efficiently isolating system components to ensure that if individual parts are compromised, the rest of the system remains protected." Home offices and the multitude of devices in the modern workplace also make a secure computer architecture necessary. "You can think of it this way: In the past, a company was a self-contained unit, a castle, as it were - and today we have a multitude of decentralized islands. A castle is naturally easier to protect than many small units."

(Stefan Mangard talked with Spirit of Styria 01/22)