Trend Analysis | Implementation Support

Legal framework for cybersecurity research
Although offensive methods such as penetration testing are essential for understanding vulnerabilities and attack patterns in cybersecurity research, there is a lack of specific legal frameworks that take into account the unique requirements of this research. This leads to questions and uncertainty among researchers about the legal framework for their research activities. In the ATHENE event series 'Legal Framework for Cybersecurity Research', legal experts discussed important issues such as coordinated vulnerability disclosure, copyright, data protection and legal aspects of cyber-attacks.
More about the event series (German)

Studies & Reports
Our researchers continually analyze the current cybersecurity situation from a variety of perspectives. Their investigations include risk analyzes, technology assessments, feasibility studies, cost-benefit analyses and security policy evaluations. The resulting assessments and recommendations are published in studies and reports.
our studies & reports

Expertise, optimization, concepts
As the largest participating organisation in ATHENE, Fraunhofer SIT supports its customers in planning and securing electronic services, business processes and infrastructures. This includes 

• the conceptual design of infrastructures and solutions
• the evaluation and optimization of IT infrastructures
• the evaluation and optimization of solutions
• the design of IT architectures
• the preparation of operational and IT security concepts
• Coordinated vulnerability disclosure: support with processes, legal issues and risk assessment

more about the Fraunhfer SIT offer

Cyber Resilience Act (CRA)
The Cyber Resilience Act (CRA), proposed by the European Commission in September 2022, is sparking intense debate about open source regulation. Although the details are still unclear, companies are being urged to prepare for changes in areas such as vulnerability management, updates and product testing. Our experts provide information on the current status of the CRA at various events and give recommendations for implementation in various white papers.ATHENE's regulatory analysis work focuses on the systematic analysis of legal frameworks and regulatory requirements in the field of cybersecurity research. Through a detailed assessment of existing and evolving regulations, ATHENE provides valuable guidance to companies, public institutions and policy makers. These insights enable stakeholders to identify regulatory risks at an early stage, efficiently implement compliance requirements and proactively participate in the design of future regulations.
our CRA offer

NIS2 Implementation Act
In her statement on the draft NIS2 Implementation Act in the Committee for Internal Affairs and Homeland Security of the German Bundestag on 1 November, ATHENE Board Member Prof. Haya Schulmann makes several recommendations: In order to strengthen cyber security in Germany, the NIS2 directive should be implemented uniformly for all administrative levels, while at the same time the role of the Federal CISO at the BSI should be strengthened, a nationwide situation picture should be made possible, IT basic protection should be introduced across the board, a legal framework for active cyber defence should be created and the BSI's warning options regarding untrustworthy manufacturers should be expanded. All these measures are aimed at making the BSI more independent and protecting the digital infrastructure comprehensively through specific requirements such as zero-trust architectures and routing security.
to the statement

Article in the DuD • Datenschutz und Datensicherheit: "Gute Praktiken zur Offenlegung von Cybersicherheitsschwachstellen", 12/2024
Authrors: Dr. Steven Arzt, Dr. Michael Kreutzer, Linda Schreiber
to the article(behind login)