Consortium

atsec information security GmbH


atsec information security GmbH specializes in the IT security evaluation of complex software systems. These include operating systems, applications, network components, virtualisation and separation solutions as well as protocols and cryptographic procedures. ATSEC uses standardized methods and solutions adapted to individual cases. About half of all Common Criteria evaluations of operating systems worldwide have been performed by ATSEC's German, BSI-accredited test center. With its international branches, ATSEC is also committed to the further standardization of IT security and actively follows relevant developments in the interest of its customers. ATSEC contributes to the project with risk analyses, requirements engineering and the security evaluation of software components according to Common Criteria and IEC 62443. In particular, the independent ATSEC evaluators undertake work on interpreting requirements and modeling the security problem in a generic deployment environment. They help partners to meet the identified requirements by producing appropriate gap analyses.


NXP Semiconductors Germany GmbH


NXP Semiconductors develops solutions that create secure connectivity and infrastructure for a smarter world, making life easier, better and safer. As a global leader in secure connectivity and integrated applications, NXP drives innovation in the areas of secure connected vehicles, end-to-end security, privacy and smart connectivity for the Internet of Things. NXP employs 45,000 people worldwide in 109 offices spread across 35 countries. With about 900 employees, Hamburg is one of the largest locations worldwide. This is where the central business responsibility for the Connectivity & Security business unit is located, which will play a key role in the SUSTAIN project. Within the framework of SUSTAIN, NXP can draw on the knowledge gained from other projects such as OPTIMUM. In the project, NXP provides expertise in the area of hardware development, hardware and software security and can draw on profound knowledge in the area of security certification from the manufacturer's point of view.


Hiqs GmbH


HIQS GmbH, based in Heilbronn, Germany, has been digitizing business processes through customized software solutions since 2014. HIQS develops device management for decentralized authentication and authorisation through Distributed Identity (DID) and Self Sovereign Identity (SSI) of devices. This also makes fine-grained authorisation concepts possible, such as proof of technical parameters (permissible payload or similar). In this way, dangerous, unauthorized use can be ruled out. Potential vulnerabilities result from the delivery of software artifacts via Docker containers. Official images from the manufacturers often have serious security vulnerabilities. HIQS will significantly improve the operational security of the solution through a future standardization of the images used in the architecture. Furthermore, HIQS can support the development of Human-Machine-Interface (HMI) through extensive experience in the development of apps


Demag Cranes & Components GmbH


Demag Cranes & Components GmbH is one of the world's leading suppliers of industrial cranes, hoists, crane and drive components and offers a wide range of solutions for material handling, resulting in quality, safety and efficiency benefits. Demag offers SUSTAIN a realistic test environment in an industrial hall (Research & Business Factory Germany) as a demonstrator. The existing machine equipment is expanded according to project requirements. Demag is involved in the definition of application scenarios and requirements and is the consortium leader. Demag supports the security analysis with realistic material handling scenarios and demo assembly processes. The innovative cybersecurity approaches from SUSTAIN are implemented and validated in the demonstrator.


K4 DIGITAL GmbH


K4 DIGITAL GmbH consists of a team of interdisciplinary experts, some of whom have been working successfully in the field of security, automation and the digital factory for over 20 years. Our experts are regarded in the German-speaking market as innovative thought leaders in the field of industrial cyber security. K4 DIGITAL contributes its experience in industry-related security standards, such as the IEC 62443 series of standards, to the project. K4 DIGITAL is therefore focusing on the security lifecycle within the framework of the project. This includes both the consideration of the life cycle of the individual components and the life cycle of the entire system in the respective application scenario.


Institut für Automation und Kommunikation e.V. (IFAK)


The ifak conducts applied research in the fields of control and automation technology, industrial communication, measurement and analysis technology, and information and communication technology, among others. In addition to know-how on distributed control systems and their protection through certificate-based procedures, ifak will also contribute expertise in dealing with PubSub security implementation in the OPC UA environment to the project work. The interface between IT security and safety is supported by experience in the environment of PROFIsafe, IO-Link Safety and OPC UA Safety. Furthermore, relationships will be established with the activities of the UAG "Security Standards and Internationalisation" of the I4.0 platform.


IOTIQ GmbH


IOTIQ GmbH is an IT company based in Leipzig with a focus on IT research and development projects, customer-specific software development and the products Mobile Device Management and IoT-Ware. IOTIQ supports other companies in the areas of consulting, process planning and requirements engineering with the aim of enabling customers to benefit from digitalisation and optimize their business processes. In SUSTAIN, IOTIQ will participate in the requirements specifications and contribute to the development of the Human-Machine Interface (HMI), taking into account security aspects (e.g. the use of temporary certificates). IOTIQ will support the development of the IoT components and security tools and help develop the architecture design and demonstration implementation.


University of Rostock


The expertise of the institute (in short: URO) covers all aspects of the design and verification of embedded and cyber-physical systems, including distributed embedded systems, resource-constrained embedded systems and Internet-of-Things (IoT) as well as service-oriented architectures and embedded web services. IMD has already been involved in more than 10 BMBF joint projects - also with international project partners (ITEA) - and received ITEA Award of Excellence for the exceptional research results in the ITEA/BMBF project OPTIMUM. In the project, URO is providing an Industrial Internet of Things (IIoT) platform, which will be expanded in the course of the project to include the security functions mentioned in the project and will enable prototypical implementation of the project's research goals.