The world's largest automotive market, China, is experiencing high growth rates for electric cars. In order to successfully compete in China, international automakers must comply with Chinese cybersecurity, cryptography and data security regulations. Fraunhofer SIT and Fraunhofer Singapore have summarized these in a joint study: It contains an overview of laws and regulations, including the responsible institutions in China, from 2015 until 2021. The study also addresses research and development facilities as well as standardization authorities. 

Quantum computers are hanging over the security of our information like a sword of Damocles: We do not know when or even if quantum computers will become a reality — but once they arrive, they will break confidentiality, privacy, and authenticity of our modern communication. It will no longer be possible to trust digital certificates and signatures and it will no longer be possible to exchange secret keys for data encryption using current cryptographic primitives like RSA, ECC, DH, DSA, and so on. However, there is hope: The cryptographic community is working on post-quantum cryptography in order to provide alternatives using hard mathematical problems that cannot be broken by quantum computers. There is a zoo of alternative cryptographic primitives and protocols that are under investigation and standardization bodies like NIST and ETSI are starting processes to standardize post-quantum algorithms.

Information technology (IT) is one of the most important drivers of innovation in production and automation. In Germany, the term Industrie 4.0 summarizes various activities and developments involved in the evolution of industrial processes in production, logisitics, automation, etc. Many research and development projects work on different aspects of these developments. In the view of politics, industry, and IT enterprises, sufficient IT security is considered an essential prerequisite for the future of production. However, although many current IT security solutions can be applied in Industrie 4.0 context, they do not satisfy all requirements of processes in Industrie 4.0. Work needs to be done on underlying security mechanisms as well as on security architectures. Fraunhofer Institute for Secure Information Technology hosted the Eberbach Workshop »security in Industrie 4.0« to formulate guidelines and recommendations for a secure Industrie 4.0. Representatives from the industry, research, and politics identified the most important practical challenges in the realm of IT security.

This trends and strategy report argues that the development and integration of secure software has to follow the Security by Design principle and defines respective challenges for a practice oriented research agenda. Software is the most important driver for innovations in many industries today and will remain so in the future. Many vulnerabilities and attacks are due to security weaknesses in application software. During application software development or integration, security issues are either taken into account insufficiently or not at all, which
constantly leads to new openings for attacks.

Keywords: Security by Design, Secure Engineering, Software Engineering, Security Development Lifecycle, Application Security, Supply Chain, Software Development