Security

Defense in Depth

ByStefan Karg 01.11.202225.08.2025

Food for thought on the public holiday in Germany: What is defense in depth and why should you consider it?

Cyber Resilience Act (CRA)

CRA: Key Takeaways from the EU Commission Webinar
ByStefan Karg 13.12.202513.12.2025

The Cyber Resilience Act (CRA) is a critical piece of legislation designed to enhance product cybersecurity across the EU. If you’re finding it challenging to navigate, you’re not alone – many organizations are seeking clarity on its implications. Last week, the EU Commission hosted an insightful webinar on the CRA, attracting over 2,500 participants from…

Read More CRA: Key Takeaways from the EU Commission Webinar
Conferences / Events

CNA Railway Technology Forum 2024
ByStefan Karg 17.04.202425.08.2025

Today I attended the CNA e.V. railway technology forum 2024 in Nuremberg for ICS GmbH. The title of the conference was “Unlocking the opportunities of railtech”, which is both necessary and possible with the help of digital systems such as ETCS, ATO and CTMS – if it’s done in the right way. Cybersecurity plays a vital role in…

Read More CNA Railway Technology Forum 2024
Political | Security | Standardization

BSI & TÜV: Worrying Survey on Cybersecurity Among German Companies
ByStefan Karg 12.06.202512.06.2025

The German BSI (Federal Office for Information Security) and TÜV-Verband conducted a survey among German companies to assess the status of cybersecurity in the private sector. Some worrying results from my point of view are: 🌐 Link to the study: BSI – Presse – TÜV-Studie zur Cybersicherheit der deutschen Wirtschaft: Bedrohungslage steigt, Unternehmen wiegen sich…

Read More BSI & TÜV: Worrying Survey on Cybersecurity Among German Companies
Conferences / Events

VDEI Security Conference
ByStefan Karg 23.11.202225.08.2025

Getting ready for my talk at Verband Deutscher Eisenbahn-Ingenieure e.V. (VDEI) Fachtagung Cybersecurity 2022. I’ll be speaking about Security for Safety and will be sharing a couple of lessons learned and best practices from real world projects at ICS – Informatik Consulting Systems.

Read More VDEI Security Conference
Political | Security | Vulnerabilities

MITRE CVE list might go offline today
ByStefan Karg 16.04.202525.08.2025

😬 MITRE CVE list might go offline today! This would be catastrophic for global vulnerability management. What I’ve described as a scenario theoretically possible in How Trump 2.0 could affect the IT industry in Europe might become reality more quickly than I’ve thought and not on the NIST-NVD level, but on the MITRE level including…

Read More MITRE CVE list might go offline today
OT

New Publication: Automated Security Risk Management for trains
ByStefan Karg 21.07.202525.08.2025

Patric Birr and I published an article in SIGNAL+DRAHT, the leading international medium for control and safety technology plus communication and information technology in the railway sector. In the article we propose automating Security Risk Assessments by using digital twins. These allow attack trees to be derived automatically enabling a systematic analysis of potential attack…

Read More New Publication: Automated Security Risk Management for trains

Similar Posts