According to the trend statements of the TÜV TRUST IT GmbH, TÜV AUSTRIA Group, the important thing in 2022 will be to continue to focus on already known security factors such as an effective ISMS and the development of a system for attack detection. This applies in particular to the realisation of new regulations and developments such as advancing digital networking and the expansion of OT security. The use of AI (artificial intelligence) functions will also be increasingly necessary and subject to review.

Important regulations: In addition to the IT-SiG 2.0, the NIS 2 could also play a major role

As in 2021, regulations will also play an important role in the coming year. The practical implementation of the IT Security Act 2.0 (IT-SiG 2.0) is already having a major impact on the IT security efforts of many companies. Thus, the IT-SiG 2.0, in addition to other regulations, will also be in the foreground in the upcoming year. Among other things, it obliges companies to implement and actively use attack detection systems such as a SOC or SIEM software from 1 January 2022, which makes technical IT security even more relevant. In addition, the NIS 2 (Network and Information Security Directive) is about to be adopted at EU level. Since this must then be transposed into national law, there is still no clear indication of the new requirements that will result from this for German companies. This will have to be observed intensively in the next year.

Amendment of the eIDAS Regulation brings the European Digital Identity Wallet for all EU citizens and new trust services

At the beginning of June 2021, the EU Commission published the draft amendment of the eIDAS Regulation (EU) 910/2014, once again strengthening the Digital Single Market with the implementation of uniform schemes for electronic identities (eID) of EU citizens and further trust services. The amended regulation is expected to enter into force in the first half of 2022, which will, among other things, introduce the European Digital Identity Wallet for electronic identity documents for all EU citizens. In addition to proof of identity, many other documents, such as drivers’ licences, diploma certificates, health insurance cards, etc., are to be electronically storable and presentable in a legally binding manner. In addition, the amended eIDAS Regulation foresees further service options for providers of private eID schemes as well as new trust services. This includes those for the management of documents for the wallet, for electronic archives as well as for electronic accounts, so-called ledgers.

The topics of ISMS and BCMS remain important

The establishment and realisation, but also the constant further development of an effective ISMS will also be a central topic for companies in 2022. After the CRITIS companies, which currently still play a special role here, the IT security of supplier companies will move more into focus. The topic of BCMS will also experience a boost in the upcoming year, as this has received little attention from many companies so far, but will be an important next step towards optimal protection of the IT infrastructure.

Digital networking continues to grow

Networking will be an important keyword in the next year. Since the isolated consideration of IT security is often insufficient, companies are increasingly networking across infrastructures in order to adequately meet the growing threat of cybercrime. In the industrial environment, the networking of IT and OT is also continuing to increase, which means that OT security, for example of production facilities and medical technology systems, is gaining importance. Among other things, in addition to systems for detecting cyber attacks on IT systems, the OT-SOC will also enter the game, and in the course of this, special tools for IOT security will also conquer the market.

Artificial intelligence will increasingly be subject to review

Artificial intelligence (AI) has been on the rise for years and continues to gain in importance. And in the next year, work on improving AI will also continue in security systems and systems for attack detection. According to a study by the TÜV Verband, this is accompanied by growing concern among the population about manipulated or incorrectly programmed AI. A logical consequence of this is the demand for legal regulation of the technology as well as a test mark for artificial intelligence. Dr. Dirk Stenkamp, President of the TÜV Verband, therefore predicts rapid development in this area and hopes that legislation for a European AI regulation will be pushed forward quickly and that resulting improvements will be incorporated soon. In addition, TÜV AUSTRIA is developing a certificate for artificial intelligence, the TÜV AUSTRIA AI certification scheme Trusted AI, together with the Institute for Machine Learning at Johannes Kepler University (JKU) Linz in this context. This could play a role in 2022 to strengthen citizens’ trust in artificial intelligence.

The big picture in mind: Holistic thinking will be more in demand than ever before

Experts assume that the cyber threat situation will continue to increase qualitatively and quantitatively next year. In this context, cybercrime-as-a-service will experience an upturn as a well-functioning business model for attackers and ransomware attacks will play a major role. This will require companies to take an even more global view of their IT security measures, with a continued focus on employee awareness training – also and especially in the OT environment. Furthermore, it will be more important than ever to consider entire supply chains and to establish the same standards throughout the chain in order to close potential security gaps. A certified trusted chain as well as buzzwords such as end-to-end and interface security are thus increasingly coming into focus.

Conclusion

For the upcoming year, a great variety of challenges for IT security is emerging, and their complexity is increasing in parallel to the constantly growing intelligence of attacks. Topics that already play a role in 2021 will remain relevant in 2022 and require experts and companies to ” keep their eye on the ball” and react adequately. In addition, new challenges demand flexibility and a holistic approach to security, which will be indispensable for consistent implementation in 2022.