Industrial Security

Industrial systems are becoming increasingly interconnected, automated and specialized for complex tasks. In the industrial environment, many plants and their components are insufficiently protected against cyberattacks due to their long life cycles. Once an attacker managed to gain access to one part of the system, taking over, spying on or manipulating other parts of the system is almost childsplay. For plant manufacturers as well as operators, a successful attack can result in loss of reputation, financial damage and danger to life and limb of staff.

The IT security of industrial plants is one of the research areas of the scientists at Fraunhofer AISEC. The topic Industrial Security provides information about their work and concrete research results on securing industrial systems.

Mastering Cross-Divisional Cybersecurity Risk Management in the Automotive Industry

Modern cars are interconnected systems of software, sensors, and cloud services. As automotive companies divide their work across engineering, production, and backend divisions, cybersecurity risks often fall through the cracks. While standards such as ISO/SAE 21434, the ISO/IEC 27000 family, and the IEC 62443 series provide important building blocks, none fully explain how to align cybersecurity across divisions. Our research at Fraunhofer AISEC reveals the consequences: hard-to-compare risk assessments, unclear communication, and fragmented security strategies. The solution lies in a cross-divisional approach that connects processes, tools, and terminology. Based on a structured analysis of key cybersecurity standards and interviews with experts from six automotive manufacturers, this article contrasts what the standards expect with how organizations work today – and outlines concrete steps to close the gaps.

Patrick Wagner 27. January 2026

Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety

Modern manufacturing is rapidly digitizing, unlocking new business models and unprecedented efficiency. While remote operation has become commonplace, machine safety has still required hands-on, local intervention — until now. Our latest work at Fraunhofer AISEC bridges this gap with a secure, authentic remote reset system for safety events, blending future-proof cryptography and robust safety design. Here’s how we’re redefining the boundaries of safe, remote manufacturing.

Sebastian N. Peters 22. July 2025

gallia – An Extendable Pentesting Framework

gallia is an extendable pentesting framework with the focus on the automotive domain, developed by Fraunhofer AISEC under the Apache 2.0 license. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars. Currently, the main focus lies on the UDS interface but is not limited to it. Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks.
The following blog post introduces gallia’s architecture, its plugin interface, and its intended use case. The post covers the interaction between its components and shows how gallia can be extended for other use cases.

Tobias Specht 28. August 2023

Digital twins and their potential for OT security

A digital twin is a virtual representation of a real system or device. It accompanies its physical counterpart during its entire life cycle. Tests, optimization procedures and bug hunting can be carried out on the twin first without involving the real device (that may not even exist at that moment). In this article, I want to give you some recommendations on how to harness that potential for improving upon the state of OT security (Operational Technology Security), e.g., within manufacturing or building automation.

Alexander Giehl 28. October 2022