Welcome to KASTEL

The Competence Center for Applied Security Technology (KASTEL) is a competence center for cyber security initiated by the German Federal Ministry of Education and Research (BMBF).

Following the motto "Comprehensible security in the networked world“, KASTEL addresses the challenges posed by the increasing interconnection of previously isolated systems. Of particular importance are the consequences of digitalization in the area of critical infrastructures, for example in the energy industry, in networked mobility or in industrial production.

KASTEL bundles the competencies in the field of IT security at the research location Karlsruhe. The goal is to develop a comprehensive approach instead of isolated partial solutions. The focus will be on comprehensive security in specific application areas, such as power grids, smart mobility, or intelligent factories.

To ensure this security, new threats must be modeled, security objectives described and new methods developed. This can only be achieved through collaboration between cryptographers, IT security specialists, software engineers, network experts, jurists, economists and social scientists - as is the case here at KASTEL.

KASTEL started in 2011 with a term of four years. After a successful evaluation in 2014, the term was extended by the BMBF, and after another successful scientific evaluation and a strategic assessment by the Helmholtz Association, it was finally decided to permanently fund KASTEL.



Tips for secure payment and good password protection

On 15 March, legal changes will come into force that affect payment for online purchases. These regulations have been planned throughout the EU for some time and are intended to make shopping safer. In this SWR Landesschau report, Jörn Müller-Quade talks about secure payment when shopping online and gives tips on how to remember secure passwords.

to the TV report
KASTEL: 10 years in the service of cyber security

Founded on February 28, 2011 on the initiative of the Federal Ministry of Education and Research as one of three national competence centers for cybersecurity at the Karlsruhe Institute of Technology (KIT), the Competence Center for Applied Security Technology, or KASTEL for short, has successfully advanced IT security research. After a decade, this work will now be continued indefinitely - further under the name KASTEL - in the KIT's specially founded Institute for Information Security and Reliability. KASTEL will also be involved in program research of the Helmholtz Association and continue existing cooperations. The central topics of the coming years include IT security with a view to Industry 4.0 and 5G network expansion.

more information
These seven tips protect against cyber attacks in the home office

Politicians are calling on companies to let their employees work from home because of Corona. But are small companies in particular sufficiently equipped against cyber attacks? KIT professor Jörn Müller-Quade explains what needs to be considered when working and learning digitally.

to the article
New research paper founds Phishing Campaigns for Staff rarely efficient

Simulated Phishing Trainings are a popular way of training your staff to detect fraudulent messages and potential phishing attacks. But most companies are not aware that effective security is not just about reducing clickrates for simulated phishing messages. Furthermore, there are security, legal, and trust issues associated with those trainings. Prof. Melanie Volkamer, head of the SECUSO research group at the Karlsruhe Institute of Technology, Prof. Martina Angela Sasse, professor for Human-Centered Security at Ruhr University Bochum, and Prof. Franziska Böhm, professor at the Centre for Applied Legal Studies at the Karlsruhe Institute of Technology, recommend a different approach. Instead of costly and time-consuming Simulated Phishing Trainings the authors conclude that for many organisations, improving technical security measures, introducing and establishing adequate security incident reporting, and increasing staff awareness through other means may be more effective.

Read the full paper
Good advice for information security advisors

Major tasks of an information security advisor are raising awareness, implementing trainings and establishing a safety culture in your company. But how and with which priority should these tasks be approached? Prof. Melanie Volkamer, head of the SECUSO research group at the Karlsruhe Institute of Technology, and Benjamin Bachmann, director for cyber security at EXXETA, developed seven recommendations. The guidelines are based on scientific research and practical knowledge and should help security advisors to implement preventive security measures in their companies. Technical measures, like implementing effective backup systems, are as well provided as organizational measures (for example implementing a notification system in case of an attack) and experiences on how to design awareness materials. Did you know that security trainings are most effective, if you meet the needs of your colleagues when you chose awareness materials? 

More information
Reviewing the Safer Internet Day 2021

The SECUSO research group presented several activities on occasion of this year’s Safer Internet Day: A NoPhish Quiz, a shooting game to eliminate fraudulent messages and an FAQ about Fake Shops. Both topics - Phishing and Fake Shops - were taken up by the media as well. Prof. Melanie Volkamer was interviewed by SWR 4 radio station ( and “Radio Lotte” ( about Internet Safety. Radio station SWR 3 picked up on a cyberattack in a water treatment facility in Florida to talk with Prof. Volkamer about the security of critical infrastructures in Germany ( BadenTV tested the Phishing Master Online Game and had Prof. Volkamer and Dr. Peter Mayer explain the idea. But it’s not over yet: Our activities will be still available!

Explore the NoPhish activities