360degree arrowdown arrowdownlight arrowleft arrowleftlight arrowright arrowrightlight arrow_top arrowup arrowuplight check circle circlefull close GlobalNetwork data down external facebook facts filter Group_Outline group hamburger head_with_aircraft instagram left linkedin Manufacturing MarketLeader minus person plane plus right Save-Savings search InterestRate Stellplatz-Rad stock ComponentRepair twitter up xing youtube

IT Security

High availability and integrity of IT systems are essential prerequisites for the undisturbed execution of our business operations. MTU Aero Engines generates, receives and processes data with particular confidentiality requirement. To meet these requirements and prerequisites, we invest extensively in the implementation of appropriate technical and organizational measures.

To this end, MTU regularly engages in dialogue with external partners and institutions, for example as a member of the Alliance for Cybersecurity (Allianz für Cybersicherheit). In addition, we expressly welcome information from external parties about possible vulnerabilities or incidents in our systems. 

 

Contact

IT Security
Phone: +49 89 14898558
MTU.IV-SiBe@mtu.de
Phone: +49 89 14898558
MTU.IV-SiBe@mtu.de

Reporting vulnerabilities and IT security incidents

If you have discovered a potential security gap or wish to report an IT security incident, we kindly ask that you send all the relevant information to the following e-mail address:

MTU.IV-SiBe@mtu.de

Your e-mail should contain the following information:

  • System affected
  • Description of the vulnerability/incident
  • If available: proof of concept, log files

We will investigate your lead and contact you if we have any further questions.

Disclosure policy for reporting weaknesses

1. Scope

This policy applies to all of MTU’s publicly accessible IT systems. Please report any vulnerabilities that may be exploited, lead directly to an exploitable vulnerability or enable user data to be compromised.

Non-verified results of automated scans or vulnerabilities that are beyond MTU’s control cannot be taken into account.

2. Responsible disclosure:

  • Please consider the implications for our existing applications and operations.
  • Please give us a reasonable amount of time to respond before disclosing the information to third parties. We will make every effort to respond quickly and to resolve the identified vulnerability within 90 days. During this time, we ask that you treat all communications and information as confidential. If we are unable to keep to this timeframe, we will contact you immediately.
  • Please do not access or alter our data, or our users’ data, without our express permission. For the purposes of security research, please access only your own accounts or test accounts.
  • Please contact us if you accidentally encounter other users’ data. Viewing, altering, storing, transmitting or enabling access to the data is not permitted. Immediately after reporting the security gap using the e-mail address provided above, please delete all local copies of the data.
  • Please act with consideration for others to avoid breaching data protection, destroying data, or disrupting or damaging our services (including denial of service).
  • Please observe all applicable laws.

3. Legal consequences associated with the disclosure policy

Unintentional or innocent breaches of the disclosure policy will not trigger steps toward civil prosecution or a report being filed with law enforcement authorities. Activities that are performed in accordance with the disclosure policy will be regarded as authorized actions. No claims will be made against you provided you have followed our technology protection measures in accordance with this policy.

Exchanging encrypted e-mails with MTU Aero Engines

Wherever possible, MTU sends and receives e-mails via encrypted TLS (“TLS-preferred”). On request, it can also be agreed that e-mails with a business partner shall be transmitted only in TLS-encrypted form (“TLS-required”). You will find information about setting this up in the following document:

Information about Email Encryption

If you require this function to be set up, please approach your MTU contact person.

Verifying digital signatures

MTU uses sophisticated electronic signatures (in accordance with eIDAS). If in your capacity as an MTU partner you wish to check the validity of these signatures, the public certificates required to do so are provided in this ZIP archive:

MTU certificates

Signatures based on software certificates (use period: 2022 & 2023)
mtu-de-stsign-ca-2022.crt

Signatures based on smart cards (use scheduled to begin in 2023)
mtu-de-sign-ca-2022.crt

MTU CA root certificate for validating the certificate chain
mtu-root-ca-2018.crt