... as the Basis of a Society’s Digital Self-Determination Digital Sovereignty The Customer Magazine Issue 1/2016 Svenja Schulze Interview: Minister for Innovation, Science and Research in North-Rhine Westphalia Wolf-Rüdiger Moritz Interview: Chief Security Officer at Infineon and Member of secunet’s Supervisory Board NATO NAPMA uses SINA for secure remote access
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
... as the Basis of aSociety’s Digital Self-Determination
Digital Sovereignty
The Customer Magazine Issue 1/2016
Svenja Schulze
Interview: Minister for
Innovation, Science and
Research in North-Rhine
Westphalia
Wolf-Rüdiger Moritz
Interview: Chief Security
Officer at Infineon and
Member of secunet’s
Supervisory Board
NATO
NAPMA uses SINA for
secure remote access
Content
2 secuview 1/2016
28
The Transparent Man – Myth or Reality?
Revealing one’s location in social networks means
opening up to the risk of being very easily monitored.
n future, secunet will also offer data-sensitive or-
ganisations, particularly from the public sector,
the tried and tested, certified SINA encryption
technology via the cloud platform Azure from Micro-
soft Cloud Germany: Customer data is stored in
German data centres, and access to the data is un-
der the control of a German data trustee. The SINA
core functions such as network and data encryption
supplement the security mechanisms that exist in
Microsoft Azure for authentication, HSM usage and
safeguarding virtual machines in a way that enables
sovereignty over the keys to be retained.
I
Microsoft and secunetProvide Cloud Solution forGerman High-Security Market
National
8 secuview 1/2016
You chair the ZVEI Digital Sovereignty working group,
which is examining Germany’s sovereignty and the
new challenges it faces in the digital era. What does
digital sovereignty mean in Germany?
Moritz: In the strategic working group we drew up
the following definition:
Digital sovereignty describes the ability to continually
control the reliability, integrity and availability of data
transfer, storage and processing.
If you think about it, you’ll quickly see that this is a
tall order that can only be achieved through con-
certed effort. We are far from reaching this milestone
in Germany; the aforementioned conditions have
not been met for essential, security-related network
components and encryption systems used by large
corporations. Due to the state of the market and
established standards, there is no de facto freedom
of choice in products from Germany and Europe that
can guarantee the security and integrity of our data.
This applies in a wide range of areas and, particularly,
to operating systems, CPUs and network infrastruc-
ture. German companies live off of their knowledge
and expertise – and protecting this is a strategic
objective. But knowledge isn’t everything. The
digital revolution has also changed the manufacturing
landscape and even penetrated the private sphere.
The increased networking of people, machines
and products offers both risks and opportunities.
Digital Sovereignty asa Basis for a Society’s Digital Self-DeterminationAn Interview with Supervisory Board MemberWolf-Rüdiger Moritz
In interview:
Wolf-Rüdiger Moritz is the
Chief Security Officer at chip
manufacturer Infineon, based
in Neubiberg near Munich.
He has been a member of
secunet’s Supervisory Board
since 2014. Like secunet,
Infineon is a security partner
of the Federal Republic of
Germany
secuview 1/2016 9
National
However, these opportunities will only outweigh the
risks if we succeed in creating this connection in a
secure environment that offers no attack vectors
for industrial espionage and criminal organisations.
Skills gaps in security-related fields of information
technology can have a significant, long-term impact
on a country’s competitiveness and national security.
Politicians have now come to recognise this. The
coalition agreement therefore details measures for
reclaiming Germany’s and Europe’s digital sove-
reignty – an urgently important task.
What would the consequences be if digital sove-
reignty were neglected or ignored? What (long-term)
impact would this have for our society?
Moritz: Digital sovereignty is the basis of our socie-
ty’s digital self-determination. If we don’t achieve it,
the reverse will apply: digital dependence, whereby
key ICT products are developed outside of our own
sphere of influence. Over the long-term, this means
losing our connection to constantly increasing tech-
nological developments in this area. Politically speak-
ing, this would pose significant risks to national
security. Consequently, we’re talking about a strate-
gic topic that’s of considerable importance for our
future.
As I said earlier, increased integration is the basis of
ever faster processes and, in turn, higher productivi-
ty. In the market, the winners are those who can con-
trol these processes and implement them best. But
what happens if this control is merely tolerated and
an external entity has actual control of the system?
Companies’ strategic knowledge can be siphoned
off unnoticed and critical control processes can be
manipulated. This could lead to financial losses, sab-
otage and blackmail; from ransomware as we know
it to major, damaging events, anything and every-
thing is possible. In a scenario like this, it seems
to me that a nation’s digital sustainability would be
seriously at risk.
Many companies are digitalising – or have already
digitalised – their processes to stay one step ahead
of the competition. What role does digital sovereign-
ty currently play here? And what role should it play?
Moritz: This process is not really new; it’s simply
taking place on a much larger scale. Take Industry
4.0 and the Internet of Things: neither would work
without security. The more processes are digital-
ised, the greater the risk of them being compromised
and the greater the potential for damage as a result.
Without using trusted security components around
vulnerabilities, this development could be a ticking
time-bomb.
Let’s talk about Made in Germany. German IT
security products offer a high degree of security
and robustness in conjunction with Germany’s open
encryption policies. How important are these prod-
ucts on the global market today?
Moritz: Germany has developed considerable
technical expertise in security technology and
secunet AG is one of the leading providers in
Germany; SINA Boxes are used in national securi-
ty networks for good reason. Unfortunately, despite
internationally renowned quality, German providers
have so far failed to adequately position themselves
in the market. We need to work on this.
What steps do we need to take to improve the global
success of the German IT security industry? >>>
“Skills gaps in security- related fields of information technology can have a significant, long-term impact on a country’s competitiveness and national security.”
10 secuview 1/2016
Moritz: I believe that we’ve not yet sufficiently
realised the importance of information security in
Germany. In my view, the IT Security Act is a step in
the right direction to raise general awareness.
However, I’d go a step further. The question is: is
defence against cyber attacks like APTs on multiple
German companies still an isolated problem for the
affected companies, or is it rather a national duty
to protect the economy? During cyber attacks, it is
often very difficult – or even impossible – to identify
the attacker. Cyber attacks can be motivated by any
number of factors. Script kids, hacktivists, criminals,
intelligence services and the military are all possible
attackers. It is therefore difficult to draw the line be-
tween attacks in the civilian environment and infor-
mation warfare. This poses even more questions in
the context of international law. If Germany is able
to find the answer to this problem and adopts a
pioneering role in security design and technology,
this could also help the entire German IT security
industry.
What we need is a comprehensive, holistic national
cyber strategy that interlinks politics, academia and
industry, and launches and promotes targeted proj-
ects that will advance Germany on the road to dig-
ital sovereignty. A strong domestic market – which
uses products from trusted environments as a start-
ing point, flanked by politically endorsed European
initiatives – could be the perfect springboard into
the global market for German security products. n
secuview 1/2016 11
National
Digitalisation means faster processes, more net-
working and higher data volumes – as well as a
greater risk of attack. Storing our information on
internal servers is becoming a challenge – and
despite all our doubts and questions, cloud-based
solutions are looking more appealing every day. How
secure are cloud solutions? Is it acceptable to store
classified information in the cloud?
Dr Martius: When applied to cloud computing as a
generally available, inexpensive infrastructure, the
economies of scale are essential and indisputa-
ble. Today, no-one would surely think to set up their
own telephone lines to liaise with their partners. In
this respect, we may be on the verge of a new para-
digm, as it was the case in the telecoms industry 100
years ago. However, cloud computing differs in one
big way from just transferring data across telephone
lines: the data is processed and edited by the pro-
vider. As a result, I can’t simply encrypt my data
before transferring it to the provider (unless I’m
using a solution that uses the cloud as mere storage
space; we are working on a product like this which
will be called SINA Cloud Connector). We’re there-
fore looking for ways to use the cornerstones of
SINA technology – separation and encryption – in
the cloud to prevent unauthorised access and mini-
mise the effects of errors. All in all, it’s about only mak-
ing data accessible at the time it is processed, and
allowing this processing to take place in a secure
‘shell’. In addition, communication from the out-
side must be encrypted up to (or near) its end point.
Crucially, the encryption and separation components
must have a high degree of reliability and integrity.
It’s also important that key management takes place
under our own sovereignty. This suggests the use of
the SINA technology components.
Despite this, you have to have a certain amount of
trust in the provider, as at some point the data and
temporary encryption key will be exposed on the >>>
Three Questions forsecunet’s CTO Dr Kai Martius
In interview:
Dr Kai Martius has been secunet’s CTO since
2015. From 2007 to 2015, he managed secunet’s
High-Security / Public Sector division. Before that,
he had held various positions in Consulting and
Product Development since 1999. Dr Martius
significantly contributed to the development of
SINA.
12 secuview 1/2016
National
operator’s computers. Using technology, you can
still only increase the effort and outlay required to
successfully access data, so I’m sure there’s a
certain amount of highly sensitive data that I
wouldn’t want to process in the cloud.
It’s also necessary to make the integrated SINA func-
tions and the cloud’s existing mechanisms compat-
ible. That’s why close cooperation with cloud provid-
ers is vital to achieving the highest possible level of
security while retaining the key features of the cloud.
Close cooperation already exists between Microsoft
and secunet, for instance, the aim being to combine
trusted, high-tech SINA components with the high
provider reliability that Microsoft likes to establish by
operating two German Azure data centres according
to the data trustee concept.
In his interview, Wolf-Rüdiger Moritz described digi-
tal sovereignty as the ability to continually control the
reliability, integrity and availability of data transfer,
storage and processing. How does secunet support
public authorities and companies in acquiring and
retaining this ability in the face of digitalisation?
Dr Martius: The cornerstones of digital sovereignty,
and therefore of secure IT in general, are trusted en-
cryption and separation characteristics (or data flow
control). Reliability must be earned by technology
(and its manufacturers) – it’s a question of technical
competence, transparency and processes. secunet
has worked towards this for over 15 years with the
German Federal Office for Information Security (BSI),
the German body responsible for evaluating IT secur-
ity. The result is the highly successful SINA product
range, which we continue to develop today. For us,
it’s important to continually adapt the technology to
new requirements in order to remove any security
stumbling blocks for our customers and deliver ‘the
trusted components of a secure IT infrastructure’.
Examples of our innovative developments include
the aforementioned integration with cloud technolo-
gy in cooperation with Microsoft, close cooperation
with the company Citrix for the seamless integra-
tion of SINA into their infrastructures, and efforts to
boost the performance of our network products in
such a way that we can keep pace with the network’s
growth rates.
What do you make of current developments in the
European IT security industry?
Dr Martius: On one hand, the industry is subject to
consolidation processes, which – at least in terms
of digital sovereignty – could be very problematic.
What influence will foreign owners ultimately have on
‘national’ companies? On the other hand, it’s clear
that national markets alone cannot guarantee a com-
pany’s future viability. European cooperation in de-
veloping technologies is certainly welcome, but this
sensitive topic must be handled under the watchful
eye of the government. After all, digital sovereignty
is (still?) a national issue, not a European one. We
favour technology partnerships that allow us to meet
our high standards for products’ constructive secur-
ity, while also retaining the transparency required by
the BSI, for instance – as with the aforementioned
partnerships with Microsoft and Citrix.
This dovetails with another topic, which doesn’t just
affect the European security industry: the availability
of skilled employees. At this year’s RSA Conference,
it was estimated that the USA alone will have a short-
fall of around two million IT security experts by 2020.
Apparently, the education sector is lagging behind
the demands of a rapidly growing industry. Conse-
quently, secunet is deeply committed to cooperating
with secondary schools to promote IT security and
pique the younger generation’s interest in the sub-
ject. As our society steadily becomes more depen-
dent on technology and IT security, there will be a
global imperative to give the subject more weight at
each stage of education. n
“Reliability must be earned by technology.”
secuview 1/2016 13
International
fter its secession from Serbia in 2006,
Montenegro needed to establish a foreign
ministry and its own network of embassies
connected to the ministry for communication pur-
poses. As a candidate country for the European
Union, it made sense to implement the project in
conformance with EU standards from the beginning.
In March 2015, the Montenegrin foreign ministry
awarded secunet (as a qualified partner) a Europe-
wide public tender for the “supply of equipment
for strengthening the capacities of the diplomatic
consular network of the Ministry of Foreign Affairs
and European Integration”. In particular, secunet’s
cooperation with the German Federal Foreign Office
and its experience working on the joint SINA project
gave it an excellent footing for the project. secunet
started the project for the encrypted connection of
28 embassies and consulates to the ministry in the
Montenegrin capital of Podgorica last year.
Alongside over 30 SINA Boxes and a few SINA
Workstations, secunet realised the project – which
was financed wholly through the EU Infrastructure
Fund (EU Delegation to Montenegro) – with SINA
Management, SINA Training and SINA Installation
Support.
By July and September 2015, secunet had already
implemented pilot installations with encrypted
connections to the embassies in Berlin, Belgrade
and Vienna. Additional SINA Boxes were then set
up by the end clients; approximately half of the
embassies are securely connected through SINA.
The connections to the foreign ministry are secured
Montenegro – Securely Connected to the Worldsecunet is currently enabling 28 embassies and consulates to encrypt connections to the Ministry of Foreign Affairs and European Integration in Podgorica. From now on, over 30 SINA Boxes will secure the Balkan state of Montenegro’s communications with its outposts
A
14 secuview 1/2016
n December 1978, a number of NATO Na-
tions joined together to establish the NAEW&C
Programme. NAPMO was created as a NATO
Production and Logistics Organisation to imple-
ment the Programme. It is directly responsible to
the North Atlantic Council for all aspects of the
NAEW&C Programme.
The NAPMA is the executive agency of NAPMO. Its
approximately 115 posts are filled by seconded mil-
itary officers and civilian personnel drawn from the
Nations participating in the NAEW&C Programme.
Within the responsibilities granted to NAPMA, the
agency manages all aspects of the Programme from
acquisition through delivery and on through Life
Cycle Management of the NE-3A.
NE-3AThe NE-3A aircraft is a militarised version of the
Boeing 707 commercial airliner airframe. It is dis-
tinguished by the addition of a large, rotating roto-
dome containing its radar antenna. Its mission system
includes surveillance radar, navigation, communi-
cations, data processing, identification, and display
NAPMA Uses SINA forSecure Remote AccessNAPMA is the NATO Airborne Early Warning & Control(NAEW&C) Programme Management Agency
I
secuview 1/2016 15
International
equipment. The NE-3A fills the needs of both air-
borne surveillance and Command and Control (C2)
functions for tactical and air defence forces. It pro-
vides a highly mobile, survivable surveillance and
C2 platform. The NE-3A offers superior surveillance
capabilities. Equipped with a “look-down” radar,
the NE-3A can separate airborne targets from the
ground and sea clutter returns that confuse other
present-day radars. Its radar “eye” has a 360-degree
view of the horizon and, at operating altitudes, can
“see” more than 400 kilometres (215 nautical miles).
It also can detect and track both air and sea targets
simultaneously.
Current and potential upcomingmodernisation projectsCurrently NAPMA executes the Follow-Up (FUP)
Modernisation projects that are primarily aiming at
enhancing the Identification system (Mode5 / En-
hanced Mode S) and replacing the analogue cockpit
technology with a digital environment (Cockpit
Modernisation – CNS/ATM). Studies are also being
pursued to integrate Internet Protocol (IP) commu-
nications.
Besides the current modernisation projects, studies
and analysis on a potential Final Lifetime Extension
Programme (FLEP) are ongoing to determine feasible
technical solutions to meet unfulfilled operational
requirements, maintain the platform’s relevance and
extend the NE-3A fleet’s lifetime to support NATO
operations to 2035.
Use of SINA at NAPMANAPMA operates a small secure dedicated client-
server environment centered on Microsoft tech-
nology to provide office automation and external
connectivity (NAPMA NR domain). The main services
provided to the users are email (MS Exchange),
document management (MS SharePoint) and an >>>
The NAPMA is responsible for planning and coordinating acquisition strategies and for managing contracts
associated with modernisation of the NE-3A fleet. The NAPMA General Manager is responsible for the day-to-day
management of the Programme. He is aided in this task by a Deputy General Manager, a Legal advisor, and an
Internal Auditor. The Agency is then organised around the following Divisions or Offices:
- The Programme Management Division is responsible for implementing projects throughout the development,
production and retrofit phases in response to operational military requirements and for Programme-wide
planning and development. It performs concept definition and project validation studies, provides primary liaison
with external organisations, and performs system test activities and quality assurance.
- The Programme Support Division is responsible for contracting, industrial benefits and industrial participation,
logistics and configuration management duties, and Information Management.
- The Financial Controller’s Office is responsible for the treasury, budgeting, accounting and cost analysis
functions necessary for the effective execution of the Programme.
- The Human Resources and General Services Office is responsible for all personnel matters, security, and
general administrative support services, including travel and registry functions.
- The Chief Engineer’s Office is responsible for advising the General Manager, as the Technical Airworthiness
Authority, on engineering matters and ensuring that Operational, Safety, Suitability, and Effectiveness (OSS&E)
requirements are adequately addressed.
16 secuview 1/2016
International
enterprise resource planning system (SAP/R3). The
users are equipped with desktop as well as laptop
workstations.
Approximately 20 NAPMA employees are assigned
with mobile devices and are regularly working off-
site via secure remote access during business
trips (mostly, but not excluding: Europe and North
America) and outside the regular business hours.
About five employees with assigned mobile devices
are constantly working off-site via secure remote
access (e.g. in Germany, Belgium, and the United
States of America). Five devices are needed in a
pool, in order to provide secure remote access to
alternating employees for business trips or other
off-site work. They all require the same functionality
as the in-house workstations.
To cope with this requirement, NAPMA initiated an
international competitive bid. The operational objec-
tive was to establish, maintain and operate a NOS
accredited Secure Remote Access (SRA) capabili-
ty as an integral part of NAPMA infrastructure that
enables staff to work on- and off-site, on- and
off-line with the same functionality as the in-house
NAPMA NR workstations and a similar performance.
NAPMA’s Secure Remote Access Capability is
maintained and operated by CONET Services
GmbH. Currently, NAPMA has 30 SINA Workstation
S ThinkPad T540p in use. The backend consists of
a SINA Management Workstation and two SINA L3
Box S 30M. The workstations provide two separate
Sessions/Workspaces to the users:
- For NAPMA business use up to and including
NATO RESTRICTED, there is the NAPMA NR
Workspace based on the same image like on any
other NAPMA Workstation. It is flanked with
centralised configuration management through
MS SCCM and restricted internet access.
- In addition there is a “Dirty Internet” Work-
space based on a simple Linux setup (Linux
Porteus 3.1) allowing web-browsing and basic
Open Office applications without content filter-
ing on the internet access (e.g. check-in for flights
during TDY). This license free system requires low
maintenance and is running from memory (frugal)
with read-only on the disk, to ensure the next
launch will reload an unmodified configuration
into the memory.
Overall the NAPMA users are very pleased with the
SINA system and its performance. From an admin-
istrator perspective, the SINA system works fine
for NAPMA. The system requires less support than
initially expected and the IT operators are satisfied
with the required management, configuration as
well as the integration into the existing NAPMA NR
More Security atPassport ControlTogether with the German Federal Criminal Police Office, secunet is developing the first guidelines for automated optical passport verification
A
secuview 1/2016 19
International
n the future, the EU Member States (and Schen-
gen states) want to more reliably check that only
the holders of genuine travel documents are able
to criss-cross Europe’s borders. To this end, the
European Commission has launched a pilot proj-
ect aiming to create a uniform basis for checking
electronic documents at the border.
In order to verify the integrity and authenticity of
an electronic identity document, the verifying state
needs access to special (public) certificates from
the issuing state. EU Member States have always
had different ways of handling the exchange of
certificates. The establishment of a so-called
Schengen master list would facilitate this task. It
would contain all available trusted certificates. All EU
Member States will then be in a position to securely
verify international travel documents electronically.
This will help the authorities to identify forgeries and
manipulations more reliably, while also paving the
way for all Member States to issue modern identity
documents (eIDs).
The Schengen master list will contain trusted cer-
tificates which a minimum number of Member
States have verified as being authentic. This initial
certificate authentication is primarily performed at
border-control using high volumes of genuine travel
Trust is Good,Checks are BetterIn the EU, the European Commission starts a pilot projectto trial a Schengen master list for checking electronic travel documents
I
Mr Rossi, an Italian citizen, is returning home from a business trip in the USA. He first lands at the Charles de Gaulle
airport in Paris before continuing on to Fiumicino Airport in Rome. When checking Mr Rossi’s documents, the French
border police verify the integrity – or accuracy – of Mr Rossi’s data and the authenticity of his electronic identity
document. To do this, they check the so-called document signer (DS) certificate stored in the document against the CS
certificate issued by the Italian Republic. Through this certificate, the French border police have access to the central
Schengen master list, which contains certificates from the 28 EU Member States, as well as those from other, non-
European countries. If the DS certificate and other security features are verified successfully, the French border police
can be sure that nothing is amiss with Mr Rossi’s passport. Mr Rossi is therefore permitted to cross the EU border and is
later greeted in Rome by his overjoyed dog Gaston.
Mr Rossi travels home
News in Brief
20 secuview 1/2016
EasyPASSis Growing
There are currently 140 EasyPASS border control
gates in operation at the Frankfurt, Düsseldorf,
Munich, Berlin-Tegel, Hamburg and Cologne/Bonn
airports. With this year’s expansion, the German
Federal Police will easily be able to handle growing
Today, digitalisation is occurring in a wide range of areas. The government is taking its processes digital, industrial companies are boosting efficiency with digital networking, and critical infrastructures are better able to meet modern-day requirements – arising from the energy market’s decentralised supply, for instance – thanks to IT-based systems. However, digitalisation is also giving way to technical conformity, because systems are increasingly built on IP technology. This offers a big boost in efficiency and compatibility, but also presents a huge increase in risk. Is it possible to achieve an adequate level of security nonetheless?
>>>
Technologies & Solutions
There are already a number of answers to these
questions, but in many cases isolated individual
solutions are used to approach the issue. However,
individual solutions are not sufficient to provide
comprehensive protection, as small deficiencies that
are often found in complex interfaces (in teleworking,
employees’ remote access, remote maintenance
access, etc.) can weaken the overall system.
A concept for secure IT infrastructures Security can only ever be guaranteed if data flows
are controllable and different security domains are
separated. Technology can achieve precisely that. It
is vital to analyse the infrastructure from a holistic
point of view and to assign it appropriate security
domains. When doing so, it is not necessary to de-
velop an entirely new network in one go. In fact, it
is perfectly possible to use existing and comple-
mentary components to gradually improve security
– provided that you always keep an eye on the bigger
picture.
secunet shows how a concept like this can help you
to meet the opposing requirements of network sepa-
ration and integration simultaneously. The approach
is based on the intelligent use of separation tech-
nologies: security domains which are fundamentally
separated are then selectively connected using intel-
ligent security measures. The basis for the specific
technical implementation is the organisational struc-
turing of the security domains.
Strong network boundariesdespite networking
In many public authorities and companies, specific
applications and systems are defined in networks
that require especially strong protection. These in-
clude public administration networks used to process
classified information and industrial networks used to
operate network management systems, for instance.
In the figures below and on the right, you can see how
isolated security domains can be created in these net-
work areas – even across different locations. Commu-
nication links are managed through private and public
networks via VPN – and only authorised, authentica-
ted partners, who may be temporary and recordable
– are allowed. In order to map the structures and
processes of your organisation, you can create as
many security domains as you wish.
Simultaneously manage multiplesecurity domains from anywhere with a single deviceSeparation shouldn’t end at the network infrastruc-
ture; it should be maintained even in the end device.
The ideal client for this is the SINA Workstation,
which can be used as a fixed or mobile workstation.
It is equipped with secure VPN technology, two-fac-
tor authentication and encrypted data storage. SINA
Workstation makes it possible to simultaneously use
several work environments which belong to different
security domains – and therefore have hitherto been
physically separated – on the same device. The work
Secure data
processing
in public
administration
22 secuview 1/2016
>>>
environments are proven to be securely separated.
The user then works with several so-called guest
systems, allowing them to simultaneously handle
email correspondence, browse the web, edit confid-
ential documents and operate a critical system, all
without having to compromise the strict separation
of security domains.
Data locks between networksIn many cases, it must be possible to transfer data
between domains with different protection require-
ments despite separation. For example, documents
that are subject to higher security classifications dur-
ing editing must be able to be transferred for further
processing in higher-classified security domains. In
addition, some companies need to export specific
operational parameters from the isolated security do-
main of the plant control system, in order to forward
these to consumers through sales, for instance. When
doing so, the connections between domains always
pose a risk for the more highly classified network.
In order to create a connection while maintaining
strict separation between networks, you need a
so-called connector, which decouples differently
classified networks at the logical level. Positioned at
network boundaries, it takes data from the source
network, processes it with help from its transport
and testing services, and then makes it availab-
le for use by the target network. Between CI-clas-
sified networks in public authorities, a diode – like
the SINA One Way which is approved up to German
national GEHEIM level - can be used for this logical
decoupling, which helps to prevent attacks from
lower-classified networks and data outflows from
higher-classified networks. In industrial networks,
connectors can manage data flows using similar
frameworks and separation technologies.
Monitoring and managing threat levelsBy continually monitoring data flows, anomalies
caused by malware or malfunctions can be detected
early in order to prevent potential loss or damage.
The use of a monitoring system like spotuation can
provide an added layer of security at this stage. It will
check whether or not the requirements for specific
encryption technologies have been met and can use
‘learned behaviour’ to detect anomalies in network
data flows, which can be an indication of advanced
persistent threats (APTs).
Accessing the internet fromcritical areasThere are few workplaces in the world that can get
by without access to the internet. However, there
are technologies that permit internet access from
critical networks without increasing the security risk.
ReCoBS-based systems like secunet safe surfer al-
low networks to access the internet through terminal
server logic. This means there is no direct connec-
tion between the critical network and the internet.
Instead, access is only provided via audio-visual
secuview 1/2016 23
Technologies & Solutions
Secure plant
and system
operation
in critical
infrastructures
Technologies & Solutions
24 secuview 1/2016
transmission through separate, so-called sacrificial
systems, on which the actual browser sessions
are isolated and run. This achieves strict network
separation, as access to the internet is not achieved
from within the critical network.
Digitalisation: securely implemented using your existing systemRegardless of your field, industry, sector or country,
the challenges of developing a secure infrastructure
with multiple security domains are generally very
similar, at least from a technical standpoint. The
architecture components shown here are merely
illustrative. They can be used in parallel and in com-
bination with existing technology.
IT security always requires a holistic approach.
secunet can draw on nearly 20 years of experience
in IT and network security to develop tailored, intelli-
gent concepts for diverse applications. An intelligent
blend of existing technology and good IT organisation
The consequences of digitalisation for hitherto strictly separated company processes and networks – and the associated difficulties and risks – are well-recognised. Consequently, practical solutions that don’t require complete restructuring or complex interventions in existing structures are in demand. But how can managers, CISOs and technicians be sure that their network meets all relevant security requirements?
Control the Network – Tailored Real-TimeNetwork Analysis
Technologies & Solutions
secuview 1/2016 29
This kind of monitoring system offers a number of
advantages for all those involved:
- Senior management receives reports for evaluating
compliance in accordance with company guide-
lines; the use of outdated browser versions will be
reported, for instance
- IT and security experts receive ongoing situation
reports that illustrate the current network security
status; hidden communication channels and asso-
ciated anomalies will become visible, for instance
- Administrators and security analysts will gain
insights into the network, up to and including the
potentially anomalous header information of indi-
vidual IP packets
Security arises from the interplay of these organisa-
tional and technical elements. In order for a company
to always maintain an appropriately high level of IT
security infrastructure, information handling must be
understood as a process following the well-known
PDCA pattern:
define IT security objectives (plan), implement the
relevant measures (do), check efficacy with probes
introduced at both the organisational and technical
levels. On the organisational level, it is common for
companies to establish an ISMS, which can be used
to define processes and make managing and con-
trolling company-wide IT security more concrete and
effective. An ISMS is a prerequisite for maintaining
an up-to-date overview of all relevant security
processes – and thus for well-founded risk man-
agement.
Making network IT security visibleOn the technical level, preventive measures like
firewalls, VPNs and well-known access control
mechanisms (e.g. two-factor authentication) are still
indispensable, but are no longer nearly enough. In
order to ward off today’s targeted attacks, so-called
APTs, a range of new methods and approaches
are vital. An efficient method for controlling data
movement in and between networks – and thus for
detecting deviations from technical guidelines – is
the use of so-called ‘probes’, which continually ana-
lyse and evaluate data flows for compliance with
defined rules. When using these probes, it is essen-
tial that data flows or the information gleaned from
these data flows be visualised continually.
F
30 secuview 1/2016
Long-term Key Management
Car2X and autonomous driving are hot topics in the automotive industry. Besides communication between cars, emergency vehicles and roadside infrastructure, ‘off-highway’ vehicles are also increasingly opening up to data exchanges
obile commercial vehicles like agricultural,
forestry or construction vehicles bene-
fit from digitalisation in a variety of ways.
Agricultural machines, for instance, can help farmers
to optimise fertilising and harvest planning based on
information fed into the vehicle about the location,
yield and soil quality. Among other things, this can
also lead to energy savings in field logistics and a
dynamic plan for achieving higher sales prices in
electronic marketplaces.
Just as in the automotive industry, data is reliably pro-
tected here with cryptography, which helps to gua-
rantee information security attributes like integrity
and confidentiality, etc. These safeguards against
attacks on electronic vehicle systems and networking
services are increasingly – and logically – factored
into early designs for implementation during manu-
facture.
The challenges faced by OEMs in the automotive
industry differ from those in other industries, as
described below:
- Lifetime: For an average of 18-30 years (cars: 18,
lorries: 24, transporters and motorbikes: 30), the
cryptographic infrastructure must be able to
handle large unit volumes (expected: 100 million
new cars worldwide every year from 2020) and
model lifecycle functions like certificate call-back
lists or even changes to algorithms.
- Performance and latency: Electronic vehicle com-
ponents and, in particular, cryptographically
secured services like permission allocation and
activation are much more dynamic than they are
for official document permissions. This means
‘live’ functions need to be integrated that will allow
data to be securely changed during operation.
M
Technologies & Solutions
secuview 1/2016 31
- Limited vehicle resources: Due to price pressures
on unit costs, many vehicles lack vital resources
like comprehensive security elements at the hard-
ware level. This must be offset through complex
cryptographic concepts, which are developed
differently from model to model and require the
support of a flexible cryptographic infrastructure.
In the future, Car2X communication and auton-
omous driving will both play a major role in the
automotive industry. Fully automated driving
presents greater risks with regard to operational
safety, as in the event of a vehicle incident the
driver will be unable to intervene directly. This must
be compensated by the proactive implementation
of safety features early on in the design process.
secunet KeyCore 2.0, our solution for automotive
key management, makes it possible to imple-
ment the security necessary for current and future
application scenarios – and look at the challenges
of ‘secure key management’ and ‘certificate infra-
The number of mobile devices is growing rapidly. One of the factors in their success is the use of social networks. However, revealing your location (in particular) means opening yourself up to the risk of being very easily monitored
The Transparent Man – Myth or Reality?
Technologies & Solutions
32 secuview 1/2016
Thanks to your location, a complete profile of
your movements can be created without the
need to hack data from the network – sim-
ply by using the so-called ‘Nearby Friends’ feature,
which shows how far away your friends are.
Example: Andrea is sitting in a cafe in Marienplatz
in Munich and wants to know who is nearby. Her
friend Bernd is in the English Garden and her friend
Christina is in Odeonsplatz. Once she activates the
Nearby Friends feature, she receives the following
information:
1. Bernd is three kilometres away.
2. Christina is one kilometre away.
As it would be difficult to find Bernd in a three-kilo-
metre radius, Andrea needs a more specific loca-
tion. It’s easy to get one with the help of her Android
smartphone. She goes to Developer Options and
activates the Simulated Location feature – which
can change the GPS position of the smartphone at
any time to whatever coordinates you wish – and
sets her position to Königsplatz. All of the apps in-
stalled on her device will now use this location as
the phone’s GPS position. Now the Nearby Friends
feature says Bernd is two kilometres away.
The actual locations of friends Bernd and
Christina. The app only gives a person’s
distance in kilometres.
Bernd
Christina
Andrea
~ 1 km
~ 3 km
Bernd
Andrea
Königsplatz
Theresienwiese
secuview 1/2016 33
Technologies & Solutions
Andrea’s
three location
requests about
Bernd give
her this
information.
>>>
So Andrea has two pieces of information which
can be visualised as two circles. These have two
intersecting points and Bernd is at one of them. To
determine which is the correct position, a third
measurement is needed. Andrea therefore creates
a new simulated location at Theresienwiese. The
Nearby Friends feature now displays a circle with
a four-kilometre radius. Bernd is at the intersecting
point of all three circles.
As the numbers in the apps are rounded, the infor-
mation gleaned is still not entirely accurate. Bernd is
not located exactly where the three circles meet; he
will be within one kilometre of the intersecting point.
His exact position can be determined using a simple
algorithm.
For this purpose, Andrea places simulated locations
in a one-kilometre circle around the intersecting
point. If the feature shows Bernd is just one kilo-
metre away, the intersection of these two circles will
create a new, smaller area in which Bernd can be
found. If they show a greater distance, Bernd will
Bernd’s exact
position can
be determined
using a simple
algorithm.
Technologies & Solutions
34 secuview 1/2016
German IT SecurityCongress: Call for Papers
research institutes, local administration and other
institutions can submit their proposals on IT security
secunet’s head office has moved! You’ll now find us
at Kurfürstenstraße 58, 45138 Essen, Germany. Our
previous telephone and fax numbers haven’t changed.
In the office building on the Ruhrallee junction, we
now have enough room again for all of our Essen
employees.
New Address
Press Law Representative: Christine Skropke, [email protected] Editor, Head of Design and Content: Claudia Roers,[email protected]; deputy: Marc Pedack, [email protected]: Agentur für dynamisches Marketing, www.knoerrich-marketing.de