Upload
others
View
11
Download
1
Embed Size (px)
Citation preview
Increased Security for Passengers – including onlineNicolas Hunloh, Team Leader Internet, Düsseldorf Int. Airport
Automation is the Way Forward for Border Control
secunet eGates securely manage increasing passenger numbers at national borders
Electronic management of classifi ed items without discontinuity of media SINA Workfl ow for security and compliance with regulations
Issue 1 | 2013
Partnership for Security in Cyberspace
Alliance for Cyber Security as a central information platform
The IT Security Report by
Dear Readers,
irrespective of whether we operate in the public or private sector, we are
all doing business more and more in cyber space; we are thus increasingly
dependent on the secure and uninterrupted functioning of digital information
and communication technologies. If we are to maintain security of information,
data and processes on a permanent basis, we must continuously adapt to
the shifting level and nature of the threat posed by hackers and the methods
they employ. The detailed exchange of information and experiences between
industry, government agencies and experts not only facilitates a high degree
of transparency but also makes the job of prevention easier for us all. One
of the platforms for such exchanges is the Allianz für Cyber-Sicherheit (Alli-
ance for Cyber Security) founded by the German Federal Of� ce for Informa-
tion Security (BSI) and the Federal Association for Information Technology,
Telecommunications and New Media (BITKOM). We spoke with Dr Hartmut
Isselhorst from BSI about the aims and objectives of the Alliance.
Here at secunet, we also intend to place the exchange of ideas with our
customers on a more direct footing; consequently, we have undertaken an
internal restructuring designed to make us more � exible in the way we cater
for your needs, aspirations and demands. We will thus be able to respond
more ef� ciently and quickly to current developments in the cyber world and to
offer you, our customers, optimum proactive and innovative support as you
rise to future challenges and implement new projects.
- Our Public Sector (formerly High Security and Government Division) ad-
vises clients from the public sector and the defence industry both here in
Germany and abroad, proposing current products and services that can
be combined for speci� c circumstances as well as customised security
solutions. These are fully compatible with any modern administration, they
are capable of handling jobs at the highest level and they comply with high-
security speci� cations for the protection of classi� ed information.
- Our Business Sector (formerly Business Security and Automotive Security
Division) helps private business clients to fully exploit the potential of in-
creased digitisation and the associated electronic mapping of business pro-
cesses, and also to securely map intelligent networks, mobile applications,
IT-based control of production/logistics operations and the digitisation
of transport and traf� c systems.
The areas in which we excel and our achievements to date are a matter of
record. We now present some of the latest developments in this edition of
secuview.
I hope you enjoy reading our magazine.
Best wishes
Dr Rainer Baumgart
Content
02 » 1 | 2013
The IT Security Report by
Best wishes
Dr Rainer Baumgart
National
03 Local High-Quality IT Products for Local Users
04 Partnership for Security in Cyberspace – Alliance for Cyber Security as a central information platform
06 German Justice Plays it Safe
08 Increased Security for Passengers – including online
10 Challenges for PKI Systems in Vehicles
International
14 Automation is the Way Forward for Border Control
Technologies & Solutions
16 Electronic management of classi� ed items without discontinuity of media
09 Hackerstory #2 Budget and Production Pressures as Risk Factors
12 Preventive security #1 FIFA World Cup Shoots Holes in IT System
17 News in Brief secunet on Twitter, Xing and LinkedIn / New Agreement with National Government on IT Security Services / New Appointment at the BSI
18 Events
19 Dates
1 | 2013 « 03
National
Local High-Quality IT Products for Local Users
The BSI has conceived the Sondertatbestand project as a way
of making IT expertise available to individual authorities con-
veniently and without impacting on their budget. In this way,
applicants procure internationally competitive products from
national suppliers. And in any case, the German encryption
industry enjoys a high reputation around the world. The evi-
dence for this is in the many national and international projects
that make use of encryption products from Germany.
� More information:
Dirk Mangelmann
IT security technology ‘Made in Germany’ is being supplied
direct to government agencies around the country
Following the successful piloting of the federal government
IT investment programme in 2010, the German Federal Offi ce
for Information Security (BSI) launched a follow-up project –
‘Sondertatbestand’ – in 2012. The purpose of this is to support
government agencies by simplifying the procurement process
for IT security solutions, including the SINA range of products.
This ensures not only that all data is optimally protected
but also that cryptographic systems approved for the NfD
(RESTRICTED) classifi cation become more widely established.
Within the framework of the Sondertatbestand project, par-
ticipating agencies received products at no extra expense for
- interface control
- hard disk encryption
- encryption of mobile storage media
- encrypted USB fl ash devices
- securing mobile scenarios
The use of a SINA workstation makes it easy for authorities to
securely access both unclassifi ed and RESTRICTED data at
any time and from any location, whether the operator is away
on business or ‘teleworking’ from home.
Support close at hand
SINA experts from secunet provided support to the various
government IT departments in implementation, installation
and on-site training. secunet support is then on call around
the clock, seven days a week. It is a tremendous advantage
when the experts are just a phone call away.
When there is a total loss of IT service, it is important that
response times are short and the correct action is taken. For
this reason, the Sondertatbestand project also includes a
security consultancy element. secunet supports the partici-
pating agencies in complying with the criteria of the federal
government action plan known as ‘UP-Bund’. This includes
in particular measures to improve information security and the
development of a continuity management plan.
classifiedinformation
RESTRICTED
04 » 1 | 2013
An Interview with Dr Hartmut Isselhorst of the BSI
on the Alliance for Cyber Security
Partnership for Security in Cyberspace – Alliance for Cyber Security as a central information platform
National
secuview: The new Alliance for Cyber
Security was founded by the BSI (Ger-
man Federal Office for Information
Security) and BITKOM at the annual
CeBIT trade show in March 2012. What
was the reason for setting up such an
organisation?
Dr Hartmut Isselhorst: Internet tech-
nologies in recent years have led to
major advances in the IT and telecom-
munications industry. Indeed, informa-
tion technology has penetrated virtually
all areas of our lives and every sector of
the economy, making them an integral
part of cyberspace today. As a result,
value-added processes in the ‘real
world’ are inextricably linked to the vir-
tual world and are barely conceivable
today without it. The challenge of
making cyberspace more secure can
now only be met through the combined
efforts of business and industry, aca-
demia and the government. The Alliance
for Cyber Security reflects this need for
cooperation and serves as a platform
for the exchange of knowledge and
expertise in the field. Indeed, lasting
security can only be achieved if we
continually revise our strategies for
preventing, recognising and respon-
ding to security threats and the evolving
methods of cyber criminals.
secuview: The Alliance’s members in-
clude partners and members. How
many companies joined the Alliance in
2012, and what are the main reasons for
which individuals and business partners
seek membership?
Dr Hartmut Isselhorst: We received
an overwhelmingly positive response
to the Alliance for Cyber Security, even
during the pilot phase. Since then, other
noteworthy cyber security experts have
joined our ranks, meaning that more
than 200 companies and organisations –
including 50 of partners – were active
members of the Alliance for Cyber Se-
curity at the beginning of 2013.
The Alliance offers a variety of services,
including issuing warnings about cur-
rent cyber threats, identifying best prac-
tices, unifying industry standards and
providing security solutions for systems
currently in use, as well as providing
general recommendations on the se-
cure use of IT components. In addition
to the above, the BSI publishes up-to-
date information regarding the ongoing
security situation in cyberspace, thus
enabling institutions to modify their
activities accordingly. In order for this
information to be as complete as pos-
sible, partners and individual members
in the Alliance are also encouraged to
report their own knowledge and findings
regarding cyber attacks to the BSI.
Finally, alongside acting as a central hub
for information distribution, the Alliance
seeks to promote direct knowledge
exchanges in smaller groups such as in
regional and industrial working groups
or informal meetings.
secuview: What security threats do you
expect to emerge over the next few
years, and what measures will the Alli-
ance be implementing to counter them?
Dr Hartmut Isselhorst: The growing
trend of using information services on
the move is going to have a knock-on
Dr Hartmut Isselhorst,
man in charge at the
Department of Cyber
Security of the BSI
„The Alliance offers a variety of
services, including issuing warn-
ings about current cyber threats,
identifying best practices, unifying
industry standards and providing
security solutions for systems
currently in use.“
1 | 2013 « 05
National
effect on cyberspace security threats.
Smartphones and tablets are now es-
tablished internet terminals, and their
position in the market has been
strengthened by their integration into
corporate IT systems – both formally
and through BYOD policies. This has in-
creased the attraction of these devices
to cyber criminals and malware devel-
opers. The topic of ‘mobile malware’ will
therefore remain on the agenda for the
foreseeable future.
We are also preparing for attacks and
attempted attacks against specific com-
panies or institutions. Cyberspace is an
attractive point of attack for criminals be-
cause it provides easy access to poten-
tial targets and a myriad of opportunities
for deception, as well as an incredibly
diverse range of vulnerabilities which
can be exploited. We expect hackers
to draw on their experiences of launch-
ing targeted attacks in recent years to
further improve their methods and carry
out increasingly sophisticated attacks.
We are also anticipating some positive
developments, however. Indeed, whilst
companies are still very reticent to dis-
close information about cyber attacks
on their own systems, the BSI is increas-
ingly hearing from companies willing to
share their experiences in small groups.
If this trend continues, it will most cer-
tainly help to raise user awareness and
provide a more complete picture of the
current security situation, thus serving
to boost cyberspace’s ‘immune system’
over the long term.
secuview: Nowadays, the entire world
is connected via the internet, and so at-
tacks can be carried out from far beyond
our national borders. Will the BSI also be
working with the Alliance to contact and
exchange information with other groups
internationally?
Dr Hartmut Isselhorst: The internation-
al exchange of knowledge and expertise
is indispensable when it comes to cyber
security. Within the Alliance for Cyber
Security, this is achieved not only
through the BSI’s various international
partnerships, but also through the cross-
border activities of the Alliance’s partner
companies. The knowledge and exper-
tise gained through this international co-
operation contributes a great deal to the
Alliance’s work and is always analysed
and shared in such a way that it ben-
efits all members as much as possible.
In practical terms, the Alliance for Cyber
Security’s partners and key communi-
cators can also contribute by upholding
knowledge exchange between the Alli-
ance and international groups or initia-
tives abroad.
secuview: One final question: What’s
next for the Alliance in 2013?
Dr Hartmut Isselhorst: In light of the
overwhelmingly positive feedback re-
ceived from companies involved in the
Alliance for Cyber Security in 2012, we
intend to continue implementing and
building upon the organisation’s activ-
ities in 2013. In my view, it is important
to always keep in mind the expectations
that are communicated to the BSI in the
course of major events and private dis-
cussions. This is why we will be organ-
ising more industry-specific events for
various target groups in 2013 – to raise
awareness of cyber security issues on
the one hand, and to maintain a direct
dialogue with and between companies
on the other. We have started the ball
rolling this year with the first ever Cyber
Security Day for members of the Alliance
in January. In February, this event has
been followed by a major conference
in partnership with the logistics indus-
try and knowledge exchange across
different sector. We also have several
other events in the pipeline. In addition
to the above, I am very much looking
forward to the numerous contributions
recently announced by our partners
which will create significant added value
for all of the Alliance for Cyber Security’s
members.
secunet is a partner company in the Alliance for Cyber Security and draws on the extensive knowledge and expertise of its IT security specialists to support the organisation’s members.
The Alliance for Cyber Security was established in March 2012 by the Federal Office for Information Security (BSI) and BITKOM. This joint initiative acts as a platform for the sharing of information and experi-ences in the general area of cyber threats. At the international level, it promotes cross-border collaboration with other Alliance partners.
„In light of the overwhelmingly
positive feedback received from
companies involved in the Alliance
for Cyber Security in 2012, we
intend to continue implementing
and building upon the organisation’s
activities in 2013.“
Government agencies
Other organi- sations
Busi- nesses
Operators of critical infrastructures
Other institutions of
particular interest to the state (INSI)
BSI
Multipliers
Partners
06 » 1 | 2013
What is EGVP?The electronic legal and administrative mailbox, in Germany known as EGVP (Elektronisches Gerichts- und Verwaltungspostfach), can be used by courts and government authorities in communication with each other as well as with other parties to certain judicial proceedings (e. g. lawyers, notaries, businesses and private citizens) for the safe, legal and effi cient transmission of messages, documents and pleadings in the OSCI format (Online Services Computer Interface). EGVP automatically encrypts the entire data exchange. Messages can also have fi les attached and, if necessary, bear an electronic signature. This speeds up legal processes, and all parties benefi t from the increased effi ciency. No wonder then that more than 40,000 parties to proceedings in all 16 federal states and in most federal courts in Germany are making use of the EGVP, a trend that is even expected to grow further.
German Justice Plays it Safe
The introduction of mandatory electronic commercial
registration in 2007 coincided with the launch of a new com-
munication infrastructure in the German judicial system. The
opportunity of having direct access to courts and authorities
via EGVP proved hugely popular right from the start; in fact,
projected user numbers were far exceeded after only three
months in operation. Because everyone registering as an
EGVP user is assigned a unique mailbox address by the iden-
tity management system and this data must be constantly
replicated to all other active EGVPs in the system, the regis-
tration service is of paramount importance.
Separation of registration process from EGVP: S.A.F.E.
In order to be optimally positioned in the future in terms of
performance and interfaces, the Bund-Länder-Kommission
für Datenverarbeitung und Rationalisierung in der Justiz (Joint
Federal and State Commission for Data Processing and Ra-
tionalisation in Judicial Processes) has prescribed the archi-
tecture of a federated identity management system for the
German judiciary. This goes by the name of ‘Secure Access
to Federated E Justice / E Government’, or S.A.F.E. for short.
The underlying idea is essentially straightforward: the ‘Identity
Providers’ which are spread out over a number of different
domains are combined on a single platform and are addressed
via standard interfaces. The so-called ‘Trust Domain’ (TD) is
the central structuring element. This consists of a set of ser-
vices and service users that co-exist in a mutual trust rela-
tionship. It ensures a unifi ed communications infrastructure
within the justice system that operates across federal state
boundaries.
secunet connects Bavaria to S.A.F.E.
central registry
National
1 | 2013 « 07
Bavaria creates own Trust Domain
Up to now, there has been a centralised S.A.F.E. identity
management system operating from the data centre in North
Rhine-Westphalia, which is responsible for
the mailboxes of user parties in all the
federal states. Bavaria has now become
the fi rst German federal state to set up
its own trust domain which is operated
in its own data centre. This means that
the management of Bavarian iden-
tities takes place regionally, thus
restoring data sovereignty.
In this matter the Bavarian justice
relied on comprehensive assist-
ance from secunet, the IT secu-
rity experts have provided
organisational and technical
support to the IT offi cers of
the Bavarian judiciary who
are based at the Munich
Higher Regional Court
in the planning, design
and implementation of
the S.A.F.E. compliant
trust domain ‘Justiz
Bayern’. This involved
the analysis of the
administrative pro-
cedures and of the
user groups that are
to be integrated in
the preliminary stage
as well as the analysis
and evaluation of the data
National
sources that store information about the digital identities
of users and their operational role. secunet also took on the
task of integrating the technical basis – the Oracle Identity
Management Suite – into the existing infrastructure.
Flexible and fit for the future
The Bavarian justice system is already in a position to com-
municate confi dentially via S.A.F.E. in such administrative
areas as the central register of wills or the electronic land
registry. Thanks to its open and highly scalable architecture,
many more administrative procedures, citizen portals and
e-government services will follow in the near future.
� More information:
Norbert Müller
08 » 1 | 2013
The air transport hub of Flughafen Düsseldorf handles over
20 million passengers per year, making it the largest airport
in North Rhine-Westphalia. 70 airlines operate here, serv-
ing more than 190 destinations. Located in one of Europe’s
strongest-performing economic regions, with 18 million
people living within a radius of 100 kilometres, Düsseldorf
International plays a key role in fulfi lling the mobility needs of
private individuals and businesses in the federal state of North
Rhine-Westphalia and the south-east of the Netherlands.
Furthermore, as the largest single employer in Düsseldorf
with a workforce of around 19,700, the airport has a major
impact on the jobs market in NRW.
As traffi c has increased over recent years, the corporate
website has had to adapt and grow to meet the demands
of passengers as well as
those who are picking
them up from the airport
and other target groups.
These users visit the site to
check fl ight times,
to fi nd out about
local conditions,
to reserve parking
spaces, to retrieve
general information
about the airport,
and much more
besides. The web-
site is thus a main
point of contact for
around 11 million
users per year.
Various extranets
provide B2B part-
ners and custom-
ers with helpful
tools. Data that is
stored there re-
quires secure pro-
tection. Flughafen
Düsseldorf GmbH
therefore took the
decision in 2012
to submit its main
corporate website
as well as those
of its subsidiaries
to an extensive security check. Their
search for a professional, fl exible and
reliable service provider quickly brought
them to secunet.
For the operator, it is particularly im-
portant that the standards which are
rigorously adhered to in the everyday
working environment of the airport’s offl ine sector (where
security is at a premium) apply equally to its website. Because
even data on passengers and partners requires the pro-
tection of a highly secure and effi cient infrastructure against
externally launched attempts to gain unauthorised access.
The secunet team therefore set about identifying potential
vulnerabilities using a detailed penetration test and applying
recognised standards with particular reference to OWASP
Top 10 2012. In order to avoid overloading the server infra-
structure during the procedure, the tests were conducted
during the low-traffi c period between 11pm and 6am.
Nicolas Hunloh, Team Leader Internet,
Düsseldorf International Airport
National
By undertaking regular security checks, including
its online platforms, Düsseldorf airport
upholds consistently high security standards.
Increased Security for Passengers – including online
1 | 2013 « 09
HACKERSTORY #2HACKERSTORY #2
IN THE NEXT ISSUE:
The Trojan Mouse
In many companies, security has become an integral part
of the production process. In the course of penetration tests,
secunet nonetheless continues to identify critical vulner-
abilities in internal systems that threaten the organisation’s
security and, in the worst-case scenario, its most vital
functions.
In subsequent discussions with the relevant system ad-
ministrators, it will usually transpire that the vulnerabilities
have already been recognised, though not necessarily their
potential impact. These vulnerabilities are consciously
accepted, since the affected system is directly involved in
critical business processes and not every company has a
sophisticated staging process whereby changes can be
tested on multiple pre-production systems. The decision-
makers are confronted with a dilemma: in order to increase
system security, a temporary reduction in functionality has
to be accepted. Subsequent corrective measures – if at all
feasible – result in correspondingly high costs. Yet failure to
take the necessary action could ultimately lead to substan-
tially higher costs.
However, if IT security teams are involved at the planning
phase of a new application, these problems can at least be
minimised. If, at an early stage, IT security is considered
of equal importance to functionality, this can obviate the
need for complex re-designs or bug fi xing in the fi nished
product.
� More information:
Dirk Reimers
The results were then presented in the form of a detailed
report, with measures identifi ed for optimisation then being
implemented within a short time by the specialist depart-
ments of Flughafen Düsseldorf GmbH and its service pro-
viders. At the same time, the company used the project to
introduce new mandatory security standards at all levels.
Flughafen Düsseldorf GmbH has expressed its intention to
call on secunet’s anti-hacking expertise in future.
� More information:
Christian Reichardt
News in Brief
Budget and Production Pressures as Risk Factors
Increased Security for Passengers – including online
10 » 1 | 2013
Challenges for PKI Systems in Vehicles
Because of the special nature of the clients
(vehicles, charging infrastructure, traffi c
signals etc) which – unlike the computers in
the company network – are not constantly
reachable and which to some extent have
much longer life cycles, they make specifi c
requirements of their PKI systems that do
not apply to most company PKIs. Similarly,
specifi cations for Car2Car communication or
Plug&Charge in the case of e-mobility defi ne
precisely what a PKI is expected to do.
For example, procedures and processes
must be introduced to take into account
the fact that parts of the PKI system may
be available for online communication only
on an intermittent basis. The distribution of
revocation information is just one example of
this problem. In a PKI for Car2Car or Car2X
communication, the number of subscribers can rise exponen-
tially. There will be hundreds of CA systems and millions of
vehicles all around the world that have to be supplied with key
material and certifi cates, and at the same time, data privacy
protection legislation will require that each vehicle is equipped
with several hundreds or even thousands of certifi cates.
Car manufacturers may already be aware of some of these
problems as a result of similar issues with their own com-
pany PKIs for employee badges or SSL certifi cates for web
services. Nevertheless, these new special cases present them
with unprecedented challenges in the management of crypto-
graphic keys and certifi cates that cannot be resolved with the
already established processes of introduced PKI systems and
therefore require new approaches to the issue of PKI.
� More information:
Andreas Ziska
Conventional solutions are not enough
PKI systems have long been an established feature of in-
house networks and the internet. Based on asymmetric crypto-
graphy, authentication mechanisms have been created with
which more people work than you might imagine. Whether for
online banking, remote login to the corporate network from a
home offi ce or even the new German national identity card, a
PKI working away in the background is generally responsible
for secure communication.
More recently, various applications requiring a PKI have been
introduced in vehicles:
- digital tachographs
- securing diagnostic access and information consistent
with Euro 5 and Euro 6
- securing onboard fl ashware for vehicle programming
- securing TeleX services such as remote diagnostics and
programming
- internet in the vehicle
- Car2Car communication
- Plug&Charge for e-mobility
National
What a PKI does PKI involves more than just technology; it is also a question of infrastructure and processes. At the heart of the matter is key management, with the complete life-cycle of cryptographic keys and/or certifi cates. The main tasks to be performed by a PKI are:
Key generation – determination of algorithms, the type of key generation (central as opposed to decentralised) and the processes for certifi cation of the public key as well as the identifi cation data of the certifi cate holder.
Key distribution / Directory – the distribution of public keys and/or certifi -cates takes place via directory services such as LDAP. For the assignment of private keys, secure distribution paths or media are used.
Blocking management / Revocation – for revoking a certifi cate (in case of a lost key or loss of confi dence), technical mechanisms such as revocation lists (CRLs) or online services (OCSP) are used. The CA operator receives the revocation requests, reviews and authorises them, revokes the certifi cate and publishes the revocation information.
Key recovery / Destruction – by means of key recovery, data can be read and verifi ed even if key material has been lost. In addition, old or invalid key material is securely deleted.
Key exchange (root, CA, client) – appropriate processes (e. g. online pro-visioning, the replacement of a secure element or mobile with NFC technology) specifi cally ensure the secure exchange of the public root and CA keys. There must be safeguards against a hacker insinuating his own root keys.must be safeguards against a hacker insinuating his own root keys.
1 | 2013 « 11
National
Daimler BMW
Vehicle certifi cates Contract certifi cates Charging station certifi cates SmartMeter certifi cates
AUDI RWE EnBW e.on A AB BC C
eMob Root CA
EV OEMRoot CA
Energy supplier Root CA
Charging supplierRoot CA
optionaloptional
MeterRoot CA
Example of an eMob PKI complying with ISO 15118
Key generation
Blocking management / Revocation (CRL / OCSP)
Key recovery / Destruction
Key exchange (root, CA, client)
Key distribution / Directory
The companies named here have been chosen as examples only. This should not be taken as an indication of which ones will eventually appear under eMob Root CA.
Already established because of the applicable standardisation regulations for smart metering in Germany
12 » 1 | 2013
National
PREVENTIVE SECURITY #1
FIFA World Cup Shoots Holes in IT System
There are many IT systems that, technically speaking, are well
protected. But unfortunately, these too fall victim to elemen-
tary attacks because individually appropriate organisational
processes have not been implemented or upheld.
“How could they overcome the formidable barriers that we
now have in place? The way they were bypassed makes us
look like amateurs!” Unfortunately, this quote is genuine and
the circumstances that permitted this successful IT attack are
by no means exceptional. The technology and the adminis-
trators really were high calibre. The problem lay entirely else-
where. The vulnerability was caused by the instruction issued
by a senior executive to allow certain IT services during the
World Cup so that he could follow games live on his PC.
Although the administrators expressly advised of the asso-
ciated security risks, the desire of this senior person to watch
the matches live at work obviously outweighed the concerns
of the lower-ranking technical staff. The expert in this case –
i. e. the system administrator – had no recourse against the
decision.
This real-life scenario is by no means exceptional. secunet
is often called out to deal with emergencies that have been
caused by the absence of organisational security measures.
In the case cited above, a clearly defi ned and auditable docu-
mented process that gave the administrator suitable veto
rights would have helped to uphold the high level of security
afforded by the systems in place. It would then have been
possible to take secure and responsible action, overriding the
personal preferences of the boss.
Security must be integral to corporate culture
Experience has shown that, although many government agen-
cies and private businesses have put appropriate security
measures in place, these are not upheld rigorously due to the
organisational aspects of information security. At the same
time, however, there is no shortage of standards and best
practices to provide support here. For example, the IT security
management standards typifi ed by the ISO 27000 family and
those implemented in accordance with BSI baseline protection
or the recommendations of ITIL (IT Infrastructure Library) and
COBIT (Control Objectives for Information and Related Tech-
nology). secunet experts with many years of experience are
available to support any appropriate customisation or tailored
implementation.
� More information:
René Seydel
Directives from above defeat even the best
technical defences
Preventive security is in this respect a key concept: specifi c organisational, infrastructural, technical and
staffi ng strategies that are tailored to individual circumstances and to constructing a defence that kicks
in before something bad happens. In subsequent issues of secuview, you can read interesting and some-
times even amusing case studies (anonymised, of course) compiled by our secunet experts.
IN THE NEXT ISSUE:
Well con� gured – one click for enhanced security
Jederzeit starten
Freie Zeiteinteilung
Ortsunabhängig per Fernstudium
Jederzeit starten
Freie Zeiteinteilung
Ortsunabhängig per FernstudiumOrtsunabhängig per Fernstudium
www.Euro-FH.de 0800 / 33 44 377
(gebührenfrei)
Infos anfordern:
Neben dem Beruf zum
Bachelor & Master
Bachelor-Abschlüsse:
Europäische BWL (B.A.)
Wirtschaftspsychologie (B.A.)
Finance & Mangement (B.Sc.)
Logistikmanagement (B.Sc.)
Wirtschaftsrecht (LL.B.)
Master-Abschlüsse:
Wirtschaftspsychologie (M.Sc.)
Business Coaching & Change Management (M.A.)
MBA
Hochschulkurse mit Zertifi kat
Change Management (M.A.)Change Management (M.A.)
Jetzt4 Wochen
kostenlos testen!
600 A
A
Jetzt informieren:
Image 210x297_600AA.indd 1 01.02.2013 17:26:59 Uhr
14 » 1 | 2013
Automation is the Way Forward for Border Control
Globalisation has led to a steady increase in private and pro-
fessional mobility. Short-haul fl ights have become an attractive
alternative to travelling by train or car. For airports, this means
that more and more passengers have to be cleared on arrival.
The International Air Transport Association (IATA) estimates
that, in 2013, the milestone of three billion passengers world-
wide will be exceeded.1 This development poses multiple chal-
lenges for airports, as passengers should not be expected to
wait in unreasonably long queues to pass through the security
gate or border control. At the same time, security considera-
tions must under no circumstances be compromised as the
threat of terrorism remains acute
The solution lies in biometric data
A good option for managing increased passenger volume
at borders is to provide electronic control gates – so-called
‘Automated Border Control Systems’ or eGates for short.
Utilising the biometric data stored in electronic travel docu-
ments (e.g. the digitised facial image of the traveller),
eGates allow partial automation of border control
processes whilst retaining the same high level of
security: When the passport is placed on the docu-
ment reader, its electronic and optical security fea-
tures are checked and the biometric data is read.
Passengers authorised to use the system can then
step into the eGate. Here, a camera integrated into
the exit door automatically takes a photo of the
traveller’s face. This data is then compared to the
passport-picture read before. If the biometric data
matches, the passenger is cleared to pass, i. e. to
cross the border.
The process offers signifi cant benefi ts to all parties
involved: on the one hand, it reduces queuing time for
passengers and airport operators benefi t from opti-
mised passenger fl ows; on the other hand, border
police offi cers get valuable support without losing
control over the process.
secunet eGates securely manage increasing passenger numbers at national borders
International
As the ePassport is read and the passenger’s face is scanned, the same data is also displayed on the immigration control offi cer’s monitor.
1 See http://www.iata.org/pressroom/facts_fi gures/Documents/economic-outlook-media-day-dec2012.pdf
1 | 2013 « 15
Pioneering work to provide sustainable solutions
As a pioneer in this fi eld, secunet was commissioned in late
2007 by the German Federal Offi ce for Information Security
(BSI) to take on the design and implementation of the
EasyPASS eGate solution at Frankfurt Airport. Following its
successful operational launch, the secunet experts have made
it available for use with the new German ID card. This has not
only set the benchmark for the future design of immigration
control systems at German airports but has also convinced
the Czech border police: going by the name of EasyGO, the
automated border control system was implemented at Prague’s
Vaclav Havel airport in late 2012, and after only a twelve-month
pilot period, it has been incorporated into day-to-day operation
and has even been extended.
What makes the solution from secunet so unique?
The decisive USP of eGate solutions from secunet is the modu-
lar approach: The unique fl exibility of this complex system is
made possible by secunet biomiddle, a software that acts as
an intermediary between client applications and the various
biometric technologies. Due to this original components can
be updated at any time and further devices can be added.
The Automated Border Control System sets standards in other
ways; for example, the BSI acting as an independent body
has verifi ed its security and reliability. Furthermore, the system
is characterised by exceptional user-friendliness. The entire
process is adapted to the natural fl ow of the passengers who
are given clear step-by-step guidance as they pass through
the system. High acceptance and rapid, straightforward pro-
cessing are thus guaranteed.
The evident advantages and positive experience of automated
border control have won over airport operators and border
police in equal measure. Experts agree that the trend in
coming years at national and international airports will be
towards further automation of border control. Years of experi-
ence coupled with the ‘Made in Germany’ label – perceived
around the world as a hallmark of quality – mean that secunet
eGates are set to play a crucial role.
� More information:
Georg Hasse
International
secunet eGates are already in operational use as part of the EasyPASS and EasyGO projects.
secunet’s face rec-ognition technology makes use of a smart camera integrated into the exit door. Adaptive LED lights provide optimum levels of illumination.
The benefi ts of secunet eGates at a glanceSecure- BSI-approved security and reliability of the system by means of
- Testing of the optical and electronic security features- Biometric comparison at a high level of security- Monitoring by immigration control offi cers
Economical- Airports are able to process a higher volume of passengers
through the same physical area- Investment protected thanks to modular and standard
architecture of the overall system
Fast- Conventional immigration controls are relieved by partial
automation and thereby accelerated- Travellers are guided intuitively through the gate, thus reducing
the length of queues
secunet so unique?
lar approach: The unique fl exibility of this complex system is
made possible by secunet biomiddle, a software that acts as
16 » 1 | 2013
Technologies & Solutions
Electronic management of classified information without discontinuity of media
SINA Workfl ow for security and compliance with regulations
Illustrations: Cover People: plainpicture/OJO; S. 3 (Ordner), 6, 7, 12: shutterstock.com; Airport Düsseldorf S. 8 - 9: Andreas Wiese; S. 10: iStockphoto.com; S. 19: EUROFORUM Deutschland SE. Others: secunet.
Subscribe to secuviewWould you like to receive secuview on a regular basis, free of charge? Please choose between the print and electronic versions and subscribe at https://www.secunet.com/en/the-company/it-security-report-secuview. There you can also change your preference or unsubscribe.
Anyone who has experience of working with clas-
sifi ed electronic data and processes is familiar with
the dilemma of complying with VSA (the national
regulations governing classifi ed information) while
still coping with the job in hand. This confl ict has
increased steadily over recent years, because
the existing regulations were originally conceived
for an age in which everything was committed to
paper. But rapidly increasing information fl ows
have long since made electronic processing in-
dispensable, and there are currently no software
systems which have been approved and are suf-
fi ciently productive to be used for VSA-compliant
processing.
SINA Workfl ow represents a comprehensive, VSA-compliant
solution to the aforementioned dilemma:
- The compilation, processing and distribution of classifi ed
data takes place without any discontinuity of media
- Unlike other solutions, SINA workfl ow does not merely
address individual aspects of VSA
- There is a logical, cryptographically secured enforcement
of the ‘Need to Know’ principle
- Uncontrolled outfl ow of classifi ed data is prevented
- Every activity that VSA requires to be verifi ed is securely
logged to legal audit standard
SINA Workfl ow comprises central registry, control and stor-
age systems as well as remote clients based on the SINA
Workstation.
The complete lifecycle of classifi ed documents and opera-
tions is mapped, so that a user is supported and guided
through the system right from the start. The creation of a draft
classifi ed document takes place within a SINA Workfl ow-
specifi c session on a SINA Workstation. When the draft of the
classifi ed item is registered, it is encrypted and saved to a
central location. From that point onwards, other contributors
can be allowed access to the draft classifi ed document. In this
way, SINA Workfl ow guarantees VSA-compliant processing of
classifi ed documents within a group and also offers support
for addenda and co-signing processes. After the completion
and registration of the fi nalised item, the classifi ed document
itself can then be distributed. Classifi ed documents can, of
course, also be printed or exported.
In addition to supporting users, SINA Workfl ow also assists
system administrators, e.g. by automatically keeping a log, or
by generating an inventory of classifi ed documents.
Work is in progress with a German federal government offi ce
on the prototypical installation and integration of SINA Work-
fl ow into the existing network infrastructure.
� More information:
Peter Janitz
SINA Workfl ow is able to map the entire life-cycle of classifi ed documents and processes. This now facilitates electronic, VSA-compliant processing of classifi ed information.
Using SINA Workstation
for classifi ed information
1 | 2013 « 17
Copyright: © secunet Security Networks AG. All rights reserved. All contents and structures are copyright protected. All and any use notexpressly permitted by copyright law requires prior written permission.
Editor secunet Security Networks AGKronprinzenstraße 3045128 Essen, Germanywww.secunet.com
Responsible in terms of the press law: Christine Skropke,[email protected] Editor: Claudia Roers,[email protected]
Chief Conception & DesignDominik Maoro,[email protected] Designwww.knoerrich-marketing.de
This QR code will take you directly to our Twitter page:http://www.twitter.com/secunet_AG
Social media have not only changed
the way we interact with each other as
individuals but have also become an es-
sential means of communication in the
business world. In 2012, we extended
our online presence to Twitter, Xing and
LinkedIn, aiming to use these media
to increase our availability to secunet
customers and partners, and to explore
with them the issues of the moment sur-
rounding IT security.
Via our corporate profi les on the Xing
and LinkedIn business platforms, we
offer existing and future customers as
well as potential recruits to our ranks a
quick and convenient way of getting in
touch with us.
Professional associations and the Ger-
man Federal Chancellery have long had
their own presence here. We are now
using our Twitter page – @secunet_AG –
to inform our customers and other inter-
ested users about the latest develop-
ments in the world of IT security. We go
Since August 2012, federal authorities
have been able to call on secunet to
provide IT security services under the
terms of two new framework agree-
ments with the German Federal Offi ce
for Information Security (BSI). In associ-
ation with HiSolutions AG, secunet was
once again successful in its bid for the
contract to supply IT security consulting
services to the German federal govern-
ment. The new agreements cover gen-
eral consulting services for IT security
in federal authorities, consultancy in the
fi eld of e-government tasks and pro-
jects, the implementation of security
audits and reviews, and the drafting of
IT security and emergency concepts.
secunet will further be supporting the
federal government in the performance
of security analyses designed to identify
and resolve vulnerabilities in IT systems
and processes. More information can
be found on the federal government’s
online procurement portal Kaufhaus
des Bundes at https://www.kd-bund.de
(NB: access only with certifi cate) and
on the federal government intranet at
http://kdb.intranet.bund.de.
� More information:
Dirk Ossenbrüggen
New Federal Framework Agreement on IT Security Services
beyond relaying news from and about
our own company, picking up on a wide
range of IT security issues as these
affect the private and public sectors. We
publish up-to-the-minute alerts on cur-
rent security vulnerabilities and engage
in a fruitful exchange of views and opin-
ions with the online communities.
Visit our website at www.secunet.com
and follow us on Twitter at @secunet_AG
News in Brief
secunet on Twitter, Xing and LinkedIn
Imprint
Federal Officefor Information Security
New Appoint-ment at the BSI
With effect from 1st January 2013,
Andreas Könen is the new Vice-Presi-
dent of the BSI. His predecessor in the
offi ce, Horst Flätgen, has moved to the
Federal Ministry of Finance. Könen’s
previous role was as Director of Advice
and Coordination. In previous years,
he held responsibility for the areas of
Coordination and Control as well as
Security in Applications and Critical
Infrastructures. The new man in charge
at the Department of Advice and Coor-
dination is Horst Samsel.
18 » 1 | 2013
Cornelia Rogall-Grothe deep in discussion with secunet CEO Dr Rainer Baumgart (second from left)
secunet in London: The biometrics trade fair was characterised by interesting discus-sions and new ideas.
Experts swap ideas at biometrics conference
From 29th to 31st October, biometrics experts from around
the world attended the aptly named ‘biometrics’ trade fair
in London. In the context of the conference and exhibition,
there was a lively exchange of views on hot topics, the latest
developments and current biometric practice. In a series of
interesting discussions, secunet experts set various balls
rolling and also returned to base with new ideas and issues
to resolve.
Lively exchange of views at it-sa
Cornelia Rogall-Grothe (Federal Government Commissioner
for Information Technology and Secretary of State in the Minis-
try of the Interior) joined Franz Josef Pschierer (Bavarian State
Government Commissioner for Information Technology and
State Secretary of the Bavarian Ministry of Finance) in a visit to
the secunet stand at the it-sa trade fair held in October 2012.
Events
secunet ACU in Tokyo
Last October, representatives from secunet attended the
FTF Freescale conference in Tokyo. They joined our partners
from OpenSynergy at their stand to show off a demo unit of
the secunet Application Control Unit (ACU), which is almost
ready to go into series production. Where communication
The IT Security on Board workshop in Munich last October
was an opportunity for experts to compare notes on recent
developments and implications for the future in e-mobility
and Car-2-Car technology. Standards and methods by which
vehicle IT security can be evaluated and the need for pro-
tection can be determined were also major themes of the
Always online – always secure?
IT Summit Working Group 4 visits secunet
In the context of the IT Summit in Essen, German Interior Min-
ister Hans-Peter Friedrich visited secunet on 12th November
2012. Together with Dr Karsten Ottenberg (G&D), he chaired
the meeting of the Working Group 4 on ‘Trust, Privacy and
Security on the Internet’. The title of event at the company’s
premises in Kronprinzenstrasse was ‘Cybersicherheit in
Deutschland gestalten’ (Shaping Cyber Security in Germany).
More than 100 participants and members of the press were
in attendance to discuss the topic with the Minister of the
Interior, BSI President Michael Hange, Professor Claudia
Eckert (TU Munich and Fraunhofer AISEC), Reinhard Clemens
(Deutsche Telekom), Dr Rainer Baumgart and Dr Karsten
Ottenberg.
presentations and of the lively conversations and discussions
that followed. The secunet live hacking demo met with par-
ticular interest; some of the participants immediately took a
critical look at their own phones when they learned about the
sophistication of attacks currently being made on iPhones and
Android devices.
from external networks does not comply with the rules spe-
cified, the ACU prevents this from reaching the on-board elec-
trical system. In this way, the ACU enables open networked
infotainment applications. At the same time, valuable assets
such as operational security are safeguarded.
Dr Karsten Ottenberg, Federal Interior Minister Dr Hans-Peter Friedrich, Dr Rainer Baumgart and Prof Dr Claudia Eckert (l to r)
1 | 2013 « 19
Johan Hesse of secunet presenting SINA solutions to the international audience.
Participants at the Handelsblatt conference on ‘Security
Policy and the Defence Industry’ had a chance to hear
the views of Defence Minister de Maizière on the dialogue
between society, politics, military and economy. As one of
the conference sponsors, secunet was invited to present its
SINA product portfolio.
SINA meets the Secretary of Defence
SINA presentation at NATO Symposium
SINA made its debut appearance on our own exhibition
stand at the NIAS symposium held in the Belgian city of Mons
last September.
SINA on tour in WarsawIn October 2012, all of the international SINA reseller part-
ners gathered in Warsaw to exchange information and ex-
periences, to listen to a series of presentations and to engage
in some general networking.
Dates
Would you like to arrange an appointment with us?
Then send an e-mail to [email protected].
AFCEA TechNet International took place in Rome last Octo-
ber under the patronage of Italian Defence Minister Giampaolo
Di Paola. The event was well attended by representatives
from various NATO countries and from the NCIA (NATO Com-
munications and Information Agency) who were fascinated by
the demonstrations of SINA solutions at the secunet stand.
SINA in Rome
» Security Document World / Prague, Czech Republic
» IDEX / Abu Dhabi, UAE
» RSA Conference / San Francisco, USA
» CeBIT / Hannover
» Workshop ‚IT Security on Board‘ / Munich
» Infosecurity Europe / London, UK
» AFCEA exhibition / Bonn-Bad Godesberg
» SINA User Day / Berlin
» 13th Deutscher IT-Sicherheits- kongress / Bonn-Bad Godesberg
» Security Document World / London, UK
» General Annual Meeting secunet / Essen, Castle of Borbeck
» Datenschutzkongress / Berlin
» SINA User Day / Bonn
12 - 14 Feb 2013
17 - 21 Feb 2013
25 Feb - 1 March 2013
5 - 9 March 2013
12 April 2013
23 - 25 April 2013
24 - 25 April 2013
7 May 2013
14 - 16 May 2013
21 - 23 May 2013
15 May 2013
15 - 16 May 2013
5 and 6 June 2013
February until June 2013
IT security partner of theFederal Republic of Germanywww.secunet.com
Caution! Insecure Structure!Customized IT security provides a solid foundation for your success.
Protect your most important assets. IT security is essential for a stable IT infrastructure and for all processes. secunet is your trump card: Our vision and expertise will help you achieve even the most demanding IT security solutions.
secunet-Kundenmag-0212.indd 2 06.02.12 17:27