Security requirements in a globalised world secunet in the Middle … · 2011-02-28 · the Stuxnet...
Transcript of Security requirements in a globalised world secunet in the Middle … · 2011-02-28 · the Stuxnet...
Security requirements in a globalised world
secunet in the Middle East
The IT Security Report by Issue 1 | 2011
Central Nervous System of the nPA InfrastructureSigntrust uses the eID PKI Suite to issue authorisation certificates
Taking the Stress out of Getting a New PassportSpeed Capture Station – a rapid application procedure
SINA Box B 3GUnveiled
New high-end product in the SINA series
The IT Security Report by
Dear Readers,
What a year 2010 turned out to be! The never-ending sequence
of threats from the internet, the Stuxnet Trojan and the Wikileaks
revelations certainly made waves, generated massive debate and
caused a lot of general uncertainty. If nothing else, the Stuxnet
affair showed us that IT security measures against the ‘smarter’
sort of attacks that we can expect in the future are becoming
ever more vital in ensuring the ability of our modern society to
carry on functioning. We interviewed Professor Udo Helmbrecht,
Executive Director of ENISA, and one of the topics we discussed
was Stuxnet. It is beyond dispute that cross-border network and
information security is taking on increasing importance.
And not just in Europe: secunet is finding that the Arab world
too has a growing need for protection of key infrastructures and
for information security. secunet began trading there just over
two years ago and has since built up a reputation as an expert
partner in the region. The Middle East is emerging from the
global downturn stronger than before, and economists agree
that the region has posted high growth rates over the last few
years. Quite apart from its dynamic economy, the Middle East
also has other fascinating cultural facets.
But we also have a lot of exciting developments going on closer
to home; for example, the pioneering work involved in securing
the infotainment platform of Continental, the issuing of author-
isation certificates by Deutsche Post, the new SINA Box B 3G
and the support given to ELSTER. Together with our customers
and partners, we can always be found at the forefront of security
technology.
I hope you enjoy reading our magazine.
Best wishes
Dr. Rainer Baumgart
International
03 EU Commission Proposes Mandate Extension for ENISA to 2017
04 secunet on the Orient Express
06 Halt! Who Goes There?
07 How SINA Became Oranje
National
08 Central Nervous System of the nPA Infrastructure
10 Top Marks for the ILS in Matters of Security
11 Easy to Use and Twice the Benefit
12 The Stress-free Way to a New Passport
14 Security First!
Technologies & Solutions
16 Recharging E-Cars in a Transparent and Secure Way
17 SINA Box B 3G Unveiled
Welcome SINA CORE and a Fond Farewell to PEPP
18 Security for Intelligent Energy Supply
19 No Risk – Much Fun
News in Brief
Even Einstein Was a Beginner Once ...
20 Data Loss Prevention up Close and Personal
21 Dates
22 Events
Content
02 » 1 | 2011
The European Commission has recently
proposed that the mandate of ENISA
should be extended. secunet asked
Prof. Dr. Udo Helmbrecht, Executive
Director of ENISA, for his comments.
What exactly is ENISA and what respon-
sibilities does it have?
ENISA stands for the European Network
and Information Security Agency. Based
in Greece, the agency is responsible for
network and information security within
the European Union. It was first con-
stituted in 2004 for a term of five years.
The current mandate expires in March
2012. The application for extension to
2017 will go through two readings in
the EU Parliament this year, and is sub-
ject to final approval by the EU Council.
ENISA advises the European Parlia-
ment, the European Commission, Euro-
pean agencies and institutions as well
as agencies of member states on issues
relating to network and information
security. We are thereby paving the way
for the pooling of experience and for
cooperation between public authorities
and private companies in Europe.
Could you give us a brief summary of
the objectives of ENISA?
ENISA has set itself the target of ensur-
ing a high-level and effective standard
of network and information security
in the European Union. It is especially
important to us that we establish an
awareness and a genuine culture of
network and information security in
society, including private citizens, con-
sumers, businesses and the public
sector in equal measure. Of course, we
would also like to play a key role in up-
holding public confidence in the ‘digital
society’ – both now and in the future.
What does that mean in concrete terms
for the business community in Europe?
ENISA must ensure that not only the
security and privacy of internet users is
protected to the maximum degree pos-
sible, but also the security of information
in industry. This is essential if companies
are to trade competitively in Europe and
if the long-term strength of the Euro-
pean internal market is to be protected.
It is important to carry on developing
European expertise and capabilities in
IT security, and especially to enhance
operational efficiency in the field of se-
cure network technologies. Specifically,
ENISA will act as an interface between
cyber-security experts and authorities.
This will allow the forces combating
cyber crime to combine their
efforts and to take appropri-
ate and practical measures
against emerging security
risks at an early stage.
How much of a threat do
you personally consider
cyber crime attacks such as
the Stuxnet virus to be, and
what is your view of the cur-
rent activities of the Wiki-
leaks information platform?
Interview with Prof. Dr. Udo Helmbrecht
EU Commission Proposes
Mandate Extension for
ENISA to 2017
Today, we are seeing (organised) crime
transferring its activities from the real
world to the internet. It used to be bank
robberies, but now it is phishing. When
the internet became a place where you
could earn money, it also attracted
the interest of criminals. Furthermore,
the Stuxnet virus has shown that even
SCADA systems (Supervisory Control
and Data Acquisition) can be the target
of attacks. It is worth noting that the
sheer complexity of this virus suggests
that the criminal masterminds respon-
sible invested a lot of resources and
money in planting it.
Wikileaks is a different matter alto-
gether. What is at issue here is how
this type of journalism will continue to
develop. Is Wikileaks simply continuing
the long-established tradition of critical
journalism, or will it become a new
method of pushing the special political
interests of the information platform
itself? Ultimately, it also raises the
question of whether all infor-
mation should be publicly
available on the internet. If
that were so, what would
concepts such as privacy,
security of classified infor-
mation or patents mean any
more? ▀
International
Prof. Dr. Udo Helmbrecht,
Executive Director of the
EU Agency ENISA.
(Heraklion, Crete, Greece)
1 | 2011 « 03
Security concerns in a globalised context
For the past couple of years, secunet has been enjoying a
considerable degree of success in the Middle East. The com-
pany has been able to consolidate its business and build up
lucrative customer relationships in countries such as Jordan,
Saudi Arabia, the United Arab Emirates, Qatar and Egypt.
This is a region of growing economic significance, and the
response to secunet’s arrival on the scene has been genuinely
enthusiastic and welcoming. The company is obviously very
proud of the speed with which it has made a name for itself
as a capable partner in the Arab world. As in any other region
of the global market, the priority has to be to earn the res-
pect and esteem of your hosts. Which means understanding
the local culture, treating each other with mutual respect and
building a professional and profitable long-term partnership.
So what was it that inspired secunet to expand its sphere of
operations into this region, and why does it make strategic
sense to invest there? As a highly dynamic and innovative
company with sales structures that have a strong international
emphasis, secunet has the professional expertise and re-
sources to serve the demand in the Middle East
for sophisticated IT security. We are always
intent on taking a whole business approach
which means
looking at the
client’s indi-
vidual requirements and of-
fering customised, intelligent,
high-grade IT security sol-
utions. The high esteem in
which IT from secunet is
held was demonstrated at a
lecture on IT security given
by Chairman of the Board
Dr. Rainer Baumgart at the
recent Amman Security Con-
ference in Jordan. Many of
those attending expressed their enthusiasm about the per-
formance of secunet products and said how impressed they
were by the user-friendliness and the straightforward modular
design of secunet IT security solutions.
IT security ‘made in Germany’What is it like working out there? secunet subjects the require-
ments and needs of this dynamic growth region to very precise
analysis and at the same time is the clear beneficiary of the
confidence that customers feel when they know they are
buying an IT service with the ‘made in
Germany’ label, an advantage that
derives from the high esteem in
which German security solutions
are held. It is certainly the case
that the links we have forged
with local partners have
been immensely helpful in
dealing with our foreign
customers, as this
makes it possible to
do business without get-
ting tied up in knots and
to tap into useful local networks.
In far distant Arabia, we have embarked on a number of
promising projects in the high-security business in a rela-
tively short period of time, all of which offer great potential
for the future. There is a great demand for SINA products in
particular.
secunet on the Orient Express
International
Oman
Jordan
Egypt
Quatar
United Arab Emirates
BahrainSaudiArabia
Syria
04 » 1 | 2011
And just as in the European market, the customers we have
acquired in the Middle East are predominantly from the
public sector, i.e. we are generally dealing with the govern-
ments and administrative agencies of the individual countries.
Furthermore, there is a huge demand for solutions in the
area of sovereign documents as well as for our established
expertise and proven product range in the area of biometric
identification systems.
Quantum leap into the futureThe Middle East is once again showing itself to be an
economic powerhouse as it emerges from the global financial
crisis stronger than before. Because of the booming price of
oil, the economies of the states making up the Gulf Coop-
eration Council (GCC) – Bahrain, Qatar, Kuwait, Oman, Saudi
Arabia and the United Arab Emirates – have posted phenom-
enal growth rates in recent years and have established them-
selves as a vital market for German exporters. At the same
time, many of the countries in the region realise the long-term
importance of diversifying into a non-oil economy in order to
reduce the existing dependence on oil exports and to create
employment in alternative sectors.
German-Arab relations go a long way back in history and are
today assiduously cultivated at government level. The visit of
Chancellor Merkel to four of the six GCC states in May 2010
was intended as a clear signal to German exporters. Major
investment programmes in almost all infrastructure sectors
are in full swing. The population of many Arab states is
relatively young – in some cases, 70% of the population is
under 30 years old. Moreover, the new openness of the Arab
world, especially with the advance of the internet, means that
many sectors of the economy now have an even greater need
for the type of protec-
tion in which secunet
excels.
The next big IT secur-
ity event in the region
is the IDEX trade fair
to be held in Abu
Dhabi during Febru-
ary 2011. secunet will be manning a booth there and is already
looking forward to interesting discussions and a constructive
exchange of ideas. ▀
ʽ More information:
Michael Frings
International
1 | 2011 « 05
06 » 1 | 2011
International
secunet provides fortress-like protection
for on-board vehicle networks
Halt! Who Goes There?
The architecture of a castle is designed to afford maximum
security and defence. The functional security of on-board
vehicle networks has likewise been developed in meticulous
fashion. Nevertheless, opening the closed fortifications of a
castle to allow the transport of goods or information in and out
means that there is a constant threat from potential intruders.
Vehicles are now open in a similar way: radio interfaces, internet
connections in the vehicle, and comfort and safety functions all
result in access to the on-board network. Security measures
that function even when external components fail cannot be
realised at short notice, for want of suitable properties in on-
board network technology. An additional security and defence
system is urgently required – in vehicles as much as in castles.
The interior of a fortress is divided into two (or more) areas:
within the outer walls there are the resident population (in-
vehicle infotainment, i.e. manufacturer’s applications), and
in the future travelling salesmen (apps) will also be allowed
access. The second tier of defence – the inner walls – protects
the principal castle buildings, the home of the aristocratic
owners, and their family treasures (the electrical system buses
of the on-board network). Access to or exit from both of these
walled areas is through the castle gates. These in particular are
seen by potential invaders as weak points in the defences. For
this reason, all movement is strictly controlled by guards, with
incoming and outgoing deliveries kept separate.
The most important aspect of security at the castle is the con-
trol of incoming goods and visitors. To this end, strict rules are
established which lay down what the castle owners – quartered
in the inner sanctuary – consider important for the smooth run-
ning of the castle. They dictate which goods are prohibited (no
weapons, no drugs apart from alcohol), and also who is allowed
to enter the castle. Providing a tradesman has no record of
having breached any rules, he will be granted access to the
outer bailey. There are much stricter rules, however, when it
comes to gaining access to the inner area where entry is per-
mitted only to goods that have been ordered and to personally
recognised messengers. If there is no rule which explicitly per-
mits access, then the default rule is strictly applied: Keep out!
In order to avoid jeopardising the smooth running of the inner
castle through periods of hectic activity or mistakes at the gate
because of the press of the crowds seeking entry, which might
for example delay legitimate deliveries, the control of out-going
goods and persons is kept separate. Here again, there are strict
rules as to what goods are allowed to leave the castle. Theft
(access to sensitive data) is thus prevented. For this control
process, the guards follow their own protocols.
With the Application Control Unit (ACU), secunet has created
an ‘inner bailey with guards’ for automotive electronics. Policy
rules have been extrapolated from the specification of the on-
board network, and are applied by means of a securely isolated
intermediate control unit to every incoming communication
to the on-board vehicle network. The infotainment operating
system also asks the control unit for signature verification
before the installation of applications.
secunet safeguards Continental’s AutoLinq infotainment platform
Securing networked infotainment systems is a cornerstone of
secunet’s and Continental’s joint business activities. This col-
laboration has adapted secunet’s Security Framework to meet
AutoLinQ’s requirements. At the Consumer Electronics Show
(CES) in January 2011, the two companies demonstrated how
secunet’s Security Framework controls the communication
behaviour of applications in order to improve the security of
infotainment systems and on-board vehicle networks. ▀
ʽ More information:
Marc Lindlbauer
Hartmut Kaiser
Strict rules determine
which data is allowed
into the vehicle and
which is allowed out.
1 | 2011 « 07
International
secunet’s Dutch partner Fox-IT
made SINA ‘oranje’
Holland is one of Germany’s dreaded rivals in football com-
petitions. But in security matters, we are playing in one team,
thanks to SINA and also, more recently, to highly effective com-
bination play between the Biometrics and eID departments.
Ronald Westerlaken spoke about this successful partnership:
Security begins with the establishment of trust. Not only in re-
lationship with your customers but also in building long-term
relationships with your partners. Fox-IT’s relationship with
secunet in particular is somewhat unique for the high secur-
ity market we both operate in. Not only do we extend each
other’s portfolio but also intend to combine our knowledge
and cooperation even more extensively in the future. Fox-IT
is the exclusive partner for secunet in the Netherlands. In
return, secunet is the exclusive reseller of the Fox DataDiode,
rebranded as the SINA One Way Gateway 2, in Germany.
SINA is the only product in
the Netherlands, which can
be used to securely process
and transfer classified data
up to state secret level.
Working closely together,
we have successfully im-
plemented many large SINA
networks over the past 6
years. More than 350 SINA
Boxes and 300 SINA Virtual
Workstations are currently in
use, many of them already for a few years now. Fox-IT expects
to extend these numbers in the future. Looking at the current
development processes, we have high confidence that SINA
will still be the leading standard for IP encryptors.
And if you’re now wondering whether SINA components
ordered by customers in Holland will be supplied in orange
too, rest assured, they will arrive in their customary silver kit –
despite the excellent international teamwork.
About Fox-IT
Fox-IT specializes in cyber defense, IT Security, lawful inter-
ception and digital forensics solutions, providing completely
secure, easy-to-use and automated products for data trans-
port, interpretation and archiving to dozens of government
defense and intelligence agencies, systems integrators and
commercial organizations worldwide. Fox-IT solutions main-
tain the security of government systems up to ‘state secret
level’ sensitivity, critical infrastructure and process control net-
works and other highly confidential data. Established in 1999,
Fox-IT is based in the Netherlands and works with partners in
more than 20 countries. (More information: www.fox-it.com) ▀
ʽ More information:
Ronald Westerlaken
Dr. Gerd Schneider
Ronald Westerlaken,
Product Manager at Fox-IT
How SINA Became Oranje
08 » 1 | 2011
Central Nervous System of the nPA Infrastructure
The nPA, which has been issued since 1st November 2010,
is more than ‘just’ an official photo ID in credit card format:
it identifies the holder online and thereby allows him or her,
for example, to easily arrange insurance online or to open a
new bank account. Deutsche Post Trustcenter is an accredited
certification service provider (Zertifizierungsdiensteanbieter –
ZDA) and issues authorisation certificates (BerCA) for the nPA.
secunet has supported the
Trustcenter on its path to
accreditation and supplies
the core software com-
ponent, the eID PKI Suite.
Safe citizensIt is a straightforward pro-
cess for German citizens to
use the nPA: in addition to
the card reader and the so-
called ‘AusweisApp’ from
the Federal Ministry of the
Interior (BMI), they only re-
quire their standard web
browser to carry out online
authentication. For the personal and sensitive data contained
in the nPA, the BMI and the Federal Office for Information
Security (BSI) have created a powerful and highly secure nPA
infrastructure which protects against unauthorised access.
The contactless SmartCard chip that is embedded in the nPA
allows a public authority the option of sovereign access to the
identity card and biometric data (in the case of the nPA, this
specifically means photo and fingerprints). Companies in the
private sector, on the other hand, are permitted non-sovereign
access to the so-called ‘e-ID functionality’. This identifies the
holder online beyond any doubt, so that he or she can, for
example, arrange insurance or open a new bank account.
Certified Service ProvidersThe nPA is not automatically
available for use by service
providers in industry and pub-
lic administration that want to offer their customers these new
electronic proofs of identity. They require a digital authoris-
ation certificate. In order to qualify, banks or online retailers
must submit an application to the Awarding Authority for
Authorisation Certificates (Vergabestelle für Berechtigungszer-
tifikate – VfB) in Cologne, in which they explain their verifiable
interest in certain information. For example, the customer’s
date of birth will only be provided to them if they are in the
business of supplying goods with legal age restrictions or
contracts that are only valid where a customer has reached the
legal age of majority.
The VfB establishes the maximum amount of data to which the
applicant should be allowed access and records the result as a
formal decision. Once they have received formal confirmation
of this decision, the service providers are able to contact the
Deutsche Post Trustcenter – specifically the Deutsche Post
Com GmbH Signtrust business unit – which is an accredited
ZDA. This unit will issue the appropriate authorisation certifi-
cate. Only then is it possible for the service provider to access
the private individual’s nPA. The service provider is thereby
limited to the rights explicitly granted by the VfB.
Responsible ZDAAuthorisation certificates may be issued only to parties who
have ZDA accreditation. There are two main entry requirements:
– As a preparatory measure, a test operation must be
constructed and coordinated with the BSI.
– A ‘Certificate Policy’ must be prepared in accordance with
Technical Guideline 03129.
Only if the BSI gives its approval on both points is the way
clear for the desired accreditation.
Signtrust issues authorisation certificates for the
nPA using the eID PKI Suite
National
“Through electronic identity
verification, private citizens
and service providers now
know exactly who they are
dealing with – even online –
and that increases mutual
trust. We are pleased that
we can make a contribution
as a certification service
provider.” Sabine Buchhalter, Director of Signtrust,
Deutsche Post Com GmbH
1 | 2011 « 09
Supported by the IT security experts from secunet, Signtrust
was able to complete this process with great success: on the
same date as the nPA was rolled out (1st November 2010),
operation as an authorisation certification authority com-
menced at the Trustcenter in Darmstadt. With the issuing of
authorisation certificates, Deutsche Post has now expanded
its solid, dependable portfolio with the addition of a method
for secure identification via an electronic medium.
Multifunctional eID PKI SuiteSigntrust is using the eID PKI Trust Suite from secunet as a
software solution for the certification service. This PKI sol-
ution, developed specifically for sovereign documents, not
only issues authorisation
certificates to service pro-
viders; it is also the central
communication interface
between participating citi-
zens, service providers,
government agencies and
the root certification auth-
ority. Through selective
control of information flow,
each party will thereby
exclusively receive the
information that they re-
quire and are permitted to
receive. Here are two
examples:
The eID PKI Suite receives the blacklists from the Federal
Administrative Office block register, which identify all currently
blocked nPAs. The eID PKI Suite converts the complete list
into a specific block list for each individual service provider
ʽ More information:
Thomas Stürznickel
– Platform-independent software solution
– Issues authorisation certificates according to EAC 2.05
– Electronic communication interface compliant
with BSI TR 03129
– Interoperability with all national eID servers
– Officially approved by BSI for BerCA
! Features of the eID PKI Suiteat a glance:
and makes this automatically available through a so-called
‘eID server’. This means that unauthorised persons have no
chance of misusing a lost or stolen ID card. Furthermore, the
eID PKI Suite refers to the national eID directory service from
BSI to retrieve master and defect lists and forwards these to
the service provider. These lists can be used to check whether
an nPA has been electronically forged or was genuinely issued
by the Federal Printing Agency.
The eID PKI Suite from secunet therefore constitutes the ‘cen-
tral nervous system’ for secure and reliable nPA infrastructure
used by Signtrust in issuing the authorisation certificates. ▀
“The new service is an
important milestone for the
Deutsche Post portfolio.
We chose the eID PKI Suite
and the support of our long-
term partner secunet in the
technical implementation,
and we met our ambitious
schedule without a hitch.”Sabine Buchhalter, Director of Signtrust,
Deutsche Post Com GmbH
National
10 » 1 | 2011
So you would like a study course that doesn’t involve looking
for books in musty libraries, working to an ineffectual time-
table with irritating free periods or fighting for a seat in over-
crowded lecture halls? It may sound like a pipedream, but
the Institut für Lernsysteme (ILS), Germany’s largest corres-
pondence school, makes all this possible. Offering more than
200 state-approved distance learning courses, there really
is something here for everyone. From vocational education
to further education courses, school leaving qualifications,
language learning and training – and all via the internet. No
wonder that the ILS mentors some 80,000 students a year
and that its graduates give the institute top marks. In the ILS
online study centre, students can organise their complete
course of study online and thus have constant and compre-
hensive access to all the information relevant to their course.
Within this community they can also chat to their fellow
students and e-mail each other.
Absolute confidentiality It is predominately personal data, such as addresses and
grades, that is sent backwards and forwards, i.e. data of a
very sensitive nature. In
this regard, students rely
on complete confidenti-
ality. Of course, website
availability and response
times also play a major
role. Managed Security
Services from secunet
have already provided the
ILS with a solid foundation. The second step was to install a
Web Application Firewall (WAF) and raise the security level
even further. This means that the areas of reliability and avail-
ability have both been significantly optimised.
Top Marks for the ILS in Matters of Security
The Web Application Firewall makes
studying straightforward and reliable
Guaranteed fail-safe performance and availabilityUnlike a simple firewall which decides at port level who can
communicate from where and to where, the WAF additionally
checks the data stream at application level for undesired
content. There are parallels with the security controls at an
airport: the firewall demands sight of a passport, the WAF
scans the luggage and frisks the passengers. The load
balancing technology implemented in the WAF ensures that
incoming data is distributed in a targeted manner to the
various different servers – depending on availability. If a
server is busy, faulty or being serviced, it is simply removed
from the load distribution and the operation still continues
to function without loss. To go back to the airport analogy,
this is the equivalent of creating several channels for identity
checks.
Student and study management at the ILS is set to continue
running smoothly and completely safely in the future too. So
top marks for the ILS when it comes to security and avail-
ability – thanks to secunet. ▀
ʽ More information:
Guido Höfken
National
1 | 2011 « 11
ELSTER, the electronic tax declaration
portal, provides efficient, secure and 24/7
electronic transmission of all tax data
between citizens, tax advisors, employers, local authorities,
professional organisations and tax officials. The system cur-
rently handles more than 100 million data sets per annum.
Working on behalf of the Bavarian State Office for Taxation
to ensure a high level of availability, integrity and confiden-
tiality in the processing of this data, secunet has developed
the Lifecycle Management tool Smart Security Architecture
(SSA). And as a bonus, this also simplifies recertification in
accordance with ISO 27001.
High volume of confidential data
The high volume of confidential data
handled by ELSTER is shared between
two data processing centres – these
receive and process tax data for all 16
German states. In order to comply with
the high data protection requirements, a
security management system was estab-
lished in 2008 in both data processing
centres, which conforms to ISO 27001
and was based on the IT protection
standard as certified by the Federal
Office for Information Security (BSI). As
an integral component of IT security,
SSA simplifies the recertification which
takes place every three years with six-
monthly interim audits. In addition, it of-
fers the appropriate tools to guarantee
the cost-effective and continuous avail-
ability, integrity and confidentiality of
data processing.
Smart Security Architecture from
secunet delivers efficient and simpler
recertification for ELSTER
Easy to Use and Twice the Benefit
SSA provides high efficiency at low costs
The process uses installation windows that describe the re-
quired software compo-
nents of a server. Instal-
lation, configuration and
hardening of the server
take place on the basis of
this information and are
automated by an installa-
tion server when the
system first boots up. In
this way, a standardised
operating system and
application environment
can rapidly be produced
for the Unix server of the
tax office. New software
versions can be activated,
with switchover times taking no longer
than a few minutes. With SSA, operating
systems and application software can be
restored within a few hours – even in the
case of total outage.
By using virtual servers, SSA keeps the
applications, data and hardened oper-
ating systems strictly separate from one
another, so that they only have access to
the data, protocols and configurations
for which they are authorised. The resul-
ting uniform, standardised and secure
hardware and software platform pro-
vides high-level availability of the ELSTER
system and ensures that highly sen-
sitive tax data can be submitted round
the clock. ▀
ʽ More information:
Andreas Mann
“The implementation of SSA at
ELSTER has led to a significant
reduction in costs, an increase
in operational efficiency and
the reduction to a minimum of
downtimes. Moreover, it has
made it significantly simpler
for us to gain ISO 27001
recertification when this
comes up every three years.” Franz Widholm, Head of General
Security at ELSTER
National
12 » 1 | 2011
The Stress-free Way to a New Passport
“Look straight at the camera with a neutral expression and
do not smile.” Anyone who has applied for a passport (ePass)
in recent years may well remember similar instructions being
spoken by the photographer. But we are in the registry office
of Monheim am Rhein, or to be more precise, in its Speed
Capture Station. After displaying the illustrated instructions,
the terminal automatically sets the optimum height for taking
the photograph. Three pictures are then taken. Portrait prints
are automatically selected and then checked for their bio-
metric compatibility. One passport photograph can be chosen
from those found suitable. Finally, the applicant’s signature is
recorded.
Since mid-August 2010, Monheim am Rhein has been the first
local authority in Germany to trial the Speed Capture Station, a
self-service terminal for the capture of biometric data (photo-
graph, finger prints and signature) for ID cards (nPA) and pass-
ports (ePass). Within the framework of this pilot scheme,
initially only photographs and signatures are being recorded
and the image data is digitally uploaded from the terminal.
In the final version, the Speed Capture Station will also take
fingerprints and transmit not only image data but also already
encoded Biometric Information Templates (BITs), as well as the
obligatory quality control data from the terminal (xinfo).
The data is initially collected anonymously and given an identi-
fying number. Before the data is finally transferred, the local
authority employee operating the equipment visually checks
the passport photograph against the applicant and verifies the
fingerprints.
Central to the development of the software was simple, intui-
tive operability and full compliance with national standards,
in particular the technical guidelines ‘Biometrics for Public
Sector Applications’ (TR-03121) issued by the Federal Office
for Information Security (BSI). The modular and configurable
design of the terminal enables it to also be used for other
documents such as electronic residence permits (eAT, from
May 2011) and driving licences.
Ease of operation – high rate of acceptanceThe Speed Capture Station has met with a positive response
from the residents of Monheim. This is confirmed by the fact
that more than 500 people have used the system over the past
two months and by the results of a user survey: over 90%
of users rated the data capturing process as ‘short’ or ‘very
short’ and ease of operation as ‘simple’ or ‘very simple’; just
under 95% of users would recommend use of the terminal to
their friends.
Sibille Hanenberg, Head of Residents’ Services, is also
delighted: “The Speed Capture Station has been extremely
well received during this test period, members of the public
have mostly operated the Speed Capture Station them-
The Speed Capture Station in Monheim is a
rapid and paperless application procedure for
obtaining new personal identity documents
National
1 | 2011 « 13
“The Speed Capture
Station has been extremely
well received during this
test period.“Sibille Hanenberg, Head of Residents’
Services
selves and my colleagues have had to help out only very
rarely.” Initial findings reveal that the major benefit lies in the
time saved in processing applications for personal identity
documents. The cutting and glueing of passport photographs
and the scanning of ap-
plications is no longer
necessary in most cases.
In addition, the terminal
is available for use the
whole time that the
registry office is open,
says Frau Hanenberg,
summarising the advan-
tages both from an administrative point of view and for
members of the public.
Biometric middleware (secunet biomiddle) is used to check
the quality of the photographs and to take fingerprints. This
facilitates the modular use of biometric system components
within different biometric and eID applications. Internationally
Copyright: © secunet Security Networks AG. All rights reserved. All contents and structures are copyright protected. All and any use notexpressly permitted by copyright law requires prior written permission.
Editorsecunet Security Networks AGKronprinzenstraße 3045128 Essen, Germanywww.secunet.com
Responsible for the [email protected] [email protected]@secunet.com
DesignAgentur für dynamisches Marketing www.knoerrich-marketing.de
Imprint
Illustrations: Cover, p 4 at the top and p 7 at the top: shutterstock, p 3: Enisa, p 5 at the top: panthermedia, p 8 and 9: Bundesministerium des Innern, p 9 picture Ronald Westerlaken: Fox-IT, p 10 and 20: Illustrations Lutz Lange, p 11: ELSTER, p 14: BAKöV, p 16 and 18: fotolia, p 19: CAST e. V. Others: secunet
standardised interfaces allow for easy replacement of indi-
vidual components. secunet biomiddle communicates with
client applications via a service-oriented interface, which
makes it independent of system platforms and programming
languages. secunet biomiddle has been jointly developed by
secunet and the Federal Office for Information Security and
has achieved the status of preferred architecture and reference
implementation system for the use of biometrics in national
identity documents. This architecture is not only employed
in the Speed Capture Station, but also in the places of work
where the data is retrieved. For process developers, this
means that there is no proprietary interface to the terminal
to install for the use of biometric system components, but
flexible middleware instead. If secunet biomiddle is already in-
stalled, only the Biometric Service Provider (BSP) needs to be
exchanged. Integration could not be any simpler or faster. ▀
ʽ More information:
Georg Hasse
Recording data in the
Speed Capture Station:
photo, fingerprint and
signature.
National
Subscribe to secuviewWould you like to receive secuview on a regular basis free of charge? Choose between the print and the e-mail version. Register on www.secunet.com/en/the-company/it-security-report-secuview/secuview-e-mail-eng.
14 » 1 | 2011
The latest initiative from the Federal
Academy of Public Administration
(BAköV) is called ‘Security first: In-
formation security in the workplace’.
Its purpose is to ensure that secur-
ity-conscious behaviour amongst
government employees is no longer
left to chance, because it is becoming
increasingly important to have reliable security technology
and to use it responsibly. The programme, which is sup-
ported by the Federal Office for Information Security (BSI)
and is being implemented by secunet, is providing German
government bodies with IT security training. Potential threats
are identified and effective countermeasures are put in place.
Training specifically adapted to each target group raises
awareness amongst the participants and provides them
with appropriate basic knowledge of security-conscious
behaviour.
Security initiative across the board
The ‘Security first’ initiative is currently being implemented
in 72 public authorities and will ultimately provide training for
45,000 employees. All too often, it is the people at manage-
ment level who have limited knowledge of IT security. In order
to provide them with support in their job and promote them as
good role models, this group in particular is being targeted for
awareness-raising. But in addition, these measures are also
aimed at IT support workers and other employees. secunet
has been commissioned by BAköV to look after some 30 of
the 72 institutions and is working in close cooperation with
each authority to carry out programmes of individual aware-
ness-raising and on-the-spot training. To date, BAköV has set
aside a budget of around one million euros for this purpose.
What does ‘awareness-raising’ entail in concrete terms?First a needs assessment is carried out, tailored to each in-
dividual authority, followed by the preparation, design and
realisation of appropriate events. Using the current level of
threat, actual incidents of loss or damage and examples of
attacks, secunet’s IT experts will illustrate just how important
and real the issue of information security is for each and every
employee. The consequences of a careless approach to the
subject are also demonstrated. Participants learn from con-
crete examples to identify the dangers and how to respond
appropriately.
“Information security concerns us all.” Within authorities, the management of IT security must be
more firmly established, promoted and embedded in the
culture of the organisation. To this end, managers and em-
ployees alike need to be given better information and speci-
fic rules of conduct. The training courses provide a thorough
induction into existing internal security policies. As a result,
participants can relate them directly to their own work and
respond sensitively to potential threats. In order to guarantee
a permanent state of alertness,
the raising of awareness with
respect to information security
must be seen as an ongoing
task. ▀
ʽ More information:
Martin Woitke
BAköV chooses secunet as partner in
awareness-training initiative for improved
information security in public sector
National
Security First!
1 | 2011 « 015
„GENAU WIE ICH,SUUUPER HELL DA OBEN!”Alles zum Thema effiziente Energienutzung und versteckte Energiefresser in Ihrem Haushalt jetzt auf www.energiewelt.de
SUUUPER HELL DA OBEN!Energiefresser in Ihrem Haushalt jetzt auf www.energiewelt.de
SUUUPER HELL DA OBEN!
110118_Hell_Kundenmagazin_210x297.indd 1 18.01.11 09:08
Advertisement
16 » 1 | 2011
Germany is set to be-
come the world’s lead-
ing market for electric
mobility. At least, if the
German government gets
its way. An important pre-
condition for the introduc-
tion of electric vehicles
is a nationwide charging
network that complies
with both environmental
and safety standards. At EU level within the framework of ISO/
IEC, the most important applications of e-mobility in the smart
grid are being identified, and from there, solutions are being
found. These can basically be listed under two main headings:
– Regulated charging with payment at the charging station
– Regulated charging with automatic billing (Plug’n Charge)
Of course, a simple electric vehicle does not necessarily re-
quire a smart grid – after all, for the last hundred years or so,
we have been able to simply plug equipment into an electric
socket without the need for the two of them to communicate
with one another. However, if we wish to introduce electric mo-
bility for the purpose of achieving our climate protection goals,
additional intelligent communication between vehicle (con-
sumer) and energy producer is essential: only through being
networked within a smart grid is it possible to regulate charging,
to adjust network output to demand and to efficiently feed
renewable energy into the grid.
In addition, efficient billing processes can be handled and dis-
played over the network. Through automatic billing – similar
to today’s mobile phone tariffs – Plug’n Charge options mini-
mise both labour-intensive processes, such as manual pay-
ment methods, and investment costs in card readers at char-
ging stations etc. In order to implement these processes
practically so they are cost-effective and convenient for the
user of the vehicle and the operator of the charging network
alike, the charging interface in all vehicles must be made as
uniform as possible. To this end, the ISO/IEC Joint Working
Group ‘Vehicle to Grid’ was formed, and since July 2010,
secunet has been an active member of the Charging Interface
sub-group, working in collaboration with vehicle manufac-
turers, energy providers, government agencies and the supply
industry on setting up a national charging infrastructure.
The aim is to specify concepts and solutions that ensure the
integrity, authenticity, availability and confidentiality of all data
exchanged. It is important for the end customer to safeguard
his independence when charging his vehicle (i.e. ‘roaming’)
and his choice of electricity supplier and tariff. In addition, the
end customer requires transparency of process. The OEMs*
and network operators are concerned not only about feasi-
bility but also about the time factor, as the automotive industry
cannot afford to be left behind by its international competitors.
While Germany finds itself to some extent still at the planning
stage, other countries are already starting on production or
even have electric vehicles in series production.
In order to develop a comprehensive security solution, other
affected areas – smart grid, smart metering and, if applicable,
the ‘smart home’ – must be included. Various standardisation
bodies such as ISO/IEC, DIN, DKE, CEN/CENELEC, ETSI are
currently working on common standards. secunet has taken
on the leadership of the Smart Grid working group of TeleTrusT
Deutschland e.V. which specialises in the establishment of IT
security and data protection in smart grids.
secunet focuses on IT security and data
protection in e-mobility and smart grids –
securely. ▀
ʽ More information:
Harry Knechtel
secunet leads the way in smart grid technology
Recharging E-Cars in a Transparent and Secure Way
* Original Equipment Manufacturer = manufacturers that use original components from other manufacturers for their products and then sell them under their own name.
Technologies & Solutions
1 | 2011 « 17
Technologies & Solutions
SINA software makes it possible to achieve highly scalable
improvements in performance on new processor platforms.
The SINA series is shortly to be extended by a new high-end
product: the SINA Box B 3G. This latest addition to the range
will process around five times as much data as the current
SINA Box 1000 while costing only twice as much in initial out-
lay. Moreover, the SINA Box B 3G comes complete with a
number of new features. The package has
been designed to be futureproof with a
colossal 4GB RAM and ten network
interfaces, some of which can op-
tionally be fitted with SFP modules.
And when it comes to usability, the SINA Box B 3G is a revel-
ation, the new touchscreen displaying information more clearly
than ever before. You can now enter your PIN via the operator-
friendly screen with its resolution of 260 x 64 pixels. Last but
not least, this latest version has had a design makeover, now
appearing in a slimline, elegant 19-inch case of only two rack
units in height (1 RU = 44.45 mm) for convenient stacking. All
the important interfaces are on the front
of the device. ▀
Welcome SINA CORE and a Fond Farewell to PEPPIn the ten years or so that SINA has
been in development, we have supplied
more than 26,000 components to our
customers. Almost 9,000 systems have
been equipped with Pluto/PEPP board
encryption technology. From mid-2011,
we will be incorporating SINA CORE – a
new technology that is cryptographically
interoperable with PEPP – into the SINA
Box and all SINA clients. The perfor-
mance of the whole SINA product family
will be significantly boosted by this new
development.
SINA Box B 3G Unveiled
What are the functional and oper-
ational benefits of this new encryption
technology?
SINA CORE is …
... more powerful:
– Boasting approx 180 MBit/s, the new
SINA Box H performs significantly better.
– Security connections with other SINA
components can be established more than
ten times as fast.
… more flexible:
– New cryptoalgorithms can be (post)loaded.
– Instead of just one class of devices
(e.g. H, P), three can now be supported on
one SINA CORE module.
– The encryption modules are enabled for
online updating in respect of cryptographic
device classes, algorithms and parameters.
… more compact:
– The compact design of the SINA CORE
modules with integrated optical network
card facilitates significantly smaller
hardware platforms.
… more robust:
– We have incorporated our extensive
experience of military application to make
a product that is now suitable for use in
really tough environments.
Obviously, we intend to continue pro-
viding servicing and product care for our
existing Pluto/PEPP technology. Your
customer service adviser will be pleased
to answer your questions and support
you in the introduction of SINA CORE-
based SINA components into your
network infrastructure. ▀
18 » 1 | 2011
The concept of the smart grid presents the electricity supply
industry with major challenges. Decentralised energy produc-
tion, mobile storage and sources of energy such as photo-
voltaic power plants and wind energy plants, where availability
is outside human control, are playing an increasingly important
role. In order to optimise the network load and to ensure a
stable energy supply, it is essential to have real-time automatic
reconciliation of production, network load and consumption.
This is of particular importance when it comes to the involve-
ment of so-called ‘prosumers’, that is to say participants who
both consume energy, and generate and feed it back into
the grid.
Between these smart homes and the smart grid, so-called
‘IKT gateways’ (IKT = Informations- und Kommunikations-
technologie; Information and Communication Technology)
act as network nodes. Here, the various different applications
are brought together and managed: electricity, water and gas
meters, control of energy consumption by the energy pro-
vider (Telecontrolling), management and control of plants and
equipment that both consume and generate electricity (Intelli-
gent Supervision) and also various interfaces such as a WLAN
connection.
A high level of IT security is a fundamental requirement in
the collection, processing and transmission of sensitive data
between individual system components. Unauthorised access
and manipulation, whether internal or external, must be pre-
vented. It is also important to avoid errors in implementation,
maintenance and updates, and to block the import of malware
or the execution of unauthorised functions.
This is where secunet’s Application Control Unit (ACU) comes
into the picture, a software-based security framework that
can be installed in the IKT gateways. It enables the individual
components in the IKT gateway to be securely operated,
separately from each other and free from interference.
Communication between the different gateway applications is
specifically managed and monitored via the ACU. Thanks to
this unique combination of compartmentalisation technology,
monitoring and protection logic, the ACU provides a high level
of security – without any additional hardware costs.
The ACU was originally developed for the automotive market
to secure and shield online access to vehicles. The technical
and security requirements such as a high level of protection,
limited resources (computing and storage) and price sensitivi-
ty are, however, comparable with those in measurement and
control technology. As a result, it would be possible to transfer
the software with only a few specific modifications. ▀
ʽ More information:
Gunnar Hettstedt
Marc Lindlbauer
Security for Intelligent Energy Supply The Application Control Unit secures online
access to vehicles – in the future will it also be
an essential component of the smart home?
In the future, the ACU could provide for a
high level of security in measurement and
control technology.
Technologies & Solutions
1 | 2011 « 0191 | 2011 « 19
Winners of the sponsorship and promotion prizes at
the 2010 CAST Awards for IT Security.
No risk – Much Fun
News in Brief
You have to protect your data against threats from the inter-
net and your own in-house network. Everyone knows that. But
in order to have dependable network, e-mail and web protec-
tion, a large number of security mechanisms need to be put
in place, a complex process that requires your administrator
to keep an eye on thousands of details all at the same time.
secunet wall 2 offers the solution to all of this in a single
appliance – thanks to Unified Threat Management (UTM). UTM
involves the integration of all appropriate security functions
into a technically unified platform with a graphical user inter-
face (GUI). secunet wall 2 provides all-round protection whilst
simultaneously simplifying your IT infrastructure.
The benefits at a glance:
– no time-consuming administrative work via multiple GUIs;
– automatic input of individual firmware and version updates;
– no hidden costs for support, servicing and updates;
– applications are mutually compatible and work perfectly
together.
secunet wall 2 comfortably manages administration, servicing
and maintenance tasks. And your internal IT department has
full control over your company security. That’s why you’re so
secure. ▀
Why you’re so much more secure
with secunet wall 2
Even Einstein Was a Beginner Once …
CAST Awards 2010Now into their tenth year, the CAST e.V. Awards for IT Security were presented in Darmstadt on 18th November 2010. Outstanding young scientists were honoured in three categories: master’s and diploma theses, bachelor’s theses and other final dissertations (IT specialist, further education, etc.). The top ten finalists from the preliminary rounds presented their findings to a panel of experts. The winners, who were chosen by secret ballot, were delighted to receive between €1,000 and €3,000 in prize money.
This was secunet’s first time as a CAST award sponsor. Dr Rainer Baumgart was invited to attend the presentation ceremony and deliver the keynote speech. In the process, he formed a very positive impression of the up-and-coming IT security specialists: “The high level of commitment and enthusiasm for our field shown by these young scientists gives me great optimism for the future of our sector. In supporting awards of this kind, we are also taking on a degree of responsibility for the education of our young successors.” www.cast-forum.de/foerderpreise/foerderpreise.html
IT Security Award 2010secunet regularly offers students at universities and technical universities opportunities for preparing diploma theses, internships and part-time jobs for students. Ruhr Universität Bochum is an im-portant partner for research and projects. And since 2010, secunet is playing a more direct role there than merely as the sponsor of a scholarship in the Department of Mathematics. The Horst Görtz Institute for IT security has invited Dr Rainer Baumgart to become a member of the jury for the prestigious IT Security Award which, with a prize fund amounting to more than €100,000 for the winner, is one of the sector’s major accolades. www.hgi.ruhr-uni-bochum.de/hgi/veranstaltungen/its-Preis/
secunet encourages scientists of the future
! Technological Partnershipsecunet wall 2 was developed in the framework of
a technological partnership between secunet and
Astaro on the basis of Astaro Security Gateway.
ʽ More information:
Gert Hientzsch
20 » 1 | 2011
Karl is the head of a company and carries a lot of responsi-
bility. As a keen driver, Karl knows how important safety is –
including on the information superhighway. He does not want
to read newspaper reports about accidents involving his em-
ployees’ or clients’ data, nor can he afford to have any data
leakage resulting in the loss of business secrets.
Karl has already invested a great deal of time and money in
security, and his company is extremely well protected against
external attacks. But all
day long, his employees
work and drive on the
information superhighway
with his company assets
and ‘crown jewels’. In
order to avoid any acci-
dents, he has introduced
traffic regulations in the
form of data and com-
pliance guidelines. Karl
has faith in his traffic re-
gulations and in his em-
ployees. But are his employees really aware of the potential
dangers? Or, because of their heavy workload, are they in a
hurry and so drive much too fast?
To be on the safe side, Karl chooses the information super-
highway that has crash barriers at danger spots. Company
cars are limited to 110mph – apart from Karl’s which can whizz
along at speeds of up to 140mph. Karl’s IT department call this
‘Device and Application Control’. In this way, company equip-
ment does not become a dangerous instrument: the crown
jewels stay between the crash barriers and proceed at a set
maximum speed. Two salesmen, who are on the road driving
at 40mph in a zone with traffic-calming measures because
their deadline is so important, are sent a warning by Karl over
their satellite navigation system. To cope with dangers such as
snow and black ice, the internal audit provides ABS and ESP.
secunet ensures the accident-free carriage
of the ‘crown jewels’ along the information
superhighway
“80 % of information is freely
accessible. Of the remaining
20 % of internal company
information, around 5 % are
the ‘crown jewels’ that give the
company its competitive edge.” Herbert Kurek from the Federal Office
for the Protection of the Constitution in
FOCUS magazine No. 1/2008
What are my company assets?
Observe information flow
Avoid mistakes
Identify Monitor data
Data Loss PreventionProtect
Technologies & Solutions
Data Loss Prevention up Close and Personal
The name given by IT specialists to this security package,
which has been tailor-made to Karl’s company structure and
requirements, is ‘Data Loss Prevention’ (DLP). It ensures that
everything operates effectively and efficiently – with fast cars
and safe transport for the crown jewels. DLP warns employees
if they are about to violate data and compliance guidelines;
in dangerous situations, it will even intervene and prevent the
loss of confidential data. Karl has an accurate picture of the
flow of information, and technology steps in whenever danger
looms up ahead. Karl might almost have forgotten to take out
theft protection, but his IT department tells him about device
encryption. Somehow remotely controlled, and already in-
cluded. No worries. All thanks to Data Loss Prevention. ▀
ʽ For a test drive, contact:
Roland Krüger
1 | 2011 « 21
» Mobile World Congress / Barcelona
» RSA Conference / San Francisco
» Frühschicht / Essen
» IDEX / Abu Dhabi
» 17th Berliner Anwenderforum eGovernment / Berlin
» CeBIT, Hall 11 Stand C46 / Hannover
» Infosecurity Europe / London
» heise Security Tour / Stuttgart
» AFCEA exhibition / Bonn-Bad Godesberg
» Bayerisches Anwenderforum eGovernment / Munich
» Workshop ‘IT Security on Board’ / Munich
» BSI Congress / Bonn
» General Annual Meeting secunet / Essen
» Datenschutzkongress / Berlin
» SINA User Day / Berlin
» heise Security Tour / Munich
» SINA User Day / Bonn
Dates: February to June 2011
14 – 17 February 2011
14 – 18 February 2011
16 February 2011
20 – 24 February 2011
23 – 24 February 2011
1 – 5 March 2011
19 – 21 April 2011
4 May 2011
4 – 5 May 2011
4 – 5 May 2011
6 May 2011
10 – 12 May 2011
11 May 2011
18 – 19 May 2011
17 May 2011
25 May 2011
8 und 9 June 2011
Would you like to arrange an appointment with us?
Then send an e-mail to [email protected].
Dates
22 » 1 | 2011
Now in its second year in Nuremberg, it-sa has already
established itself as a popular forum for the IT security sec-
tor to meet and exchange information, and as one of the top
IT security trade fairs. Between 19th and 21st October 2010,
around 7,100 visitors from industry, research and the public
sector turned up to find out about the latest products and
developments in IT security from the 304 exhibitors. “This year,
it-sa has convincingly underscored the importance of IT secur-
ity. The fair has grown in size and become a permanent fixture
in the diaries of IT professionals,” concluded Michael Hange,
President of the German Federal Office for Information Secur-
ity (BSI). Having learned from its experience in 2009 when its
small 12sqm booth was virtually overrun by visitors, secunet
ensured that its stand for 2010 – directly opposite that of the
BSI – was increased in size to cope with the demand this time.
Exhibitors were fulsome in their praise of the exceptionally
high calibre of the visitors to it-sa. “The fair was extremely
well planned and visitors came to us armed with specific ques-
tions and topics,” said Gert Hientzsch, High Security Sales
at secunet AG, in his evaluation of it-sa 2010. secunet’s
co-exhibitor, G&D, was also delighted with the fair and the
collaborative effort. ▀
Only Two Years Old but Already a Regular Fixture: it-sa
Events
The 14 participants attending the
‘IT Security on Board’ workshop on 19th
November in Munich were treated to
hands-on expert information on secure,
online-based services in vehicles, hash
functions, elliptical curves and virtuali-
sation. Taking as their theme ‘Security
2012: New approaches to security for
the onboard network’, representatives
from the automotive and supply indus-
tries got together with experts from
secunet to examine and discuss the
security aspects relevant to onboard
The Sure Road to Success: ‘IT Security on Board’
networked vehicles. In an informal
atmosphere, answers were found to
questions of a more general nature as
well as solutions to specific problems.
During the break, new contacts were
made and lively discussions were had,
which then continued in greater depth
over lunch. This was the fourth time that
the ‘IT Security on Board’ workshop had
been held. “We are proud of this event
which gives us the opportunity to ex-
press our appreciation to our clients and
to offer them added value in terms of
professional benefits and social interac-
tion,” says a delighted Harry Knechtel,
Area Manager Automotive at secunet.
The next workshop will take place on
Friday, 6th May 2011, and is aimed at
department heads and managers in
the automotive sector who deal with IT
security in vehicles. If you feel this work-
shop would be of interest to you, please
send an e-mail to automotive.security@
secunet.com. ▀
Bernd Kowalski (BSI) presents secunet CEO Dr. Rainer Baumgart
with a certificate for the secunet wall packet filter.
1 | 2011 « 23
Hot Topics at OMNICARD 2011
Identification was once again
the major focus of attention at
OMNICARD in Berlin (18th – 20th
January 2011). The Smart Card
community was meeting for the eighteenth year in success-
ion. Taking as its theme ‘The world of smart ID solutions’,
this high-powered conference examined sophisticated
system solutions that are no longer restricted to card
format. In addition to the usual recurring topics, this year’s
conference also addressed important new developments in the
field of security, electronic identification and data protection.
Experts from secunet took part in three forums dealing with
the latest topics. “OMNICARD is a top-quality event attracting
a highly select audience with whom we are very happy to
share our expertise and knowledge,” says Thomas Koelzer,
member of the secunet Management Board. ▀
In December 2010, high-level represen-
tatives from the worlds of politics, indus-
try and science met for the fifth National
IT Summit held at the International Con-
gress Center (ICD) in Dresden. This was
the first occasion on which secunet was
also invited to contribute its extensive
experience and knowledge, taking the
lead in Working Group 4 (‘Privacy, data
protection and security on the internet’)
on the key issues of ‘Secure identities
An Honour that Calls for a High Level of Commitment
on the internet’ and ‘Cloud computing’.
“It was a great honour, because there is
no application process for participation
in the working groups at the IT Summit,”
says Michael Böffel, Executive Assistant
at secunet. “There are plenty of inter-
ested parties queuing up for the privi-
lege, but the ‘Sherpas’ are selected
by the relevant Federal Ministry, and
there is no way you can influence their
choice.” Accreditation as a ‘Sherpa’
requires a high degree of commitment:
secunet has already made a start on the
preparatory work for the 2011 IT Summit
in Munich. And by mid-2011, a propo-
sal for guidelines has to be developed
to support the application service pro-
viders of the new ID card. In addition,
secunet is also still active on another
sub-committee of Working Group 4.
There will be more than enough to keep
everyone busy in 2011! ▀
Events
authega Well Received at ‘Moderner Staat’On 27th and 28th October 2010, de-
cision makers from the public sec-
tor gathered for the ‘Moderner Staat’
(Modern State) trade fair and conference
in Berlin. Over 200 speakers outlined
current developments and trends, quot-
ing from their own practical experience
and making concrete recommendations
for future courses of action. secunet
appeared on the same platform as mgm
Technology Partners to present authega.
State Secretary of Finance Franz Josef
Pschierer finds out about authega and
tests the prototypes at the secunet booth.
This jointly developed authentication
solution has been adopted by the Free
State of Bavaria to enable its employees
and officials to transmit information and
data via a secure staff portal. State Sec-
retary of Finance Franz Josef Pschierer,
who is also in charge of IT matters for
the Bavarian government, tested out the
latest prototypes for himself during a
visit to the secunet/mgm trade booth. ▀
ʽ More information:
Kurt Maier
Nationaler IT Gipfel
Dresden 2010
IT security partner of the Federal Republic of Germany www.secunet-wall.com
You can trust in luck... Or in your secunet wall.
Optimum performance at an affordable price: secunet wall 2 combines complete network, web and mail security in a single all-inclusive appliance. You will be impressed by its advanced technical functions, such as simplified management, generous provision for scaling, automatic updates and reports plus compre-hensive service options. For perfect all-round protection of your data.
Offering the full protection of Unified Threat Management with CC EAL 4+ certification in 2011.
We look forward to seeing you at CeBIT 2011. Visit us at booth C46 in hall 11.
secunet-secuview-0211engl.indd 1 28.01.2011 9:23:20 Uhr