Security requirements in a globalised world

secunet in the Middle East

The IT Security Report by Issue 1 | 2011

Central Nervous System of the nPA InfrastructureSigntrust uses the eID PKI Suite to issue authorisation certificates

Taking the Stress out of Getting a New PassportSpeed Capture Station – a rapid application procedure

SINA Box B 3GUnveiled

New high-end product in the SINA series

The IT Security Report by

Dear Readers,

What a year 2010 turned out to be! The never-ending sequence

of threats from the internet, the Stuxnet Trojan and the Wikileaks

revelations certainly made waves, generated massive debate and

caused a lot of general uncertainty. If nothing else, the Stuxnet

affair showed us that IT security measures against the ‘smarter’

sort of attacks that we can expect in the future are becoming

ever more vital in ensuring the ability of our modern society to

carry on functioning. We interviewed Professor Udo Helmbrecht,

Executive Director of ENISA, and one of the topics we discussed

was Stuxnet. It is beyond dispute that cross-border network and

information security is taking on increasing importance.

And not just in Europe: secunet is finding that the Arab world

too has a growing need for protection of key infrastructures and

for information security. secunet began trading there just over

two years ago and has since built up a reputation as an expert

partner in the region. The Middle East is emerging from the

global downturn stronger than before, and economists agree

that the region has posted high growth rates over the last few

years. Quite apart from its dynamic economy, the Middle East

also has other fascinating cultural facets.

But we also have a lot of exciting developments going on closer

to home; for example, the pioneering work involved in securing

the infotainment platform of Continental, the issuing of author-

isation certificates by Deutsche Post, the new SINA Box B 3G

and the support given to ELSTER. Together with our customers

and partners, we can always be found at the forefront of security

technology.

I hope you enjoy reading our magazine.

Best wishes

Dr. Rainer Baumgart

International

03 EU Commission Proposes Mandate Extension for ENISA to 2017

04 secunet on the Orient Express

06 Halt! Who Goes There?

07 How SINA Became Oranje

National

08 Central Nervous System of the nPA Infrastructure

10 Top Marks for the ILS in Matters of Security

11 Easy to Use and Twice the Benefit

12 The Stress-free Way to a New Passport

14 Security First!

Technologies & Solutions

16 Recharging E-Cars in a Transparent and Secure Way

17 SINA Box B 3G Unveiled

Welcome SINA CORE and a Fond Farewell to PEPP

18 Security for Intelligent Energy Supply

19 No Risk – Much Fun

News in Brief

Even Einstein Was a Beginner Once ...

20 Data Loss Prevention up Close and Personal

21 Dates

22 Events

Content

02 » 1 | 2011

The European Commission has recently

proposed that the mandate of ENISA

should be extended. secunet asked

Prof. Dr. Udo Helmbrecht, Executive

Director of ENISA, for his comments.

What exactly is ENISA and what respon-

sibilities does it have?

ENISA stands for the European Network

and Information Security Agency. Based

in Greece, the agency is responsible for

network and information security within

the European Union. It was first con-

stituted in 2004 for a term of five years.

The current mandate expires in March

2012. The application for extension to

2017 will go through two readings in

the EU Parliament this year, and is sub-

ject to final approval by the EU Council.

ENISA advises the European Parlia-

ment, the European Commission, Euro-

pean agencies and institutions as well

as agencies of member states on issues

relating to network and information

security. We are thereby paving the way

for the pooling of experience and for

cooperation between public authorities

and private companies in Europe.

Could you give us a brief summary of

the objectives of ENISA?

ENISA has set itself the target of ensur-

ing a high-level and effective standard

of network and information security

in the European Union. It is especially

important to us that we establish an

awareness and a genuine culture of

network and information security in

society, including private citizens, con-

sumers, businesses and the public

sector in equal measure. Of course, we

would also like to play a key role in up-

holding public confidence in the ‘digital

society’ – both now and in the future.

What does that mean in concrete terms

for the business community in Europe?

ENISA must ensure that not only the

security and privacy of internet users is

protected to the maximum degree pos-

sible, but also the security of information

in industry. This is essential if companies

are to trade competitively in Europe and

if the long-term strength of the Euro-

pean internal market is to be protected.

It is important to carry on developing

European expertise and capabilities in

IT security, and especially to enhance

operational efficiency in the field of se-

cure network technologies. Specifically,

ENISA will act as an interface between

cyber-security experts and authorities.

This will allow the forces combating

cyber crime to combine their

efforts and to take appropri-

ate and practical measures

against emerging security

risks at an early stage.

How much of a threat do

you personally consider

cyber crime attacks such as

the Stuxnet virus to be, and

what is your view of the cur-

rent activities of the Wiki-

leaks information platform?

Interview with Prof. Dr. Udo Helmbrecht

EU Commission Proposes

Mandate Extension for

ENISA to 2017

Today, we are seeing (organised) crime

transferring its activities from the real

world to the internet. It used to be bank

robberies, but now it is phishing. When

the internet became a place where you

could earn money, it also attracted

the interest of criminals. Furthermore,

the Stuxnet virus has shown that even

SCADA systems (Supervisory Control

and Data Acquisition) can be the target

of attacks. It is worth noting that the

sheer complexity of this virus suggests

that the criminal masterminds respon-

sible invested a lot of resources and

money in planting it.

Wikileaks is a different matter alto-

gether. What is at issue here is how

this type of journalism will continue to

develop. Is Wikileaks simply continuing

the long-established tradition of critical

journalism, or will it become a new

method of pushing the special political

interests of the information platform

itself? Ultimately, it also raises the

question of whether all infor-

mation should be publicly

available on the internet. If

that were so, what would

concepts such as privacy,

security of classified infor-

mation or patents mean any

more? ▀

International

Prof. Dr. Udo Helmbrecht,

Executive Director of the

EU Agency ENISA.

(Heraklion, Crete, Greece)

1 | 2011 « 03

Security concerns in a globalised context

For the past couple of years, secunet has been enjoying a

considerable degree of success in the Middle East. The com-

pany has been able to consolidate its business and build up

lucrative customer relationships in countries such as Jordan,

Saudi Arabia, the United Arab Emirates, Qatar and Egypt.

This is a region of growing economic significance, and the

response to secunet’s arrival on the scene has been genuinely

enthusiastic and welcoming. The company is obviously very

proud of the speed with which it has made a name for itself

as a capable partner in the Arab world. As in any other region

of the global market, the priority has to be to earn the res-

pect and esteem of your hosts. Which means understanding

the local culture, treating each other with mutual respect and

building a professional and profitable long-term partnership.

So what was it that inspired secunet to expand its sphere of

operations into this region, and why does it make strategic

sense to invest there? As a highly dynamic and innovative

company with sales structures that have a strong international

emphasis, secunet has the professional expertise and re-

sources to serve the demand in the Middle East

for sophisticated IT security. We are always

intent on taking a whole business approach

which means

looking at the

client’s indi-

vidual requirements and of-

fering customised, intelligent,

high-grade IT security sol-

utions. The high esteem in

which IT from secunet is

held was demonstrated at a

lecture on IT security given

by Chairman of the Board

Dr. Rainer Baumgart at the

recent Amman Security Con-

ference in Jordan. Many of

those attending expressed their enthusiasm about the per-

formance of secunet products and said how impressed they

were by the user-friendliness and the straightforward modular

design of secunet IT security solutions.

IT security ‘made in Germany’What is it like working out there? secunet subjects the require-

ments and needs of this dynamic growth region to very precise

analysis and at the same time is the clear beneficiary of the

confidence that customers feel when they know they are

buying an IT service with the ‘made in

Germany’ label, an advantage that

derives from the high esteem in

which German security solutions

are held. It is certainly the case

that the links we have forged

with local partners have

been immensely helpful in

dealing with our foreign

customers, as this

makes it possible to

do business without get-

ting tied up in knots and

to tap into useful local networks.

In far distant Arabia, we have embarked on a number of

promising projects in the high-security business in a rela-

tively short period of time, all of which offer great potential

for the future. There is a great demand for SINA products in

particular.

secunet on the Orient Express

International

Oman

Jordan

Egypt

Quatar

United Arab Emirates

BahrainSaudiArabia

Syria

04 » 1 | 2011

And just as in the European market, the customers we have

acquired in the Middle East are predominantly from the

public sector, i.e. we are generally dealing with the govern-

ments and administrative agencies of the individual countries.

Furthermore, there is a huge demand for solutions in the

area of sovereign documents as well as for our established

expertise and proven product range in the area of biometric

identification systems.

Quantum leap into the futureThe Middle East is once again showing itself to be an

economic powerhouse as it emerges from the global financial

crisis stronger than before. Because of the booming price of

oil, the economies of the states making up the Gulf Coop-

eration Council (GCC) – Bahrain, Qatar, Kuwait, Oman, Saudi

Arabia and the United Arab Emirates – have posted phenom-

enal growth rates in recent years and have established them-

selves as a vital market for German exporters. At the same

time, many of the countries in the region realise the long-term

importance of diversifying into a non-oil economy in order to

reduce the existing dependence on oil exports and to create

employment in alternative sectors.

German-Arab relations go a long way back in history and are

today assiduously cultivated at government level. The visit of

Chancellor Merkel to four of the six GCC states in May 2010

was intended as a clear signal to German exporters. Major

investment programmes in almost all infrastructure sectors

are in full swing. The population of many Arab states is

relatively young – in some cases, 70% of the population is

under 30 years old. Moreover, the new openness of the Arab

world, especially with the advance of the internet, means that

many sectors of the economy now have an even greater need

for the type of protec-

tion in which secunet

excels.

The next big IT secur-

ity event in the region

is the IDEX trade fair

to be held in Abu

Dhabi during Febru-

ary 2011. secunet will be manning a booth there and is already

looking forward to interesting discussions and a constructive

exchange of ideas. ▀

ʽ More information:

Michael Frings

michael.frings@secunet.com

International

1 | 2011 « 05

06 » 1 | 2011

International

secunet provides fortress-like protection

for on-board vehicle networks

Halt! Who Goes There?

The architecture of a castle is designed to afford maximum

security and defence. The functional security of on-board

vehicle networks has likewise been developed in meticulous

fashion. Nevertheless, opening the closed fortifications of a

castle to allow the transport of goods or information in and out

means that there is a constant threat from potential intruders.

Vehicles are now open in a similar way: radio interfaces, internet

connections in the vehicle, and comfort and safety functions all

result in access to the on-board network. Security measures

that function even when external components fail cannot be

realised at short notice, for want of suitable properties in on-

board network technology. An additional security and defence

system is urgently required – in vehicles as much as in castles.

The interior of a fortress is divided into two (or more) areas:

within the outer walls there are the resident population (in-

vehicle infotainment, i.e. manufacturer’s applications), and

in the future travelling salesmen (apps) will also be allowed

access. The second tier of defence – the inner walls – protects

the principal castle buildings, the home of the aristocratic

owners, and their family treasures (the electrical system buses

of the on-board network). Access to or exit from both of these

walled areas is through the castle gates. These in particular are

seen by potential invaders as weak points in the defences. For

this reason, all movement is strictly controlled by guards, with

incoming and outgoing deliveries kept separate.

The most important aspect of security at the castle is the con-

trol of incoming goods and visitors. To this end, strict rules are

established which lay down what the castle owners – quartered

in the inner sanctuary – consider important for the smooth run-

ning of the castle. They dictate which goods are prohibited (no

weapons, no drugs apart from alcohol), and also who is allowed

to enter the castle. Providing a tradesman has no record of

having breached any rules, he will be granted access to the

outer bailey. There are much stricter rules, however, when it

comes to gaining access to the inner area where entry is per-

mitted only to goods that have been ordered and to personally

recognised messengers. If there is no rule which explicitly per-

mits access, then the default rule is strictly applied: Keep out!

In order to avoid jeopardising the smooth running of the inner

castle through periods of hectic activity or mistakes at the gate

because of the press of the crowds seeking entry, which might

for example delay legitimate deliveries, the control of out-going

goods and persons is kept separate. Here again, there are strict

rules as to what goods are allowed to leave the castle. Theft

(access to sensitive data) is thus prevented. For this control

process, the guards follow their own protocols.

With the Application Control Unit (ACU), secunet has created

an ‘inner bailey with guards’ for automotive electronics. Policy

rules have been extrapolated from the specification of the on-

board network, and are applied by means of a securely isolated

intermediate control unit to every incoming communication

to the on-board vehicle network. The infotainment operating

system also asks the control unit for signature verification

before the installation of applications.

secunet safeguards Continental’s AutoLinq infotainment platform

Securing networked infotainment systems is a cornerstone of

secunet’s and Continental’s joint business activities. This col-

laboration has adapted secunet’s Security Framework to meet

AutoLinQ’s requirements. At the Consumer Electronics Show

(CES) in January 2011, the two companies demonstrated how

secunet’s Security Framework controls the communication

behaviour of applications in order to improve the security of

infotainment systems and on-board vehicle networks. ▀

ʽ More information:

Marc Lindlbauer

marc.lindlbauer@secunet.com

Hartmut Kaiser

hartmut.kaiser@secunet.com

Strict rules determine

which data is allowed

into the vehicle and

which is allowed out.

1 | 2011 « 07

International

secunet’s Dutch partner Fox-IT

made SINA ‘oranje’

Holland is one of Germany’s dreaded rivals in football com-

petitions. But in security matters, we are playing in one team,

thanks to SINA and also, more recently, to highly effective com-

bination play between the Biometrics and eID departments.

Ronald Westerlaken spoke about this successful partnership:

Security begins with the establishment of trust. Not only in re-

lationship with your customers but also in building long-term

relationships with your partners. Fox-IT’s relationship with

secunet in particular is somewhat unique for the high secur-

ity market we both operate in. Not only do we extend each

other’s portfolio but also intend to combine our knowledge

and cooperation even more extensively in the future. Fox-IT

is the exclusive partner for secunet in the Netherlands. In

return, secunet is the exclusive reseller of the Fox DataDiode,

rebranded as the SINA One Way Gateway 2, in Germany.

SINA is the only product in

the Netherlands, which can

be used to securely process

and transfer classified data

up to state secret level.

Working closely together,

we have successfully im-

plemented many large SINA

networks over the past 6

years. More than 350 SINA

Boxes and 300 SINA Virtual

Workstations are currently in

use, many of them already for a few years now. Fox-IT expects

to extend these numbers in the future. Looking at the current

development processes, we have high confidence that SINA

will still be the leading standard for IP encryptors.

And if you’re now wondering whether SINA components

ordered by customers in Holland will be supplied in orange

too, rest assured, they will arrive in their customary silver kit –

despite the excellent international teamwork.

About Fox-IT

Fox-IT specializes in cyber defense, IT Security, lawful inter-

ception and digital forensics solutions, providing completely

secure, easy-to-use and automated products for data trans-

port, interpretation and archiving to dozens of government

defense and intelligence agencies, systems integrators and

commercial organizations worldwide. Fox-IT solutions main-

tain the security of government systems up to ‘state secret

level’ sensitivity, critical infrastructure and process control net-

works and other highly confidential data. Established in 1999,

Fox-IT is based in the Netherlands and works with partners in

more than 20 countries. (More information: www.fox-it.com) ▀

ʽ More information:

Ronald Westerlaken

westerlaken@fox-it.com

Dr. Gerd Schneider

gerd.schneider@secunet.com

Ronald Westerlaken,

Product Manager at Fox-IT

How SINA Became Oranje

08 » 1 | 2011

Central Nervous System of the nPA Infrastructure

The nPA, which has been issued since 1st November 2010,

is more than ‘just’ an official photo ID in credit card format:

it identifies the holder online and thereby allows him or her,

for example, to easily arrange insurance online or to open a

new bank account. Deutsche Post Trustcenter is an accredited

certification service provider (Zertifizierungsdiensteanbieter –

ZDA) and issues authorisation certificates (BerCA) for the nPA.

secunet has supported the

Trustcenter on its path to

accreditation and supplies

the core software com-

ponent, the eID PKI Suite.

Safe citizensIt is a straightforward pro-

cess for German citizens to

use the nPA: in addition to

the card reader and the so-

called ‘AusweisApp’ from

the Federal Ministry of the

Interior (BMI), they only re-

quire their standard web

browser to carry out online

authentication. For the personal and sensitive data contained

in the nPA, the BMI and the Federal Office for Information

Security (BSI) have created a powerful and highly secure nPA

infrastructure which protects against unauthorised access.

The contactless SmartCard chip that is embedded in the nPA

allows a public authority the option of sovereign access to the

identity card and biometric data (in the case of the nPA, this

specifically means photo and fingerprints). Companies in the

private sector, on the other hand, are permitted non-sovereign

access to the so-called ‘e-ID functionality’. This identifies the

holder online beyond any doubt, so that he or she can, for

example, arrange insurance or open a new bank account.

Certified Service ProvidersThe nPA is not automatically

available for use by service

providers in industry and pub-

lic administration that want to offer their customers these new

electronic proofs of identity. They require a digital authoris-

ation certificate. In order to qualify, banks or online retailers

must submit an application to the Awarding Authority for

Authorisation Certificates (Vergabestelle für Berechtigungszer-

tifikate – VfB) in Cologne, in which they explain their verifiable

interest in certain information. For example, the customer’s

date of birth will only be provided to them if they are in the

business of supplying goods with legal age restrictions or

contracts that are only valid where a customer has reached the

legal age of majority.

The VfB establishes the maximum amount of data to which the

applicant should be allowed access and records the result as a

formal decision. Once they have received formal confirmation

of this decision, the service providers are able to contact the

Deutsche Post Trustcenter – specifically the Deutsche Post

Com GmbH Signtrust business unit – which is an accredited

ZDA. This unit will issue the appropriate authorisation certifi-

cate. Only then is it possible for the service provider to access

the private individual’s nPA. The service provider is thereby

limited to the rights explicitly granted by the VfB.

Responsible ZDAAuthorisation certificates may be issued only to parties who

have ZDA accreditation. There are two main entry requirements:

– As a preparatory measure, a test operation must be

constructed and coordinated with the BSI.

– A ‘Certificate Policy’ must be prepared in accordance with

Technical Guideline 03129.

Only if the BSI gives its approval on both points is the way

clear for the desired accreditation.

Signtrust issues authorisation certificates for the

nPA using the eID PKI Suite

National

“Through electronic identity

verification, private citizens

and service providers now

know exactly who they are

dealing with – even online –

and that increases mutual

trust. We are pleased that

we can make a contribution

as a certification service

provider.” Sabine Buchhalter, Director of Signtrust,

Deutsche Post Com GmbH

1 | 2011 « 09

Supported by the IT security experts from secunet, Signtrust

was able to complete this process with great success: on the

same date as the nPA was rolled out (1st November 2010),

operation as an authorisation certification authority com-

menced at the Trustcenter in Darmstadt. With the issuing of

authorisation certificates, Deutsche Post has now expanded

its solid, dependable portfolio with the addition of a method

for secure identification via an electronic medium.

Multifunctional eID PKI SuiteSigntrust is using the eID PKI Trust Suite from secunet as a

software solution for the certification service. This PKI sol-

ution, developed specifically for sovereign documents, not

only issues authorisation

certificates to service pro-

viders; it is also the central

communication interface

between participating citi-

zens, service providers,

government agencies and

the root certification auth-

ority. Through selective

control of information flow,

each party will thereby

exclusively receive the

information that they re-

quire and are permitted to

receive. Here are two

examples:

The eID PKI Suite receives the blacklists from the Federal

Administrative Office block register, which identify all currently

blocked nPAs. The eID PKI Suite converts the complete list

into a specific block list for each individual service provider

ʽ More information:

Thomas Stürznickel

thomas.stuerznickel@secunet.com

– Platform-independent software solution

– Issues authorisation certificates according to EAC 2.05

– Electronic communication interface compliant

with BSI TR 03129

– Interoperability with all national eID servers

– Officially approved by BSI for BerCA

! Features of the eID PKI Suiteat a glance:

and makes this automatically available through a so-called

‘eID server’. This means that unauthorised persons have no

chance of misusing a lost or stolen ID card. Furthermore, the

eID PKI Suite refers to the national eID directory service from

BSI to retrieve master and defect lists and forwards these to

the service provider. These lists can be used to check whether

an nPA has been electronically forged or was genuinely issued

by the Federal Printing Agency.

The eID PKI Suite from secunet therefore constitutes the ‘cen-

tral nervous system’ for secure and reliable nPA infrastructure

used by Signtrust in issuing the authorisation certificates. ▀

“The new service is an

important milestone for the

Deutsche Post portfolio.

We chose the eID PKI Suite

and the support of our long-

term partner secunet in the

technical implementation,

and we met our ambitious

schedule without a hitch.”Sabine Buchhalter, Director of Signtrust,

Deutsche Post Com GmbH

National

10 » 1 | 2011

So you would like a study course that doesn’t involve looking

for books in musty libraries, working to an ineffectual time-

table with irritating free periods or fighting for a seat in over-

crowded lecture halls? It may sound like a pipedream, but

the Institut für Lernsysteme (ILS), Germany’s largest corres-

pondence school, makes all this possible. Offering more than

200 state-approved distance learning courses, there really

is something here for everyone. From vocational education

to further education courses, school leaving qualifications,

language learning and training – and all via the internet. No

wonder that the ILS mentors some 80,000 students a year

and that its graduates give the institute top marks. In the ILS

online study centre, students can organise their complete

course of study online and thus have constant and compre-

hensive access to all the information relevant to their course.

Within this community they can also chat to their fellow

students and e-mail each other.

Absolute confidentiality It is predominately personal data, such as addresses and

grades, that is sent backwards and forwards, i.e. data of a

very sensitive nature. In

this regard, students rely

on complete confidenti-

ality. Of course, website

availability and response

times also play a major

role. Managed Security

Services from secunet

have already provided the

ILS with a solid foundation. The second step was to install a

Web Application Firewall (WAF) and raise the security level

even further. This means that the areas of reliability and avail-

ability have both been significantly optimised.

Top Marks for the ILS in Matters of Security

The Web Application Firewall makes

studying straightforward and reliable

Guaranteed fail-safe performance and availabilityUnlike a simple firewall which decides at port level who can

communicate from where and to where, the WAF additionally

checks the data stream at application level for undesired

content. There are parallels with the security controls at an

airport: the firewall demands sight of a passport, the WAF

scans the luggage and frisks the passengers. The load

balancing technology implemented in the WAF ensures that

incoming data is distributed in a targeted manner to the

various different servers – depending on availability. If a

server is busy, faulty or being serviced, it is simply removed

from the load distribution and the operation still continues

to function without loss. To go back to the airport analogy,

this is the equivalent of creating several channels for identity

checks.

Student and study management at the ILS is set to continue

running smoothly and completely safely in the future too. So

top marks for the ILS when it comes to security and avail-

ability – thanks to secunet. ▀

ʽ More information:

Guido Höfken

guido.hoefken@secunet.com

National

1 | 2011 « 11

ELSTER, the electronic tax declaration

portal, provides efficient, secure and 24/7

electronic transmission of all tax data

between citizens, tax advisors, employers, local authorities,

professional organisations and tax officials. The system cur-

rently handles more than 100 million data sets per annum.

Working on behalf of the Bavarian State Office for Taxation

to ensure a high level of availability, integrity and confiden-

tiality in the processing of this data, secunet has developed

the Lifecycle Management tool Smart Security Architecture

(SSA). And as a bonus, this also simplifies recertification in

accordance with ISO 27001.

High volume of confidential data

The high volume of confidential data

handled by ELSTER is shared between

two data processing centres – these

receive and process tax data for all 16

German states. In order to comply with

the high data protection requirements, a

security management system was estab-

lished in 2008 in both data processing

centres, which conforms to ISO 27001

and was based on the IT protection

standard as certified by the Federal

Office for Information Security (BSI). As

an integral component of IT security,

SSA simplifies the recertification which

takes place every three years with six-

monthly interim audits. In addition, it of-

fers the appropriate tools to guarantee

the cost-effective and continuous avail-

ability, integrity and confidentiality of

data processing.

Smart Security Architecture from

secunet delivers efficient and simpler

recertification for ELSTER

Easy to Use and Twice the Benefit

SSA provides high efficiency at low costs

The process uses installation windows that describe the re-

quired software compo-

nents of a server. Instal-

lation, configuration and

hardening of the server

take place on the basis of

this information and are

automated by an installa-

tion server when the

system first boots up. In

this way, a standardised

operating system and

application environment

can rapidly be produced

for the Unix server of the

tax office. New software

versions can be activated,

with switchover times taking no longer

than a few minutes. With SSA, operating

systems and application software can be

restored within a few hours – even in the

case of total outage.

By using virtual servers, SSA keeps the

applications, data and hardened oper-

ating systems strictly separate from one

another, so that they only have access to

the data, protocols and configurations

for which they are authorised. The resul-

ting uniform, standardised and secure

hardware and software platform pro-

vides high-level availability of the ELSTER

system and ensures that highly sen-

sitive tax data can be submitted round

the clock. ▀

ʽ More information:

Andreas Mann

andreas.mann@secunet.com

“The implementation of SSA at

ELSTER has led to a significant

reduction in costs, an increase

in operational efficiency and

the reduction to a minimum of

downtimes. Moreover, it has

made it significantly simpler

for us to gain ISO 27001

recertification when this

comes up every three years.” Franz Widholm, Head of General

Security at ELSTER

National

12 » 1 | 2011

The Stress-free Way to a New Passport

“Look straight at the camera with a neutral expression and

do not smile.” Anyone who has applied for a passport (ePass)

in recent years may well remember similar instructions being

spoken by the photographer. But we are in the registry office

of Monheim am Rhein, or to be more precise, in its Speed

Capture Station. After displaying the illustrated instructions,

the terminal automatically sets the optimum height for taking

the photograph. Three pictures are then taken. Portrait prints

are automatically selected and then checked for their bio-

metric compatibility. One passport photograph can be chosen

from those found suitable. Finally, the applicant’s signature is

recorded.

Since mid-August 2010, Monheim am Rhein has been the first

local authority in Germany to trial the Speed Capture Station, a

self-service terminal for the capture of biometric data (photo-

graph, finger prints and signature) for ID cards (nPA) and pass-

ports (ePass). Within the framework of this pilot scheme,

initially only photographs and signatures are being recorded

and the image data is digitally uploaded from the terminal.

In the final version, the Speed Capture Station will also take

fingerprints and transmit not only image data but also already

encoded Biometric Information Templates (BITs), as well as the

obligatory quality control data from the terminal (xinfo).

The data is initially collected anonymously and given an identi-

fying number. Before the data is finally transferred, the local

authority employee operating the equipment visually checks

the passport photograph against the applicant and verifies the

fingerprints.

Central to the development of the software was simple, intui-

tive operability and full compliance with national standards,

in particular the technical guidelines ‘Biometrics for Public

Sector Applications’ (TR-03121) issued by the Federal Office

for Information Security (BSI). The modular and configurable

design of the terminal enables it to also be used for other

documents such as electronic residence permits (eAT, from

May 2011) and driving licences.

Ease of operation – high rate of acceptanceThe Speed Capture Station has met with a positive response

from the residents of Monheim. This is confirmed by the fact

that more than 500 people have used the system over the past

two months and by the results of a user survey: over 90%

of users rated the data capturing process as ‘short’ or ‘very

short’ and ease of operation as ‘simple’ or ‘very simple’; just

under 95% of users would recommend use of the terminal to

their friends.

Sibille Hanenberg, Head of Residents’ Services, is also

delighted: “The Speed Capture Station has been extremely

well received during this test period, members of the public

have mostly operated the Speed Capture Station them-

The Speed Capture Station in Monheim is a

rapid and paperless application procedure for

obtaining new personal identity documents

National

1 | 2011 « 13

“The Speed Capture

Station has been extremely

well received during this

test period.“Sibille Hanenberg, Head of Residents’

Services

selves and my colleagues have had to help out only very

rarely.” Initial findings reveal that the major benefit lies in the

time saved in processing applications for personal identity

documents. The cutting and glueing of passport photographs

and the scanning of ap-

plications is no longer

necessary in most cases.

In addition, the terminal

is available for use the

whole time that the

registry office is open,

says Frau Hanenberg,

summarising the advan-

tages both from an administrative point of view and for

members of the public.

Biometric middleware (secunet biomiddle) is used to check

the quality of the photographs and to take fingerprints. This

facilitates the modular use of biometric system components

within different biometric and eID applications. Internationally

Copyright: © secunet Security Networks AG. All rights reserved. All contents and structures are copyright protected. All and any use notexpressly permitted by copyright law requires prior written permission.

Editorsecunet Security Networks AGKronprinzenstraße 3045128 Essen, Germanywww.secunet.com

Responsible for the contentmarketing@secunet.comChief Editorclaudia.roers@secunet.comdominik.maoro@secunet.com

DesignAgentur für dynamisches Marketing www.knoerrich-marketing.de

Imprint

Illustrations: Cover, p 4 at the top and p 7 at the top: shutterstock, p 3: Enisa, p 5 at the top: panthermedia, p 8 and 9: Bundesministerium des Innern, p 9 picture Ronald Westerlaken: Fox-IT, p 10 and 20: Illustrations Lutz Lange, p 11: ELSTER, p 14: BAKöV, p 16 and 18: fotolia, p 19: CAST e. V. Others: secunet

standardised interfaces allow for easy replacement of indi-

vidual components. secunet biomiddle communicates with

client applications via a service-oriented interface, which

makes it independent of system platforms and programming

languages. secunet biomiddle has been jointly developed by

secunet and the Federal Office for Information Security and

has achieved the status of preferred architecture and reference

implementation system for the use of biometrics in national

identity documents. This architecture is not only employed

in the Speed Capture Station, but also in the places of work

where the data is retrieved. For process developers, this

means that there is no proprietary interface to the terminal

to install for the use of biometric system components, but

flexible middleware instead. If secunet biomiddle is already in-

stalled, only the Biometric Service Provider (BSP) needs to be

exchanged. Integration could not be any simpler or faster. ▀

ʽ More information:

Georg Hasse

georg.hasse@secunet.com

Recording data in the

Speed Capture Station:

photo, fingerprint and

signature.

National

Subscribe to secuviewWould you like to receive secuview on a regular basis free of charge? Choose between the print and the e-mail version. Register on www.secunet.com/en/the-company/it-security-report-secuview/secuview-e-mail-eng.

14 » 1 | 2011

The latest initiative from the Federal

Academy of Public Administration

(BAköV) is called ‘Security first: In-

formation security in the workplace’.

Its purpose is to ensure that secur-

ity-conscious behaviour amongst

government employees is no longer

left to chance, because it is becoming

increasingly important to have reliable security technology

and to use it responsibly. The programme, which is sup-

ported by the Federal Office for Information Security (BSI)

and is being implemented by secunet, is providing German

government bodies with IT security training. Potential threats

are identified and effective countermeasures are put in place.

Training specifically adapted to each target group raises

awareness amongst the participants and provides them

with appropriate basic knowledge of security-conscious

behaviour.

Security initiative across the board

The ‘Security first’ initiative is currently being implemented

in 72 public authorities and will ultimately provide training for

45,000 employees. All too often, it is the people at manage-

ment level who have limited knowledge of IT security. In order

to provide them with support in their job and promote them as

good role models, this group in particular is being targeted for

awareness-raising. But in addition, these measures are also

aimed at IT support workers and other employees. secunet

has been commissioned by BAköV to look after some 30 of

the 72 institutions and is working in close cooperation with

each authority to carry out programmes of individual aware-

ness-raising and on-the-spot training. To date, BAköV has set

aside a budget of around one million euros for this purpose.

What does ‘awareness-raising’ entail in concrete terms?First a needs assessment is carried out, tailored to each in-

dividual authority, followed by the preparation, design and

realisation of appropriate events. Using the current level of

threat, actual incidents of loss or damage and examples of

attacks, secunet’s IT experts will illustrate just how important

and real the issue of information security is for each and every

employee. The consequences of a careless approach to the

subject are also demonstrated. Participants learn from con-

crete examples to identify the dangers and how to respond

appropriately.

“Information security concerns us all.” Within authorities, the management of IT security must be

more firmly established, promoted and embedded in the

culture of the organisation. To this end, managers and em-

ployees alike need to be given better information and speci-

fic rules of conduct. The training courses provide a thorough

induction into existing internal security policies. As a result,

participants can relate them directly to their own work and

respond sensitively to potential threats. In order to guarantee

a permanent state of alertness,

the raising of awareness with

respect to information security

must be seen as an ongoing

task. ▀

ʽ More information:

Martin Woitke

martin.woitke@secunet.com

BAköV chooses secunet as partner in

awareness-training initiative for improved

information security in public sector

National

Security First!

1 | 2011 « 015

„GENAU WIE ICH,SUUUPER HELL DA OBEN!”Alles zum Thema effiziente Energienutzung und versteckte Energiefresser in Ihrem Haushalt jetzt auf www.energiewelt.de

SUUUPER HELL DA OBEN!Energiefresser in Ihrem Haushalt jetzt auf www.energiewelt.de

SUUUPER HELL DA OBEN!

110118_Hell_Kundenmagazin_210x297.indd 1 18.01.11 09:08

Advertisement

16 » 1 | 2011

Germany is set to be-

come the world’s lead-

ing market for electric

mobility. At least, if the

German government gets

its way. An important pre-

condition for the introduc-

tion of electric vehicles

is a nationwide charging

network that complies

with both environmental

and safety standards. At EU level within the framework of ISO/

IEC, the most important applications of e-mobility in the smart

grid are being identified, and from there, solutions are being

found. These can basically be listed under two main headings:

– Regulated charging with payment at the charging station

– Regulated charging with automatic billing (Plug’n Charge)

Of course, a simple electric vehicle does not necessarily re-

quire a smart grid – after all, for the last hundred years or so,

we have been able to simply plug equipment into an electric

socket without the need for the two of them to communicate

with one another. However, if we wish to introduce electric mo-

bility for the purpose of achieving our climate protection goals,

additional intelligent communication between vehicle (con-

sumer) and energy producer is essential: only through being

networked within a smart grid is it possible to regulate charging,

to adjust network output to demand and to efficiently feed

renewable energy into the grid.

In addition, efficient billing processes can be handled and dis-

played over the network. Through automatic billing – similar

to today’s mobile phone tariffs – Plug’n Charge options mini-

mise both labour-intensive processes, such as manual pay-

ment methods, and investment costs in card readers at char-

ging stations etc. In order to implement these processes

practically so they are cost-effective and convenient for the

user of the vehicle and the operator of the charging network

alike, the charging interface in all vehicles must be made as

uniform as possible. To this end, the ISO/IEC Joint Working

Group ‘Vehicle to Grid’ was formed, and since July 2010,

secunet has been an active member of the Charging Interface

sub-group, working in collaboration with vehicle manufac-

turers, energy providers, government agencies and the supply

industry on setting up a national charging infrastructure.

The aim is to specify concepts and solutions that ensure the

integrity, authenticity, availability and confidentiality of all data

exchanged. It is important for the end customer to safeguard

his independence when charging his vehicle (i.e. ‘roaming’)

and his choice of electricity supplier and tariff. In addition, the

end customer requires transparency of process. The OEMs*

and network operators are concerned not only about feasi-

bility but also about the time factor, as the automotive industry

cannot afford to be left behind by its international competitors.

While Germany finds itself to some extent still at the planning

stage, other countries are already starting on production or

even have electric vehicles in series production.

In order to develop a comprehensive security solution, other

affected areas – smart grid, smart metering and, if applicable,

the ‘smart home’ – must be included. Various standardisation

bodies such as ISO/IEC, DIN, DKE, CEN/CENELEC, ETSI are

currently working on common standards. secunet has taken

on the leadership of the Smart Grid working group of TeleTrusT

Deutschland e.V. which specialises in the establishment of IT

security and data protection in smart grids.

secunet focuses on IT security and data

protection in e-mobility and smart grids –

securely. ▀

ʽ More information:

Harry Knechtel

harry.knechtel@secunet.com

secunet leads the way in smart grid technology

Recharging E-Cars in a Transparent and Secure Way

* Original Equipment Manufacturer = manufacturers that use original components from other manufacturers for their products and then sell them under their own name.

Technologies & Solutions

1 | 2011 « 17

Technologies & Solutions

SINA software makes it possible to achieve highly scalable

improvements in performance on new processor platforms.

The SINA series is shortly to be extended by a new high-end

product: the SINA Box B 3G. This latest addition to the range

will process around five times as much data as the current

SINA Box 1000 while costing only twice as much in initial out-

lay. Moreover, the SINA Box B 3G comes complete with a

number of new features. The package has

been designed to be futureproof with a

colossal 4GB RAM and ten network

interfaces, some of which can op-

tionally be fitted with SFP modules.

And when it comes to usability, the SINA Box B 3G is a revel-

ation, the new touchscreen displaying information more clearly

than ever before. You can now enter your PIN via the operator-

friendly screen with its resolution of 260 x 64 pixels. Last but

not least, this latest version has had a design makeover, now

appearing in a slimline, elegant 19-inch case of only two rack

units in height (1 RU = 44.45 mm) for convenient stacking. All

the important interfaces are on the front

of the device. ▀

Welcome SINA CORE and a Fond Farewell to PEPPIn the ten years or so that SINA has

been in development, we have supplied

more than 26,000 components to our

customers. Almost 9,000 systems have

been equipped with Pluto/PEPP board

encryption technology. From mid-2011,

we will be incorporating SINA CORE – a

new technology that is cryptographically

interoperable with PEPP – into the SINA

Box and all SINA clients. The perfor-

mance of the whole SINA product family

will be significantly boosted by this new

development.

SINA Box B 3G Unveiled

What are the functional and oper-

ational benefits of this new encryption

technology?

SINA CORE is …

... more powerful:

– Boasting approx 180 MBit/s, the new

SINA Box H performs significantly better.

– Security connections with other SINA

components can be established more than

ten times as fast.

… more flexible:

– New cryptoalgorithms can be (post)loaded.

– Instead of just one class of devices

(e.g. H, P), three can now be supported on

one SINA CORE module.

– The encryption modules are enabled for

online updating in respect of cryptographic

device classes, algorithms and parameters.

… more compact:

– The compact design of the SINA CORE

modules with integrated optical network

card facilitates significantly smaller

hardware platforms.

… more robust:

– We have incorporated our extensive

experience of military application to make

a product that is now suitable for use in

really tough environments.

Obviously, we intend to continue pro-

viding servicing and product care for our

existing Pluto/PEPP technology. Your

customer service adviser will be pleased

to answer your questions and support

you in the introduction of SINA CORE-

based SINA components into your

network infrastructure. ▀

18 » 1 | 2011

The concept of the smart grid presents the electricity supply

industry with major challenges. Decentralised energy produc-

tion, mobile storage and sources of energy such as photo-

voltaic power plants and wind energy plants, where availability

is outside human control, are playing an increasingly important

role. In order to optimise the network load and to ensure a

stable energy supply, it is essential to have real-time automatic

reconciliation of production, network load and consumption.

This is of particular importance when it comes to the involve-

ment of so-called ‘prosumers’, that is to say participants who

both consume energy, and generate and feed it back into

the grid.

Between these smart homes and the smart grid, so-called

‘IKT gateways’ (IKT = Informations- und Kommunikations-

technologie; Information and Communication Technology)

act as network nodes. Here, the various different applications

are brought together and managed: electricity, water and gas

meters, control of energy consumption by the energy pro-

vider (Telecontrolling), management and control of plants and

equipment that both consume and generate electricity (Intelli-

gent Supervision) and also various interfaces such as a WLAN

connection.

A high level of IT security is a fundamental requirement in

the collection, processing and transmission of sensitive data

between individual system components. Unauthorised access

and manipulation, whether internal or external, must be pre-

vented. It is also important to avoid errors in implementation,

maintenance and updates, and to block the import of malware

or the execution of unauthorised functions.

This is where secunet’s Application Control Unit (ACU) comes

into the picture, a software-based security framework that

can be installed in the IKT gateways. It enables the individual

components in the IKT gateway to be securely operated,

separately from each other and free from interference.

Communication between the different gateway applications is

specifically managed and monitored via the ACU. Thanks to

this unique combination of compartmentalisation technology,

monitoring and protection logic, the ACU provides a high level

of security – without any additional hardware costs.

The ACU was originally developed for the automotive market

to secure and shield online access to vehicles. The technical

and security requirements such as a high level of protection,

limited resources (computing and storage) and price sensitivi-

ty are, however, comparable with those in measurement and

control technology. As a result, it would be possible to transfer

the software with only a few specific modifications. ▀

ʽ More information:

Gunnar Hettstedt

gunnar.hettstedt@secunet.com

Marc Lindlbauer

marc.lindlbauer@secunet.com

Security for Intelligent Energy Supply The Application Control Unit secures online

access to vehicles – in the future will it also be

an essential component of the smart home?

In the future, the ACU could provide for a

high level of security in measurement and

control technology.

Technologies & Solutions

1 | 2011 « 0191 | 2011 « 19

Winners of the sponsorship and promotion prizes at

the 2010 CAST Awards for IT Security.

No risk – Much Fun

News in Brief

You have to protect your data against threats from the inter-

net and your own in-house network. Everyone knows that. But

in order to have dependable network, e-mail and web protec-

tion, a large number of security mechanisms need to be put

in place, a complex process that requires your administrator

to keep an eye on thousands of details all at the same time.

secunet wall 2 offers the solution to all of this in a single

appliance – thanks to Unified Threat Management (UTM). UTM

involves the integration of all appropriate security functions

into a technically unified platform with a graphical user inter-

face (GUI). secunet wall 2 provides all-round protection whilst

simultaneously simplifying your IT infrastructure.

The benefits at a glance:

– no time-consuming administrative work via multiple GUIs;

– automatic input of individual firmware and version updates;

– no hidden costs for support, servicing and updates;

– applications are mutually compatible and work perfectly

together.

secunet wall 2 comfortably manages administration, servicing

and maintenance tasks. And your internal IT department has

full control over your company security. That’s why you’re so

secure. ▀

Why you’re so much more secure

with secunet wall 2

Even Einstein Was a Beginner Once …

CAST Awards 2010Now into their tenth year, the CAST e.V. Awards for IT Security were presented in Darmstadt on 18th November 2010. Outstanding young scientists were honoured in three categories: master’s and diploma theses, bachelor’s theses and other final dissertations (IT specialist, further education, etc.). The top ten finalists from the preliminary rounds presented their findings to a panel of experts. The winners, who were chosen by secret ballot, were delighted to receive between €1,000 and €3,000 in prize money.

This was secunet’s first time as a CAST award sponsor. Dr Rainer Baumgart was invited to attend the presentation ceremony and deliver the keynote speech. In the process, he formed a very positive impression of the up-and-coming IT security specialists: “The high level of commitment and enthusiasm for our field shown by these young scientists gives me great optimism for the future of our sector. In supporting awards of this kind, we are also taking on a degree of responsibility for the education of our young successors.” www.cast-forum.de/foerderpreise/foerderpreise.html

IT Security Award 2010secunet regularly offers students at universities and technical universities opportunities for preparing diploma theses, internships and part-time jobs for students. Ruhr Universität Bochum is an im-portant partner for research and projects. And since 2010, secunet is playing a more direct role there than merely as the sponsor of a scholarship in the Department of Mathematics. The Horst Görtz Institute for IT security has invited Dr Rainer Baumgart to become a member of the jury for the prestigious IT Security Award which, with a prize fund amounting to more than €100,000 for the winner, is one of the sector’s major accolades. www.hgi.ruhr-uni-bochum.de/hgi/veranstaltungen/its-Preis/

secunet encourages scientists of the future

! Technological Partnershipsecunet wall 2 was developed in the framework of

a technological partnership between secunet and

Astaro on the basis of Astaro Security Gateway.

ʽ More information:

Gert Hientzsch

gert.hientzsch@secunet.com

20 » 1 | 2011

Karl is the head of a company and carries a lot of responsi-

bility. As a keen driver, Karl knows how important safety is –

including on the information superhighway. He does not want

to read newspaper reports about accidents involving his em-

ployees’ or clients’ data, nor can he afford to have any data

leakage resulting in the loss of business secrets.

Karl has already invested a great deal of time and money in

security, and his company is extremely well protected against

external attacks. But all

day long, his employees

work and drive on the

information superhighway

with his company assets

and ‘crown jewels’. In

order to avoid any acci-

dents, he has introduced

traffic regulations in the

form of data and com-

pliance guidelines. Karl

has faith in his traffic re-

gulations and in his em-

ployees. But are his employees really aware of the potential

dangers? Or, because of their heavy workload, are they in a

hurry and so drive much too fast?

To be on the safe side, Karl chooses the information super-

highway that has crash barriers at danger spots. Company

cars are limited to 110mph – apart from Karl’s which can whizz

along at speeds of up to 140mph. Karl’s IT department call this

‘Device and Application Control’. In this way, company equip-

ment does not become a dangerous instrument: the crown

jewels stay between the crash barriers and proceed at a set

maximum speed. Two salesmen, who are on the road driving

at 40mph in a zone with traffic-calming measures because

their deadline is so important, are sent a warning by Karl over

their satellite navigation system. To cope with dangers such as

snow and black ice, the internal audit provides ABS and ESP.

secunet ensures the accident-free carriage

of the ‘crown jewels’ along the information

superhighway

“80 % of information is freely

accessible. Of the remaining

20 % of internal company

information, around 5 % are

the ‘crown jewels’ that give the

company its competitive edge.” Herbert Kurek from the Federal Office

for the Protection of the Constitution in

FOCUS magazine No. 1/2008

What are my company assets?

Observe information flow

Avoid mistakes

Identify Monitor data

Data Loss PreventionProtect

Technologies & Solutions

Data Loss Prevention up Close and Personal

The name given by IT specialists to this security package,

which has been tailor-made to Karl’s company structure and

requirements, is ‘Data Loss Prevention’ (DLP). It ensures that

everything operates effectively and efficiently – with fast cars

and safe transport for the crown jewels. DLP warns employees

if they are about to violate data and compliance guidelines;

in dangerous situations, it will even intervene and prevent the

loss of confidential data. Karl has an accurate picture of the

flow of information, and technology steps in whenever danger

looms up ahead. Karl might almost have forgotten to take out

theft protection, but his IT department tells him about device

encryption. Somehow remotely controlled, and already in-

cluded. No worries. All thanks to Data Loss Prevention. ▀

ʽ For a test drive, contact:

Roland Krüger

roland.krueger@secunet.com

1 | 2011 « 21

» Mobile World Congress / Barcelona

» RSA Conference / San Francisco

» Frühschicht / Essen

» IDEX / Abu Dhabi

» 17th Berliner Anwenderforum eGovernment / Berlin

» CeBIT, Hall 11 Stand C46 / Hannover

» Infosecurity Europe / London

» heise Security Tour / Stuttgart

» AFCEA exhibition / Bonn-Bad Godesberg

» Bayerisches Anwenderforum eGovernment / Munich

» Workshop ‘IT Security on Board’ / Munich

» BSI Congress / Bonn

» General Annual Meeting secunet / Essen

» Datenschutzkongress / Berlin

» SINA User Day / Berlin

» heise Security Tour / Munich

» SINA User Day / Bonn

Dates: February to June 2011

14 – 17 February 2011

14 – 18 February 2011

16 February 2011

20 – 24 February 2011

23 – 24 February 2011

1 – 5 March 2011

19 – 21 April 2011

4 May 2011

4 – 5 May 2011

4 – 5 May 2011

6 May 2011

10 – 12 May 2011

11 May 2011

18 – 19 May 2011

17 May 2011

25 May 2011

8 und 9 June 2011

Would you like to arrange an appointment with us?

Then send an e-mail to events@secunet.com.

Dates

22 » 1 | 2011

Now in its second year in Nuremberg, it-sa has already

established itself as a popular forum for the IT security sec-

tor to meet and exchange information, and as one of the top

IT security trade fairs. Between 19th and 21st October 2010,

around 7,100 visitors from industry, research and the public

sector turned up to find out about the latest products and

developments in IT security from the 304 exhibitors. “This year,

it-sa has convincingly underscored the importance of IT secur-

ity. The fair has grown in size and become a permanent fixture

in the diaries of IT professionals,” concluded Michael Hange,

President of the German Federal Office for Information Secur-

ity (BSI). Having learned from its experience in 2009 when its

small 12sqm booth was virtually overrun by visitors, secunet

ensured that its stand for 2010 – directly opposite that of the

BSI – was increased in size to cope with the demand this time.

Exhibitors were fulsome in their praise of the exceptionally

high calibre of the visitors to it-sa. “The fair was extremely

well planned and visitors came to us armed with specific ques-

tions and topics,” said Gert Hientzsch, High Security Sales

at secunet AG, in his evaluation of it-sa 2010. secunet’s

co-exhibitor, G&D, was also delighted with the fair and the

collaborative effort. ▀

Only Two Years Old but Already a Regular Fixture: it-sa

Events

The 14 participants attending the

‘IT Security on Board’ workshop on 19th

November in Munich were treated to

hands-on expert information on secure,

online-based services in vehicles, hash

functions, elliptical curves and virtuali-

sation. Taking as their theme ‘Security

2012: New approaches to security for

the onboard network’, representatives

from the automotive and supply indus-

tries got together with experts from

secunet to examine and discuss the

security aspects relevant to onboard

The Sure Road to Success: ‘IT Security on Board’

networked vehicles. In an informal

atmosphere, answers were found to

questions of a more general nature as

well as solutions to specific problems.

During the break, new contacts were

made and lively discussions were had,

which then continued in greater depth

over lunch. This was the fourth time that

the ‘IT Security on Board’ workshop had

been held. “We are proud of this event

which gives us the opportunity to ex-

press our appreciation to our clients and

to offer them added value in terms of

professional benefits and social interac-

tion,” says a delighted Harry Knechtel,

Area Manager Automotive at secunet.

The next workshop will take place on

Friday, 6th May 2011, and is aimed at

department heads and managers in

the automotive sector who deal with IT

security in vehicles. If you feel this work-

shop would be of interest to you, please

send an e-mail to automotive.security@

secunet.com. ▀

Bernd Kowalski (BSI) presents secunet CEO Dr. Rainer Baumgart

with a certificate for the secunet wall packet filter.

1 | 2011 « 23

Hot Topics at OMNICARD 2011

Identification was once again

the major focus of attention at

OMNICARD in Berlin (18th – 20th

January 2011). The Smart Card

community was meeting for the eighteenth year in success-

ion. Taking as its theme ‘The world of smart ID solutions’,

this high-powered conference examined sophisticated

system solutions that are no longer restricted to card

format. In addition to the usual recurring topics, this year’s

conference also addressed important new developments in the

field of security, electronic identification and data protection.

Experts from secunet took part in three forums dealing with

the latest topics. “OMNICARD is a top-quality event attracting

a highly select audience with whom we are very happy to

share our expertise and knowledge,” says Thomas Koelzer,

member of the secunet Management Board. ▀

In December 2010, high-level represen-

tatives from the worlds of politics, indus-

try and science met for the fifth National

IT Summit held at the International Con-

gress Center (ICD) in Dresden. This was

the first occasion on which secunet was

also invited to contribute its extensive

experience and knowledge, taking the

lead in Working Group 4 (‘Privacy, data

protection and security on the internet’)

on the key issues of ‘Secure identities

An Honour that Calls for a High Level of Commitment

on the internet’ and ‘Cloud computing’.

“It was a great honour, because there is

no application process for participation

in the working groups at the IT Summit,”

says Michael Böffel, Executive Assistant

at secunet. “There are plenty of inter-

ested parties queuing up for the privi-

lege, but the ‘Sherpas’ are selected

by the relevant Federal Ministry, and

there is no way you can influence their

choice.” Accreditation as a ‘Sherpa’

requires a high degree of commitment:

secunet has already made a start on the

preparatory work for the 2011 IT Summit

in Munich. And by mid-2011, a propo-

sal for guidelines has to be developed

to support the application service pro-

viders of the new ID card. In addition,

secunet is also still active on another

sub-committee of Working Group 4.

There will be more than enough to keep

everyone busy in 2011! ▀

Events

authega Well Received at ‘Moderner Staat’On 27th and 28th October 2010, de-

cision makers from the public sec-

tor gathered for the ‘Moderner Staat’

(Modern State) trade fair and conference

in Berlin. Over 200 speakers outlined

current developments and trends, quot-

ing from their own practical experience

and making concrete recommendations

for future courses of action. secunet

appeared on the same platform as mgm

Technology Partners to present authega.

State Secretary of Finance Franz Josef

Pschierer finds out about authega and

tests the prototypes at the secunet booth.

This jointly developed authentication

solution has been adopted by the Free

State of Bavaria to enable its employees

and officials to transmit information and

data via a secure staff portal. State Sec-

retary of Finance Franz Josef Pschierer,

who is also in charge of IT matters for

the Bavarian government, tested out the

latest prototypes for himself during a

visit to the secunet/mgm trade booth. ▀

ʽ More information:

Kurt Maier

kurt.maier@secunet.com

Nationaler IT Gipfel

Dresden 2010

IT security partner of the Federal Republic of Germany www.secunet-wall.com

You can trust in luck... Or in your secunet wall.

Optimum performance at an affordable price: secunet wall 2 combines complete network, web and mail security in a single all-inclusive appliance. You will be impressed by its advanced technical functions, such as simplified management, generous provision for scaling, automatic updates and reports plus compre-hensive service options. For perfect all-round protection of your data.

Offering the full protection of Unified Threat Management with CC EAL 4+ certification in 2011.

We look forward to seeing you at CeBIT 2011. Visit us at booth C46 in hall 11.

secunet-secuview-0211engl.indd 1 28.01.2011 9:23:20 Uhr