The Alliance for Cyber Security - NETWORKS PROTECTING NETWORKS Leaping into the Future with Quantum Technology - secunet

Page created by Kimberly Casey

Uncategorized

English

Like
Share
Embed
Fullscreen
Slides
Download HTML
Download PDF
Abuse

←

→

Page content transcription

If your browser does not render page correctly, please read the page content below

The Alliance for Cyber Security - NETWORKS PROTECTING NETWORKS Leaping into the Future with Quantum Technology - secunet

The secunet Customer Magazine               1 | 2018

NETWORKS PROTECTING NETWORKS
The Alliance for Cyber Security

Leaping into the Future with Quantum Technology          DAX 30 and IT Security
Fundamental Research Made in Germany                    On Investments, CERTs and Backdoors

Content

    National
     4	
       Networks Protecting Networks:
       The Alliance for Cyber Security
                                                                                                                                    30
     6        Hamburg: New Solution for Asylum Seekers’
              Biometric Proof of Arrival
                                                                                                                            Focus Topic:
                                                                                                                  IT Security in Industry
    International
     8	Security of Official Documents:
        Document Verification Systems on the Test Bench
    10        Travel Stamps Now Obsolete                                 Technologies & Solutions
    12        Estonia: New Core Component for Efficient Visa             25   Continental: Brakes with a Protective Shield
              Applications and Border Control
                                                                         28   Mobile Identities
    13        Multinational Operations Require Adaptive
                                                                         30   IT Security in Industry
              IT Infrastructures
                                                                              Industrial Network Security:
                                                                              Where Conventional IT Security Has No Chance
    Science                                                                   Tool-based IT Security Analysis in Industry:
                                                                              ‘If You Only Knew What You Do Not Know!’
    14	
       Fundamental Research Made in Germany:
       Leaping into the Future with Quantum Technology                        Security Awareness in Industry: Process IT:
                                                                              Promoting an Understanding of the Digital Revolution
    20        Interview Professor Gabi Dreo Rodosek:
              Cyber Security Can Be Learned                              36   Available Now: a High-Powered SINA Solution for Layer 2

    22        DAX 30 and IT Security:                                    36   Flexible Access to Broadband Ethernet Encryption
              On Investments, CERTs and Backdoors                        38   Passwords in Applications:
                                                                              When keys are left under the doormat

                                                                         News in Brief
                                                                         39   Wanted: Mobile Identity Checks Presented at the
                                                                              European Police Congress
                                                                         40   secunet Paderborn: IT Security in a Historic Mill
    F undamental Research Made in Germany:
     Leaping into the Future with Quantum Technology                     41   Staying on the Safe Side: SINA User Days 2018
                                                                         42   ENISA FORTH NIS Summer School 2018
                                                                         42   secunet Launches its New Website
         14

                                                                         Service
                                                                         43   Dates – June to December
                                                                         43   Imprint

                                                                                                                                 Cover:
                                                                                                           Arne Schönbohm, President
                                                                                                          of the German Federal Office
                                                                                                          for Information Security (BSI)

2        SECUVIEW – 1  | 2018

Editorial

Dear Reader,
We are living in a time of radical change – not only in technology, but also in politics and
society. IT security is playing a crucial role in many of these developments – for instance
when it comes to potential election tampering or cyber threats by national governments.
In this issue of secuview, Professor Gabi Dreo Rodosek, the head of the CODE research
centre at the University of the Armed Forces in Munich, explains how much her research
interests have evolved in three short years. Our sector is particularly affected by the current
acceleration. Not only are new technologies constantly being developed on which IT
security can and must be based, but also the number and intensity of attacks is increasing
year on year. How can our society overcome these challenges?

First, we should step up cooperation between business, politics and associations. In this
issue of secuview, Arne Schönbohm, the President of the German
Federal Office for Information Security (BSI), explains the objectives
and measures of the Alliance for Cyber Security, which was
founded by the BSI in 2012. This platform for sharing information
and experience already has 2,700 members. It also boasts 100
partners, including secunet, and 50 multipliers. This is an important
step in the right direction.

Second, it is important for the business community to be made
fully aware of its responsibilities. The DAX companies have already
recognised the signs of the times and are investing heavily in IT
security. This was revealed in a study conducted at the Westphalian
University of Applied Sciences in Gelsenkirchen, the results of
which we present in this issue of secuview. Despite this, a large
number of SMEs having some catching up to do. A rethink is
currently taking place in critical infrastructures, but the process
is far from over. We discuss what industry can do to enhance the
security of its process IT as one of this issue’s main topics.

Third, we need to strengthen fundamental research, because a
turning point is on the horizon: the development of the quantum
computer. It will probably take many more years before these new
types of computer are powerful enough to make conventional
cryptographic processes obsolete – but that day will come and the
IT security industry needs to use this time to prepare. In the last
issue of secuview, we took a brief look at current efforts to develop
post-quantum cryptography. In this issue, we approach the topic of quantum technology
from an academic perspective by visiting two of the most influential researchers in this
field in their laboratories. Professor Christof Wunderlich and Professor Dieter Meschede
are conducting top-level research in the heart of Germany that is remarkable in every
respect – from a scientific point of view as well as a practical one. Certainly more disruptive
technological innovations can be expected from science and research in the near future.

As always, rapid change entails risks, but also a great many opportunities. I am therefore
confident that we can look forward to a positive few years. In the meantime, I wish you a
wonderful summer 2018. Happy reading!

Dr Rainer Baumgart

National

                                          NETWORKS PROTECTING NETWORKS

                           The Alliance for Cyber Security
                       by Arne Schönbohm,       High-powered and secure communications            More cyber security for the
                   President of the German      systems are the central nervous system of         economy
               Federal Office for Information   our 21st-century society. They provide the        With the Alliance for Cyber Security
                               Security (BSI)   basis for mobility, the exchange of data and      (ACS), founded in 2012 (www.allianz-
                                                the transfer of capital, goods and services,      fuer-cybersicherheit.de), the BSI aims to
                                                and are a requirement for Industry 4.0, the       strengthen Germany’s resistance to cyber
                                                energy revolution and the operation of critical   attacks in cooperation with economic and
                                                infrastructures. At the same time, the threats    scientific partners. The Alliance for Cyber
                                                to these systems are increasing. Undiscov-        Security is a model of success, currently
                                                ered security loopholes or the approximately      boasting around 2,700 participants, 100
                                                280,000 new malware programs developed            partners and 50 multipliers.
                                                every day offer cyber attackers considerable         Membership of the Alliance for Cyber Se-
                                                opportunities to spy information, sabotage        curity is open to any company or institution
                                                business and administrative processes, or         with its headquarters or a branch office in
                                                make criminal gains at the expense of third       Germany. Members benefit from the expertise
                                                parties. This development is favoured by the      of the BSI and the ACS partners, the trusted
                                                ever-increasing networking of systems and         exchange of knowledge and experience with
                                                devices. In addition, attackers are increas-      other companies and institutions on topics
                                                ingly professional – and use sophisticated        like attack vectors, appropriate safeguards,
                                                attack methods that are often difficult to        information security management or incident
                                                detect and cannot be defended against with        handling, and partner services for expanding
                                                traditional safeguards like virus scanners and    cyber security competence within member
                                                firewalls. According to the cyber security sur-   companies.
                                                vey conducted by the German Federal Office           Companies that already have in-depth
                                                for Information Security (BSI) in 2017 as part    expertise in the field of cyber security have
                                                of the Alliance for Cyber Security, almost 70%    the opportunity to become partners of the
                                                of companies and other institutions in Ger-       Alliance for Cyber Security. As partners,
                                                many have been victims of cyber attacks in        they contribute their IT security expertise
                                                the past two years. In about half of the cases,   to the network and receive direct feedback
                                                the attackers were successful, with one in        from the user’s perspective. The Alliance for
                                                two of these attacks leading to production or     Cyber Security partner concept is tried and
                                                operational downtime.                             tested. In addition to training courses, work-
                                                   Digitalisation can only succeed if cyber       shops and expert articles, partner services
                                                security is considered holistically from the      now include tools, initial consultations and
                                                outset, because trust in new technologies         penetration tests. What all these services
                                                only arises through the necessary degree          have in common is that they are free and ex-
                                                of information security. If we want to make       clusively available to ACS members. Content
                                                digitalisation future-proof and increase Ger-     ranges from basic information that can be
                                                many’s resistance to cyber threats, we must       used in any institution, such as how to raise
                                                tackle the associated challenges together         awareness of information security among
                                                with all actors in government, business and       employees and management, to specialised
                                                society. The German government’s cyber            topics such as SAP, cloud or ICS security.
                                                security strategy therefore also sets the
                                                goal of creating a nationwide cyber security
                                                infrastructure that is both powerful and sus-
                                                tainable.

4   SECUVIEW – 1  | 2018

National

                                                                                                       Arne Schönbohm

                                                                                                    became President of the German Fed-
                                                                                                    eral Office for Information Security (BSI)
                                                                                                    in February 2016. Schönbohm studied
                                                                                                    international management in Dortmund,
                                                                                                    London and Taipei. Schönbohm held
                                                                                                    various positions at EADS before joining
                                                                                                    the Board of cyber security consulting
                                                                                                    firm BSS BuCET Shared Services AG
                                                                                                    in 2008.

 Pooling information and                          this purpose operate under the motto ‘learn-
experience                                       ing together’. Among other things, they are
Up-to-date information on the threat situation,   aimed at practitioners, developers and users
the exchange of knowledge and experience          and offer a protected, confidential framework
and the continuous expansion of IT security       for professional, thematically linked or target
competence are indispensable for success-         group-specific exchanges. The groups are
fully dealing with cyber risks. As part of the    supported by BSI experts.
ACS, the BSI provides a large number of rec-         Today, technological progress and
ommendations and good practices, regular          economic and social prosperity are hardly
situation reports and event-related alerts that   conceivable without digitalisation. Digital-
offer invaluable support in preventing and        isation offers commercial and economic
responding to cyber attacks. ACS members          advantages, but also means that we are
thus have access to an extensive information      transferring a growing volume of sensitive
pool that proffers suitable answers to the        data and processes to networked IT systems.
many challenges in the business of informa-       Securing these data and processes is now
tion security.                                    a necessary prerequisite for commercial
   In addition to information, openly shared      success. With the Alliance for Cyber Security,
experience is another important building          the BSI offers a strong network to help com-
block of the Alliance for Cyber Security. Under   panies to master these challenges together.
the umbrella of the Alliance for Cyber Secu-
rity, the so-called ‘ERFA groups’ designed for

                                                                                                                                                 5

National

                                                  HAMBURG

                           New Solution for Asylum Seekers’
                              Biometric Proof of Arrival
                                   The so-called ‘proof of arrival’ is issued to      various application scenarios. For example,
                                   asylum seekers as confirmation of their reg-       a variety of process steps and components
                                   istration in Germany and allows the various        are required for the collection of biometric
                                   public authorities to access the individual’s      features. For the recording of fingerprints as
                                   most important data. As for the asylum seek-       part of data collection and identity checks,
                                   ers themselves, the proof of arrival allows        there is also a requirement for comparison
                                   them to receive benefits such as health care.      with national and European fingerprint
                                   For asylum seekers aged 14 and over, bio          databases (e. g. Eurodac). A prerequisite for
                                   metric data such as their facial characteristics   this is a corresponding connection to these
                                   and fingerprints are collected before the proof    complex background systems.
                                   of arrival is issued.                                  For the management of different process
                                      The technical implementation of this pro-       steps and components as applicable under
                                   cess is exceedingly complicated for public         BSI TR-03121, Hamburg’s immigration
                                   authorities. There are special requirements        authority (Ausländerbehörde) uses secu-
                                                                                      net biomiddle. The platform functions as
                                                                                      middleware between the client application
                                                                                      (in this case the application for the proof of
                                                                                      arrival from the immigration authority) and
                                                                                      the components needed for the collection of
                  There are special requirements for                                  biographical and biometric features. secunet
                                                                                      biomiddle’s core functions – based on the
                   the use of biometrics in the public                                requirements of the technical guideline –
                      sector that are laid down in the                                include the optical and electronic verification
                                                                                       of biometric data held in identity documents,
                  BSI’s technical guideline TR-03121.                                  classic biometric functions for recording
                                                                                       features, quality assessment, verification and
                                                                                       identification, and the connection of back-
                                                                                       ground systems like fingerprint databases.
                                                                                       secunet biomiddle flexibly integrates and
                                                                                       manages the processes, software and hard-
                                   for the use of biometrics in the public sector      ware components via standard interfaces.
                                   that are laid down in technical guideline           The Hamburg immigration authority can thus
                                   TR-03121 of the German Federal Office for           flexibly and efficiently shape its processes
                                   Information Security (BSI). The requirements        relating to the biometric proof of arrival.
                                   for the biometric proof of arrival under BSI
                                   TR-03121-3 Vol. 4 particularly relate to pro-               Andreas Oelrichs
                                                                                               andreas.oelrichs@secunet.com
                                   cess steps and function modules, e. g. the
                                   necessary hardware and software, based on

6   SECUVIEW – 1  | 2018

National

      DIGITAL
      HR. MADE IN
          GERMANY
              100%
    YOUR PERSONNEL DATA IS IMPORTANT WHICH IS WHY SECUNET, LAND BERLIN,

   ZURICH AIRPORT AND MANY SIGNIFICANT ORGANIZATIONS TRUST REXX SYSTEMS.

           MODERN DIGITAL HR, RECRUITMENT & TALENT MANAGEMENT.

                                                             www.rexx-systems.com

FOR MORE INFORMATION    BERND MICHAELIS-HAUSWALDT          LARS WOLKENHAUER
      PLEASE CONTACT:   Head of Public Sector              Sales Manager
                        rexx systems GmbH                  rexx systems GmbH
                        bernd.michaelis@rexx-systems.com   lars.wolkenhauer@rexx-systems.com
                        +49 40 890080-301                  +49 40 890080-308

                                                                                               7

International

                                             SECURITY OF IDENTITY DOCUMENTS

                           Document Authentication Systems
                                 on the Test Bench

        Automated document authentication systems – which are
    used in border control, for instance – are checked to ensure a
     high level of quality. What is Official identity documents are protected                          at Frankfurt Airport. The images of frequently
    most important during these twice; optical security features – such as                             occurring documents were extracted and op-
       tests and how do experts shapes and patterns that are only visible                              tically re-evaluated by various authentication
                                    in daylight – are combined with electronic                         software tools, and the test results were then
                   perform them? security mechanisms to provide effective                             recorded with a high degree of detail.
                                                  document protection. Today, document                    The results show that the machine-read
                                                  inspection at the border is supported by au-         able zone (MRZ – the two-line character string
                                                  tomated document authentication systems,             in the lower part of the document) defined by
                                                  i. e. document readers equipped with inspec-         the ICAO is tested by the manufacturers as
                                                  tion software. The authentication of optical         expected. The MRZ is the key to the data
                                                  security features originally designed for visual     stored in the chip and contains the document
                                                  and tactile inspection by border guards is           type (see ‘P’ for passport in the example) and
                                                  therefore increasingly based on reader im-           the country of origin (see the ICAO code ‘D’
                                                  ages of the data page of a document in white         in the example). Together with other security
                                                  light, infrared light (IR light) and UV light (see   features, this information is essential for
                                                  sample photographs of the current German             determining the document series and thus
                                                  passport).                                           checking other series-specific security fea-
                                                      The question of which optical document           tures. The MRZ is extracted from the IR image
                                                  authentication system is best suited to a            because, unlike the image in white light, it is
                                                  specific application is not yet easy to answer.      not disturbed by background patterns.
                                                  On one hand, there is no standardised                   The scope of system authentication
                                                  methodology for measuring the comparative            strongly relates to the properties of the
                                                  performance of document authentication sys-          material (substrate), such as the check of
                                                  tems. On the other hand, the reliably verifiable     UV brightness in different areas, as well as
                                                  range of security features is highly dependent       to properties of printing technique that are
                                                  on the specific document and signs of aging,         identical on every document in a series, such
                                                  which makes evaluation even more difficult.          as the UV image of the Brandenburg Gate
                                                      For more than five years now, secunet has        on a German passport. The inspection of an
                                                  been evaluating the performance of optical           existing IR split (an element that can partly
                                                  document authentication systems as part              be seen on an IR image and partly not) is not
                                                  of research projects in cooperation with             carried out systematically. With the exception
                                                  the German Bundeskriminalamt (Federal                of the MRZ, document issuance features,
           The German passport in white light
             and UV light (source: the German     Criminal Police Office) – such as the AROMA          which differ from document to document
               Federal Criminal Police Office’s   (Advanced Research on Optical Machine Au-            like the photograph, are only occasionally
          Information System for Documents).      thentication) project at border control stations     checked for visibility, but are not compared in
                                                                                                       terms of content. The documents’ potential
                                                                                                       for machine readability and verifiability is
                                                                                                       therefore not yet exhausted.
                                                                                                          The detailed analysis of the tests in Pro-
                                                                                                       ject AROMA was made possible with the
                                                                                                       standardised logging format defined in BSI
                                                                                                       TR-03135 Version 2, which was extended
                                                                                                        prior to the evaluation in cooperation with the

8   SECUVIEW – 1  | 2018

International

   WHAT CONSTITUTES THE OPTICAL SECURITY OF AN OFFICIAL ID DOCUMENT?
   A secure identity document involves              depends on its molecular structure.             this includes personal information such
   more than just secret ink, elaborate             As a result, in addition to IR-absorbing        as a holographic portrait and the holo-
   printing machines and microprinting.             pigments, there are also IR-transparent         graphic reproduction of the MRZ (see
   Only the clever combination of security          substances. Only some of the elements           example 2). Standard document readers
   features enables the production of highly        (such as data page text and MRZ) are            like the ones used at the border lack the
   secure travel documents today. A small           visible on an IR image compared to a            appropriate imaging technology for this
   selection of common security features is         white light image.                              feature, meaning that reliable checking
   presented below.                                    A particular challenge is to find two        with authentication software tools is not
      The foundation of every travel docu-          different pigments that look the same           currently possible.
   ment is a base material (substrate) that         under white light, but whose visibility dif-       When selecting optical security fea-
   combines all of the document’s security          fers under IR light. This is exploited in the   tures, it is increasingly important to use
   features. Security paper made from               so-called IR split, in which an IR-visible      machine-readable features such as an IR
   cotton is increasingly being replaced            colour is positioned next to an IR-trans-       split in addition to sophisticated features
   by polycarbonate cards, which can                parent colour within a single security          like OVDs in order to automatically check
   withstand higher mechanical loads. The           feature. An IR split is ideal for automated     the authenticity of official documents.
   UV darkness of these materials is crucial        checks, but is only used sporadically in        These must be developed in accordance
   with regard to optical document security.        document design. This feature is used in        with the capabilities of document authen-
   Conventional paper contains optical              the current German passport.                    tication systems. Recommendations for
   brighteners, as shown by a photocopy                Holograms, which fall into the category      suitable machine-readable security
   of the current German passpor t on               of optical variable devices (OVD), are          features are given in Part 1 of the ICAO
   conventional paper (see example 1). UV           much better known. In contrast to the           technical report entitled ‘Best Practice
   darkness is also needed to ensure that           security features discussed so far, OVDs        Guidelines for Optical Machine Authen-
   features printed with UV-luminescent ink         are not printed features, but elaborately       tication: Recommendations’, which was
   are strongly visible.                            created microstructures that look differ-       prepared jointly with the German Federal
      Whether and how a colour pigment              ent depending on how the angle of the           Criminal Police Office.
   is visible under a certain type of light         light changes. In the German passport,

 German Bundeskriminalamt and secunet. On                   Evelyn Spitzwieser
 the basis of this logging format, the German               evelyn.spitzwieser@secunet.com
 Bundeskriminalamt and secunet are now
 drawing up new best practice guidelines.
 The ‘recommendations for the evaluation of
 optical document authentication systems’
 will soon provide guidelines for the system-
 atic comparison of the different inspection
 systems – from test planning to evaluation.
 Public authorities can benefit from this in pub-
 lic tenders for the selection of new systems,
 for instance. Also, operational forces such as
 border police forces can benefit by optimising
 their existing systems.                                                                                 Example 1: UV image of a
    In addition to the first part of these guide-                                                        photocopy, over-exposed
 lines, which has already been published as                                                              with UV brighteners.
 an ICAO technical report under the title ‘Best
 Practice Guidelines for Optical Machine                                                                 Example 2: Holograms
Authentication: Recommendations’ – com-                                                                 from the current German
 plete with recommendations for automated                                                                passport, taken in directed
 optical inspections – the second part will be                                                           light (source: the German
                                                                                                         Federal Criminal Police
 prepared within the New Technology Working
                                                                                                         Office’s Information System
 Group (NTWG) and subsequently also pub-                                                                 for Documents)
 lished as an ICAO technical report.

                                                                                                                                                  9

International

                                                                                                                        ICELAND

       Travel Stamps Soon Obsolete                                                                                eGates with highly secure
                                                                                                                  access for cost and
                                                                                                                 resource-saving remote
                                                                                                                  maintenance

            As part of the Smart Borders package presented by the
        European Commission, the entry / exit system is designed to
        make the Schengen area’s Last year, the EU Parliament decided to                          However, this higher security comes at
      external borders significantly introduce the common biometric entry / exit               a price; the new handling process for pas-
        more secure from 2020 on- system (EES) for the registration of all travel-             sengers from third countries is becoming
                                     lers from third countries.                                considerably more complex and time-con-
     wards. How are the Schengen        As of 2020, third-country nationals must be            suming, in part due to the collection of
       countries preparing for this? registered at land, sea and air borders with              (biometric) data at stationary border control
         And what does this mean four fingerprints and a facial image when they                desks. If the surrounding infrastructure is not
                                     enter the Schengen area. The biometric data               updated, this will inevitably lead to longer
      for passengers, airports and will be stored in the EES together with infor-              waiting times for every traveller and, in the
               security authorities? mation on the individual’s identity and other             worst case, jeopardise travellers’ chances of
                                            information from their travel document. Each       making their connecting flights. Airports are
                                            data record is comparable to an electronic         likely to reach their capacity limits due to the
                                            stamp and thus replaces the previous manual        longer waiting times, especially as passenger
                                            stamp procedure.                                   numbers continue to rise – and passenger
                                               This data is usually stored for three years;    dissatisfaction would further increase the
                                            if a traveller from a third country (a so-called   pressure on security organisations, airports
                                            ‘third-country national’) extends their visit      and airlines.
                                            without permission, their data could be
                                            stored for up to five years. The introduction      Shorter inspection times thanks
                                            of the EES will make it much easier to check       to a sustainable border control
                                            whether the permitted duration of a short          strategy
                                            stay – a maximum of 90 days over a period          But it does not have to be this way. Each
                                            of 180 days – is being respected, as the           Schengen country is responsible for organis-
                                            database calculates the permitted length           ing and managing its national border control
                                            of stay and automatically warns the national       infrastructure at sea, land and air borders, as
                                            security authorities if the individual concerned   well as their connection to the EES. A well-
                                            has not left by the deadline. EES will be in-      designed border control strategy is therefore
                                            teroperable with the existing Visa Information     essential for the 26 states today. With an
                                            System (VIS).                                      infrastructure optimally adapted to EES pro-
                                                                                               cesses and applications – also at stationary
                                            Greater security through more                      border control desks – it is actually possible
                                            extensive checks                                   to significantly reduce the time required for
                                            The entry / exit system will improve the qual-     inspections, despite the need to collect bi-
                                            ity of border controls throughout Europe,          ometric data and carry out a more extensive
                                            making border crossings on entry and exit          inspection. This can be guaranteed through
                                            transparent and making the external borders        automation and by simplifying processes
                                            much more secure throughout the Schengen           at crucial points. Using self-service kiosk
                                            area. It will therefore be easier for European     systems, the time-consuming procedure of
                                            nations to:                                        data collection can be carried out earlier in
                                             ■■ reliably identify overstayers,                 the process, while EU citizens and (under
                                             ■■ prevent illegal entry,                         certain circumstances) passengers from third
                                             ■■ combat document and identity fraud, and        countries can quickly cross the border them-
                                             ■■ protect themselves more effectively            selves at eGates. This will ensure that entry to
                                                against organised crime and terrorism.         Europe remains easy and convenient.

                                               In addition to migration offices and border              Michael Schwaiger
                                                                                                        michael.schwaiger@secunet.com
                                            guards, the member states’ general law
                                            enforcement authorities and Europol staff
                                            can also access the system under certain
                                            circumstances.

10     SECUVIEW – 1  | 2018

International

                                                                                                  EES WITH SECUNET
                                                                                                  secunet’s expertise and technologies
                                                                                                  are already used in many European
                                                                                                  countries – which are thus ideally
                                                                                                  equipped for EES. Thanks to the
                                                                                                  results of the German Smart Borders
                                                                                                  pilot project, the secunet team is
                                                                                                  familiar with the relevant EU regu-
                                                                                                  lation and knows the requirements
                                                                                                  for security authorities and airport
                                                                                                  operators. All secunet technologies
                                                            FINLAND                               offer maximum security, convenient
                                                                                                  and intuitive passenger processes,
                                                                                                  and are EES-ready.

                                                                                                             ABC gate
   NORWAY                            Kiosk systems for shorter                                               Every day, tens of thou-
                                     processing times at the                                                 sands of passengers in
                                     land border between
                                                                    ESTONIA
                                     Estonia and Russia                                          Europe pass through a secunet
                                                                                                  easygate – an automated border
                                                                                                  control (ABC) gate – and benefit from
                                                                         LATVIA
                                                                                                  fast, secure and convenient border
                                                                                                  crossings without assistance.
                                                                   Passport and migration
                                                                   information system for
                                                                   issuing and verifying elec-
                                                                    tronic identity documents                 Self-service kiosk
      Smart Borders pilot
                                                                    at border control                         At the secunet easykiosk,
     project: consulting,                                                                                    travellers from third coun-
      k iosk systems, adapta-
       tion of border control
                                                                                                  tries carry out some of the necessary
       systems to the EES in                                                                      (and often time-consuming) steps in
       regular operation
                                                                                                  the control process by themselves,
                                                                                                  e. g. by capturing their fingerprints
                                                                                                  and facial image before they go to
         GERMANY                                      Overall control infrastruc-                 the border control desk.
                                                      ture for automated and
                                                      electronic document
                                                      verification at Vaclav
                                  CZECH                                                                     Stationary border control
                                                     Havel Airport
                                 REPUBLIC
                                                                                                            secunet bocoa provides all
                                                                                                            the information for pass-
                                                                                                  port and identity checks at a glance,
                                                Successful roll-out in a
                                 AUSTRIA                                                          thus ensuring that the border control
                                                record three months: the
                                                latest eGates which facili-                       officer has all the important data
SWITZER-                                        tate a newly reduced
LAND                                           passenger throughput                              they need in the shortest possible
                                                time of about 12 seconds                          time – both for stationary and mobile
   Brand new, modular                                                                             checks.
   border control applica-
    tion for around 100
  stationary workstations
    at Zurich Airport                                                                                         Border control PKI
                                                                                                              As a background secu-
                                                                                                  rity framework, the secunet eID PKI
                                                                                                  Suite ensures that the authenticity
                                                                                                  of electronic identity documents like
                                                                                                  passports or ID cards can be verified
                                                                                                  comprehensively, efficiently, reliably
                                                                                                  and in a highly secure manner.

                                                                                                                                            11

International

                                                                         ESTONIA

                     New Core Component for Efficient Visa
                       Applications and Border Control
     In Estonia, the Ministry of Foreign Affairs and     Ministry of the Interior (SMIT), which provides   agents to deal with over 10 million interna-
     the country’s border control authority rely on      IT support for government applications in         tional travellers per year more efficiently using
     biometric middleware developed by secunet.          Estonia.                                          standardised and automated processes.
     The solution is used to manage optical and             In embassies, the middleware will be used         In both application scenarios, secunet
     electronic document checks and process              to process an average of more than 150,000        biomiddle coordinates optical and electronic
     biometric data for visa applications and bor-      visa applications per year. It manages the        document checks, as well as standard
     der control.                                        components used to capture the biographical       biom etric functions for data acquisition,
        Initially, secunet biomiddle will be installed   and biometric data required in the application    quality assessment and verification. secunet
     for 500 workstations at checkpoints operated        process.                                          biomiddle allows the flexible integration of
     by the Police and Border Guard Board and at            At border control checkpoints, the core        processes as well as software and hardware
     embassies of the Ministry of Foreign Affairs.       functionalities of secunet biomiddle are used     components via standard interfaces.
     Procurement was the responsibility of the           to enhance stationary and mobile border
     IT and development centre of the Estonian           control. secunet biomiddle will allow border                Oliver Jahnke
                                                                                                                     oliver.jahnke@secunet.com

     At the Estonian border, the authorities handle more
     than 10 million international travellers per year.

12       SECUVIEW – 1  | 2018

International

Multinational Operations Require
Adaptive IT Infrastructures
In a networked, multipolar world, cooperation Evaluating a hazardous situation in mission
on certain military missions and collabora- cyberspace inevitably leads to changes in
tion with (security) authorities are becoming the performance characteristics of individual
increasingly important for modern armed components. Depending on the current
forces. This is all the more true in the context risk assessment, a coordinated integration,
of NATO, EU and UN missions. In the face of communication and security policy must be
increasing cyber threats, the question arises established for the IT security architecture.
of how to design a strategy for overarching The scope for action and the dynamics of
cooperation and information distribution cooperative processes are extended or
between the digital domains of multinational restricted in relation to the context.
mission partners. The controllability of the core components SINA Workflow, the first SINA based inte-
of an IT security architecture allows for con- grated network for classified audit trails up
Dynamic missions with flexible tinuous recording and display of the security to SECRET level, is currently under further
IT security architectures status of an ongoing mission. A prerequisite development for military contexts. In civilian
Adaptive IT security architectures are re- for this is the guaranteed semantic evalua- environments, authorities can use SINA
quired to continuously adapt the rules for tion of status information from a knowledge Workflow to implement cooperative work
confidentially sharing information to changing database. processes with electronic classified infor-
operating conditions. This does not merely mation (CI) without media discontinuity. At
concern the technical standardisation and SINA Workflow as a regulating military level, SINA Workflow, in combination
harmonisation of complex network infra- mission cyberspace with the integrated SINA components, de-
structures, IT systems and services. Instead, A modern IT security structure not only termines the rules for a classified exchange
the focus is on a multi-layered, interlinked provides interfaces for functional interop- of information. The system defines digital
concept and the qualitative reorganisation erability, but also controls specifications for operational courses of action and conditions
and expansion of existing digital structures the security policy and the trustworthiness for access to information. SINA Workflow is
for the transfer of cooperative principles to of end device classes and actors. Further- capable of integrating actors depending on
the digital information space. Existing (social) more, they ensure compliance with rules for their competencies, limiting their scope of
concepts such as sovereignty, authority, the exchange of information. The ability to action and excluding them from a mission in
legal regulation, confidentiality, obligation apply interfaces in a regulatory manner al- line as needed. In addition, the alignment of
and governance require an adequate digital lows changes to be implemented for existing information distributions and integration with
transformation by extending existing IT archi- communication relationships. In an emer- external information domains are regulated on
tecture approaches. gency, certain actors can be excluded from the basis of an application-specific security
How does adaptivity manifest itself in the the mission group and their IT systems can policy.
mission context? The IT security architec- be decoupled from the security architecture.
tures of future application environments must Here, integrative approaches for mapping Jörg Kebbedies
joerg.kebbedies@secunet.com
be able to adapt flexibly to concrete risks and several security domains with similar informa-
specific application requirements. The basis tion protection requirements must be taken
for this is an ongoing risk assessment for the into account, as well as technical boundary
current deployment environment and the ac- conditions in relation to information trans-
tors involved with their powers, partnerships mission (e. g. latency and bandwidth). This is
and volumes of information, including their expressed in the adapted profiles of relevant
distribution principles and classifications. modules at the interfaces.

Science

     Using extensive experimantal
     setups like this one at the
     University of Bonn, German
     scientists are developing
     future technologies based on
     findings in quantum physics.

14      SECUVIEW – 1  | 2018

Science

FUNDAMENTAL RESEARCH MADE IN GERMANY

Leaping into the Future
with Quantum Technology
Quantum technology is currently one of the hottest topics in sci-   aim of research into quantum communication is to develop new,
ence and technology. In particular, the development of quantum      highly secure encryption methods. What many people do not
computers is the subject of much discussion, and if these inno-     know is that cutting-edge research on quantum technologies
vative computers one day become very powerful, cryptography         is taking place in the heart of Germany. secuview visited two
once more will have to reinvent itself from the ground up. With     of the most influential scientists in this field – Professor Dieter
quantum computers (among many other applications) threaten-         Meschede and Professor Christof Wunderlich – who are con-
ing cryptographic processes which are commonplace today, the        ducting fundamental research with very different objectives.

                                                                                                                                          15

Science

     At present, applied quantum physics is a          research into quantum computers. In order to       computers do not have to proceed step
     bit of a media spectacle. At least from an        peer into the future of computer technology,       by step, but can explore many possible
     academic perspective, enormous media              you do not have to gaze across the Atlantic.       approaches simultaneously. “What applies
     hype is surrounding the race between the             “The number of qubits is certainly one          to approaches also applies to solutions: if
     two US technology giants IBM and Google           of many indicators of a powerful quantum           there are several, the quantum computer
     to the next milestone in quantum computer         computer, but there are many more,” says           can find them all at the same time – and then
     research. First and foremost, it is about who     Wunderlich. “The horsepower of a car, for          it is a matter of sophisticated algorithms to
     will build the first quantum computer superior   example, says nothing about the vehicle’s          limit the computing operations in such a way
     to traditional computers when it comes to         handling and suitability for everyday use.         that exploitable results are obtained,” says
     completing certain tasks (which are, in fact,     Even its top speed does not depend solely          Wunderlich.
     limited to a narrow set of specialised tasks).    on the number of horsepower. The situation             With their parallel calculation capability,
     The existence of such a computer is regarded      is similar with quantum computers.”                quantum systems are generally suitable for
     as a breakthrough referred to as ‘quantum                                                            completing even very complex tasks. There
     supremacy’.                                       Calculating with qubits                            is just one problem: with each measurement,
        However, it is not very easy to prove when     In simple terms, qubits are information units      the parallel states collapse to one of the pos-
     this point has been reached – and even            analogous to traditional bits, but unlike bits,    sible values. Here, the correct algorithms help
     when it is reached, the biggest task still        they use quantum mechanical states to              to ‘calibrate’ the quantum computer to the
     lies ahead: the construction of a so-called       encode information. They make use of the           states that are critical for the respective task,
     universal quantum computer that is powerful       fact that in the quantum world, for instance       meaning that the values sought have a high
     enough not only to perform special tasks but      in the area of atomic and subatomic particles,     probability of appearing during measurement.
     also a wide range of computing operations.        there are also things called ‘superpositions’.
     One day, a computer like this will probably       This means that a qubit not only takes on           Quantum computers in the
     perform dramatically better than conventional     the values of one or zero, but can also exist      university laboratory
     computers in some areas – but probably not        in any combination of these two values. The        In Siegen, Wunderlich and his team have
     in all.                                           individual values are then attached to proba-      set up a fully functional quantum computer
        In their race for quantum supremacy, the       bilities (or, more precisely, probability ampli-   with a few qubits. This experimental setup
     two IT giants repeatedly focus on a number        tudes – where the square of these amplitudes       can be used to carry out simple computing
     that is intended to demonstrate the perfor-       yields probabilities).                             operations – which is sufficient to further
     mance of one of their systems: the number            If several qubits are connected, logical        explore quantum computers and illustrate
     of qubits. “This is an effective simplification   operations can be carried out just like with       their processes. At the centre of the com-
     for the public,” explains Professor Christof      traditional bits – but in a completely different   puter is an ion trap that captures individual
     Wunderlich, who is a professor of quantum         way, as the restriction of conventional com-       electrically charged atoms via radio fields. In
     optics at the University of Siegen. Wunder-       puters to ones and zeros and the constraint        this case, the quantum mechanical proper-
     lich’s team is involved in top international      of serial computing are eliminated. Quantum        ties of these ions serve as qubits. The ions
                                                                                                          (and thus the qubits) can be manipulated in a
                                                                                                          targeted manner to entangle them (more on
                                                                                                          the phenomenon of ‘entanglement’ below),
                                                                                                          after which it is possible to use them to carry
                                                                                                          out computing operations.
                                                                                                             In 2000, Professor Dieter Meschede, a
                                                                                                          researcher and lecturer at the University of
                                                                                                          Bonn’s Institute of Applied Physics, and his
                                                                                                          team constructed a novel trap for atoms. At
                                                                                                          that time, the research group succeeded in
                                                                                                          capturing and moving individual caesium
                                                                                                          atoms in a controlled manner – an important
                                                                                                          prerequisite for realising quantum computer
                                                                                                          processes. The physicists used laser beams
                                                                                                          as ‘optical tweezers’ to capture and manip-
                                                                                                          ulate the atoms.

                                                                                                          Capturing atoms with microwaves
                                                                                                          However, Professor Wunderlich and his team
                                                                                                          do not use laser beams in the ion trap in the
                                                                                                          Siegen quantum computer; they use micro-
                                                                                                          waves. “One advantage of microwaves is that
                                                                                                          the necessary precision for controlling qubits
     Dr Rainer Baumgart visits Professor Christof Wunderlich at the
     University of Siegen. Wunderlich holds the university’s chair for                                    is easier to achieve than with laser beams,
     Experimental Quantum Optics.                                                                         making it easier to achieve results useful for
                                                                                                          quantum computers,” explains Wunderlich.

16       SECUVIEW – 1  | 2018

Science

Professor Dieter Meschede
at the University of Bonn’s
Institute for Applied Physics

“The technology is also widely available. In What are quantum computers used for
principle, every smartphone contains the and when will they be available? According
components needed to manipulate ions.” to Wunderlich: “One area of application
Although laser beams are also used in the likely to have practical relevance in the near
Siegen quantum computer, their main job is future – probably in less than ten years – is
to read out the states of the ions, e. g. the the simulation of complex physical systems.
results of a computing operation. This could be of great importance for scien-
There are also other promising approaches tific research, but also for the pharmaceutical
besides creating qubits with stored (‘cap- industry, for instance.” Wunderlich finds it
tured’) atoms and ions, for instance the difficult to make any further predictions:
one pursued by Google and IBM. Instead “I believe that all scientific findings are avail-
of individual atoms, they are using super- able to construct large, powerful quantum
conductors to achieve quantum mechanical computers with stored ions. This means that
states, although these are macroscopic there are no more fundamental physical hur-
structures. “It remains to be seen which of dles to be expected. However, exactly when
these approaches will ultimately prove to be a very powerful, universal quantum computer
the most suitable,” said Meschede. “In any will come into being is another matter. With Partial view of an ion trap
chip the Siegen team is going
case, ion traps are the vanguard and com- such innovative technologies, it is almost im-
to test in the near future
pared to superconductors they provide very possible to predict the timescale over which
uniform qubits and are comparatively stable.” research and development, including in the
engineering sciences, will bear fruit.”
Quantum computers on a
grand scale Danger for RSA & Co.
Professor Wunderlich and his team have A network of millions of qubits is probably
also devoted themselves to the question of necessary to build a quantum computer
how experimental computers such as those capable of breaking common cryptographic
in the Siegen laboratory can be upscaled to methods like RSA. A great deal of R&D is
large, powerful quantum computers. For this still needed to achieve this goal in the future.
purpose, the research group has developed Nevertheless, the IT industry would be well
its own approach in which, in simplified advised to look for alternative encryption
terms, several ion traps are placed next to methods while new technology is appearing
each other so that the ions inside them can on the horizon, but not yet mature.
interact. A British research group is already The University of Bonn’s Professor
grappling with the task of building quantum Meschede, whose research on quantum
computers within the framework of a com- computers has indirectly contributed to
pany, using this blueprint. The fact that in- putting cryptography under pressure, is
vestors could be found for this demonstrates also working in the opposite direction with This image captured by the
the potential importance of the research in his latest research topic: secure commu- Siegen research group shows a
Siegen for the economy. nications. Under his leadership, the chain of single Y b+ ions.

Science

                                                                                                      Laboratory experiments at the universities of
                                                                                                      Siegen (left) and Bonn (centre) investigate how
                                                                                                      phenomena known from quantum physics could
                                                                                                      be used for technical applications.

     Bonn-based research group is developing                                                                Cryptography with quantum effects
     an extension for so-called ‘quantum key                 POST-QUANTUM                                   How can Alice and Bob be sure that the key
     distribution’ (QKD). The basic principle of this                                                       exchange was not read by Eve, who is launch-
     crypto method has been known for decades.
                                                            CRYPTOGRAPHY                                   ing an eavesdropping attack? The answer is
     It takes advantage of one of the most fas-             In the last issue of secuview, we               that Eve’s bugging would disrupt the quantum
     cinating, yet most bizarre quantum effects:            described how experts are already               system and, most notably, destroy the strong
     entanglement.                                          developing encryption methods that              quantum mechanical correlation between the
                                                            will remain secure in the coming era            particles even before Alice and Bob take their
     ‘Spooky action at a distance’                          of quantum computers. Even if it will           measurements, and this is something they
     This is the phenomenon that certain prop-              likely take many more years before              would notice. The QKD is therefore a bug-
     erties of two or more particles behave                 quantum computers threatening                   proof quantum mechanical cryptographic pro-
     as an overall system, even if the particles            standard cryptographic methods are              cess and even a powerful quantum computer
     concerned are far – sometimes many kilo-               a reality, these methods are already            could not pose a threat to it.
     metres – apart. The properties of the individ-         indirectly under threat. After all,                So far, so impressive ... but this method
     ual entangled particles in question are initially      encrypted communications could be               currently has one catch: it could only ever
     undefined, as is often the case in the quan-           stored today and decrypted many                 be used over short distances, because light
     tum world. However, upon measurement,                  years later with the help of quantum            signals in the fibre optic network weaken with
     their properties are ‘projected’ to one of two         computers.                                      increasing distance. For photons, this means
     or more possible values, i. e. they assume this           Yo u c a n d ow n l o a d s e c u v i ew     that after 100 kilometres only one in 100 pho-
     specific value. The crucial point is that this         2 / 2017, featuring our article on post-       tons arrives. “That’s why amplifiers are built
     projection to a certain value always happens           quantum cryptography, free of charge            into the network at intervals of around 100
     together (‘correlates’) for an entangled par-          at: www.secunet.com/en/secuview                 kilometres for traditional signals,” explains
     ticle pair, although our everyday experience                                                           Meschede. “However, this would not work
     suggests that there should be no connection                                                            in the case of quantum information, because
     between the two particles, for instance be-         Bob – with perfectly random but identical          traditional amplifiers, like any other manipula-
     cause they are separated by a large distance.       one-time keys with which they can encrypt          tion, would immediately disrupt the entangled
     In the early days of quantum physics, Albert        their communications. The one-time keys are        system and cause it to collapse.”
     Einstein doubted the reality of entanglement        generated as sequences of entangled photon
     and called it ‘spooky action at a distance’.        pairs, and Alice and Bob each receive corre-        Secure communication with
     However, in the following decades it was            lated ‘particle partners’ via fibre optic cable.   quantum repeaters
     proven that it did, in fact, exist.                 When they now take a measurement, Alice            This is where the new Q.Link.X research pro-
        In quantum computers, entanglement is            receives a completely random sequence of           ject comes in, which was established by the
     used to connect qubits in quantum registers.        zeros and ones: a random key. The trick is         German Federal Ministry of Education and
     In quantum communication, however, this             that Bob generates the same random key             Research and also involves the Bonn team of
     effect can be used to provide two communi-          due to entanglement. This gives them a             researchers. The project centres on so-called
     cating parties – traditionally called Alice and     perfectly random yet identical encryption key!     ‘quantum repeaters’ that can be connected

18       SECUVIEW – 1  | 2018

Science

                                                   This ion trap at the University of Siegen’s laboratory enables
                                                   scientists to capture and manipulate single atoms.

between Alice and Bob in the fibre optic
network. The repeaters can buffer quantum             FURTHER LITERATURE
information and then perform special op-
erations (‘bell measurements’) that link the          On the subject of microwave-based ion traps for use in quantum computers:
entanglement of the two sides in such a way           Lekitsch, B., S. Weidt, A. G. Fowler, K. Mølmer, S. J. Devitt, C. Wunderlich
that the end points of the entire route – Alice       and W. K. Hensinger (2017). ‘Blueprint for a microwave trapped ion quantum
and Bob – are entangled with each other. In           computer.’ Science Advances 3.
principle, the QKD process can be applied to          Piltz, C., T. Sriarunothai, S. S. Ivanov, S. Wölk and C. Wunderlich (2016). ‘Versatile
any desired distance.                                 microwave-driven trapped ion spin system for quantum information processing.’
   “It will take us a few more years to improve       Science Advances 2: e1600093.
the technology,” says Meschede, “but once
we have done so, a long-distance commu-               Professor Christof Wunderlich is currently working on an article that explains the
nication channel will be available that is tap-       research carried out by the Siegen team in a way that is somewhat more accessi-
proof for fundamental physical reasons. I am          ble to non-experts than the two publications mentioned above.
sure it will be well worth the effort.”               On the subject of quantum communication / quantum repeaters (in German):
                                                      Christoph Becher, Dieter Meschede, Peter Michler und Reinhard Werner (2016).
No knowledge without means                            ‘Sichere Kommunikation per Quantenrepeater.’ Physik in unserer Zeit 1 / 2016,
This is where something comes into play that          Wiley-VCH Verlag GmbH & Co. KGaA, Weinheim (https://doi.org/10.1002/
most researchers at public institutes have            piuz.201601418)
to deal with: in order to continue their work,
funding and third-party sponsors are required.
The scientists need cooperation partners
from the private sector, as well as advocates
who believe in the relevance of their research
and will testify this to public donors. “Quan-
tum technology requires staying power and
investment,” says Meschede, “however, it also
offers tremendous opportunities.” Where this
kind of research is concerned, this is likely to
apply equally to the scientific and business
communities.

                                                                                                                                               19

Science

                             Cyber Security Can Be Learned

          The CODE cyber defence research centre at the University
        of the Armed Forces in Munich brings together experts from
     various disciplines and facul- Professor Dreo Rodosek, you introduced                 Have you also established new priorities?
      ties, as well as experts from the CODE research centre in secuview                   Of course, we are at the cutting-edge of
     commercial and state institu- 1 / 2015. At the time, research was                     research and are intensively involved with
                                    focused on advanced persistent threats                 work on new disruptive technologies (e. g.
       tions. secuview spoke to its (APTs), the visualisation of the state of              software-defined everything, blockchain,
     Managing Director, Professor security, and the geolocation of attack-                 machine learning and artificial intelligence).
               Gabi Dreo Rodosek. ers. What has changed since then, both                   In particular, we see the development of Eu-
                                         in the threat landscape and at CODE?              ropean software-defined networking (SDN)
                                         Threats have since become even more so-           controllers as the basis of a trusted and
                                         phisticated and cyber attacks are growing in      secure European internet.
                                         quantity and quality. To counteract the asym-        In addition, we are currently grappling
                                         metry of attack, we need to minimise attack       with the subject of quantum technology. The
                                         vectors as far as possible. Approaches such       quantum computer creates a completely new
                                         as moving target defence, which continuously      dimension of technical capability. With the
                                         change the possible target, look promising        active use of quantum computers, the rules
                                         here. We are also working on approaches to        of cryptography as we know them today will
                                         threat intelligence, among other things.          have to be completely rewritten.
                                            We are currently in the process of filling
                                         eleven new professorships and have already        Can you say a few words about your
                                         welcomed Professor Stefan Brunthaler              cooperation with the German Bundes
                                         (Secure Software Development), Professor         wehr’s new Cyber and Information
                                         Alt (Usable Security and Privacy) and Profes-     Space (CIR) Command?
                                         sor Wacker (Data Protection and Compliance)       The CODE research centre undertakes
                                         as the first new professors at the Faculty of     research and development assignments for
                                         Computer Science at the University of the         the Cyber and Information Space Command
                                         Armed Forces in Munich. The recruitment           and the Federal Government. For CIR Com-
                                         process is going well and we are on sched-        mand, the cyber cluster at the University of
                                         ule. We are therefore optimistic that we will     the Armed Forces and its new international
                                         be able to fill the remaining professorships by   Cyber Security master’s programme is both
                                         the end of 2018 or mid-2019. The professors       a source of employees (military and civilian)
                                         are teaching the new Cyber Security master’s      and the nucleus of top research in the field of
                                         programme at the University of the Armed          cyber defence and smart data.
                                         Forces in Munich, which was launched on              It is the central point of contact for scientific
                                         1 January 2018 and will be expanded to            services, including knowledge management
                                         accommodate 121 students in the years             and the development of demonstrators and
                                         to come.                                          load capacity certificates for the Bundeswehr
                                            Until the new building for the CODE            and the Federal Government. Furthermore,
                                         research centre is completed, we will tem-        our end goal is the establishment of a cyber
                                         porarily move into an office building close to    campus for the German Bundeswehr, the
                                         the university, where we have rented around       Federal Government and industrial actors
                                         2,500 m2 of office and laboratory space.          through which regular training and further
                                                                                           education will be offered to the IT specialists
                                                                                           of the Bundeswehr, public authorities and
                                                                                           institutions.

20    SECUVIEW – 1  | 2018

Science

How important is it for you to work with            The availability of well-trained special-
business partners? What objectives do               ists is an important issue for industry.
you associate with this?                            What do you think needs to happen to
In order to develop our best creativity and         get even more young people interested
innovation potential, to support rapid imple-       in IT security?
mentation in products, and to close existing        IT is not witchcraft. It can be learned. It is
IT security loopholes, all actors – from R&D        important to introduce children to IT at pri-
to industry and the public sector – must            mary-school age, to help them to understand
work together effectively and efficiently. This     the processes behind it, and thus to learn to
process can be difficult, because each of           deal with the subject matter as a matter of
the actors involved has different KPIs and          course. Interest in IT can be aroused through
target values. For the scientific community,        fun, playfully, regardless of their existing level
the number of scientific publications in            of knowledge. Competitions based on for-
renowned journals, among other things, is           mats such as capture the flag , like the ones
a target value, while sales and profits are         successfully held each year at the CODE
decisive for the economic actors. In order to       research centre, help to cement this playful

                                                                                                            Professor Gabi Dreo Rodosek
               Dr Gabi Dreo Rodosek is Professor of Communication Systems and Network               Professor of Communication
               Security at the University of the Armed Forces in Munich. She is also the            Systems and Network Security
               Managing Director of the CODE cyber defence research centre, a member
               of the Advisory and Supervisory Boards of Giesecke & Devrient GmbH, a
               member of the Supervisory Board of BWI IT GmbH, a member of the Administrative Board of the German National
               Research and Education Network, and a member of BaFin’s expert IT committee. Professor Dreo studied computer
               science at the University of Maribor, Slovenia, and completed her PhD and post-doctoral studies summa cum laude at the
               Ludwig Maximilian University of Munich (LMU). She received LMU’s doctoral award in 1997 and was awarded the Bavarian
                                       Europa Medal by Minister of State Dr Merk in 2016. Her research interests include the cyber
        IN INTERVIEW                   security of networked IT systems, cyber defence, security analytics, network technologies such as
                                       software-defined networking, the IT security of the Internet of Things (IoT), and cloud computing.

bridge these differences, researchers must          approach and contribute to an expansion of           employees to whom we also have to adapt.
cooperate closely with industrial actors and        knowledge while cooperating and competing            For them, not only financial remuneration is
the authorities along the entire value chain in     with one another outside of the typical school       decisive, but also the tasks they are entrusted
order to implement innovative technical de-         and university context – and they are there-         with, opportunities for career development
velopments and concepts for the protection          fore very popular.                                   and training, a modern working environment
of data, software and systems.                         However, capture the flag events are not          and a good work-life balance.
   As the complexity of technologies and IT         just a great option for imparting knowledge at          At CODE, we strive to meet the challenges
systems and the requirements for potential          school, but also in further and higher educa-        of being a modern employer and aim to
security solutions themselves are constantly        tion, and as part of further training for public     remain an attractive employer in a highly
expanding, security must be intrinsically           authorities and industrial organisations. IT         competitive market. At the CODE research
present as an ‘invisible’ part of the digital       is constantly changing. In order to keep up          centre, professors and academic staff
world (security by design, privacy by design).      with its rapid development, it is necessary          can work flexibly and conduct research
For this reason, we are currently working hard      to interact again and again with the latest          on interesting projects in small groups in a
to intensify the cooperation with industrial        technologies and to train and expand one’s           disruptive environment, with state-of-the-art
actors and to manifest this in cooperation          own abilities. At the research centre, we are        research laboratories and first-class technical
agreements on various key topics.                   therefore working to establish our own cyber         infrastructures at their disposal. This is just
                                                    range for red and blue teaming , and also run        one reason that we were able to substantially
                                                    capture the flag events for professionals from       expand our staff at the CODE research cen-
                                                    the public and industrial sectors. We will be        tre and currently boast a third-party funding
                                                    expanding this offering in the coming years.         volume running to the tens of millions.
                                                       In addition to new technologies, we are
                                                    also working with a new generation of

1   Event where hacker teams compete to find virtual flags and solve other cyber challenges (editor’s note)
2   A simulation where one team plays the role of the cyber attackers and the other plays the role of the defenders (editor’s note)

                                                                                                                                                           21

You can also read