In March 2020, events came thick and fast. The Covid-19 epidemic, which had increasingly dominated the headlines since the start of the year, was declared a global pandemic by the World Health Organisation on 11 March. On 17 March, the Robert Koch Institute (RKI) upgraded its risk assessment for the German population from ‘low to moderate’ to ‘high’. Later, on 26 March, it upgraded its assessment again to ‘very high’.

When it became clear that a serious crisis was just around the corner, the BMG had already begun setting up a situation centre where all relevant information is compiled and all necessary coordination sessions are organised. During the pandemic, it is also especially important for the BMG to stay in constant contact with other countries. For such purposes, it is vital that authority staff can rely on secure, user-friendly communications tools.

In mid-March, the BMG contacted secunet to implement a new web conferencing solution. Despite the time pressure, it was self-evident that the solution would also need to satisfy the highest possible security requirements. The Netze des Bundes (NdB) network infrastructure used by the federal authorities in Germany sets clear security standards, for example.

Balancing security and useability

In addition to the connection to the NdB, the solution needed to be linked to a variety of other existing networks, applications and technologies, ensuring that it can be used as widely as possible. This includes video conferencing systems already utilised by the BMG, SIP video conferencing solutions, and browser-based video calling via WebRTC. Last but not least, in addition to all these Voice-over-IP (VoIP)-based applications, a connection would be needed to the traditional public landline network. It was important to the BMG that virtual conference rooms could be easily booked for the new solution. Room numbers and PINs were to be assigned dynamically for each individual conference in order to achieve a suitable balance between security and user-friendliness.

The project started with a kick-off meeting on 23 March, a few days after the first contact on this subject. In addition to the BMG and other project partners, the project team included secunet, FRAFOS, a provider specialising in VoIP solutions and security, and VoIP-GO, a company that provides technical support for VoIP solutions. Both are long-standing partners of secunet.

A variety of technologies under one roof

In addition to the restrictions imposed by the coronavirus pandemic, there were technical challenges to overcome. The project team had to integrate a variety of components, some of which came from different manufacturers. Networks, firewalls, existing video conferencing technology, a booking system, a virtualisation server, management networks and more besides all had to work together seamlessly in the final solution. It was therefore advantageous that a key component was already available as a standard product: the secunet Session Border Controller (SBC). Among other things, this is used to securely connect different VoIP networks and to protect them from external attacks by means of an integrated firewall.

Development and installation progressed rapidly, and on 30 March – just one week after the project started – the BMG was already able to use the new solution for its first secure video conferences. The project team then reached further milestones in quick succession; on 2 April, browser-based video calls were made available via WebRTC, and on 6 April – just two weeks into the project – the BMG crisis centre used the solution for the first time.

A sprint a day

This speed was made possible thanks to agile project management. Development was incremental, meaning it took place in clearly defined stages. The individual development cycles – so-called ‘sprints’ – were deliberately made as short as possible and, in most cases, there was a sprint a day. The project team kept up to date on the status of the project across organisations using daily status calls. In addition, not only did the BMG’s cooperation with secunet and its partners ran smoothly in the spirit of partnership, but other BMG service providers were also well-integrated – an important prerequisite for a successful project.

As a result, the solution meets all the requirements of the BMG, makes no compromises in terms of security, and is very easy to use. A specially developed mechanism provides protection against brute force or denial-of-service attacks, for instance, without requiring any additional measures that would have been included at the expense of useability. Last but not least, the 24/7 support provided by secunet’s partner VoIP-GO also contributes to high user acceptance.

The solution thus enables simple, secure communication, helping the BMG and its department to remain capable of taking action during the coronavirus crisis. Additional steps have been implemented since the project began. In particular, the web conferencing solution has been expanded, both in terms of performance and functionality, and is now available for use by the BMG’s departmental authorities.

The secunet Session Border Controller (SBC) provides an optimum connection between different VoIP networks and serves as a central access point for them. Furthermore, it boasts a firewall function that protects the internal network and defends against external attacks with fraud detection and prevention measures. The secunet SBC can be transparently implemented into any existing IT infrastructure. It operates in an isolated container on the firewall platform secunet wall. This architecture enables the complete protection and filtering of data flows at the network, transport, voice and application levels. The German Federal Office for Information Security (BSI) has verified the trustworthiness and high quality of the solution: Under the code BSI-DSZ-CC-1089, it is certified for the highest attack intensity CC EAL 4+.