Dr Sven Egyedy: Until 2020, there was no general, interdepartmentally available electronic solution in the federal administration for communicating classified information (CI) of the classification levels VS-VERTRAULICH (CONFIDENTIAL) and GEHEIM (SECRET). A concrete need for action in terms of CI communication was identified in 2016 during a NATO exercise, which revealed that many systems for communicating sensitive classified information were outdated, defective or only usable with limited functionality. In 2017, a cross-departmental CI communication working group was established with the participation of the Federal Ministry of the Interior, Building and Community (BMI), the Federal Ministry of Defence (BMVg), the Federal Chancellery (BKAmt), the Federal Office for Information Security (BSI) and the Federal Foreign Office (AA) – the so-called core departments of today’s federal measure R-VSK. The goal was to lastingly strengthen the CI communication network of the federal administration. As part of the IT consolidation of the federal government, the lead management of the federal measure R-VSK was transferred to the foreign IT of the Federal Foreign Office by resolution in 2019. Since then, the entire project team of the federal measure R-VSK has made an essential contribution to a future-proof security architecture for Germany and a modernstate. Within a few months, the area of secret communication in the form of telephone and video conferencing technology based on the latest crypto technology was established cross-departmentally in the federal administration.
As a countermeasure to the Corona crisis and the resulting economic damage, the economic stimulus package was passed by the federal government with a volume of ten billion euros. These were earmarked, among other things, for the modernisation and digitisation of administrations. Of this, approximately 52 million euros were secured for the financing of the project. This resulted in the condition that the implementation of the project be shortened from five to two years. This could only be achieved through a holistic reorientation of the project goals and a project management that was coordinated with this.
The solution includes cross-departmental communication via telephony and video communication. In 2021, a Minimum Viable Product (MVP) was developed by the Federal Foreign Office in cooperation with external suppliers and service providers andsuccessfully tested in several trials. The solution developed is currently undergoing clearance tests in accordance with the Classified Information Directive (VSA) by the BSI, which has been supervising the project since the beginning. In 2022, operations will begin with the telephony and video communication services and the scaling of the solution to the entire German federal authorities will be started. Another part of the solution envisages the establishment of an infrastructure for the data exchange of classified information. Communication can take place in encrypted form via the open Internet as well as via government networks. For the operation, a cloud infrastructure is being developed in data centres. Overall, a large heterogeneous team is part of the federal measure and includes cooperation between the AA, BMI, BKMVg, BMF and BSI authorities as well as private-sector manufacturers of crypto components and other external service providers. The foreign IT department of the Federal Foreign Office is responsible for the coordination and control of the federal measure.
During the project preparation phase of the federal measure R-VSK, the foreign IT department of the Federal Foreign Office conducted a market survey for CI IT communication devices. In this market survey, specific conditions were used to find out which potential providers and products are available for setting up a cross-departmental CI IT infrastructure. Taking into account the requirements of the VSA and the SÜG (Security Verification Act) and in the interest of digital sovereignty, the consideration was limited to providers whose company shares and development are predominantly located in Germany. In the course of the market investigation, secunet Security Networks AG emerged as one of two pioneering CI IT providers in order to comply with the dual-vendor strategy of the federal measure. secunet’s product portfolio includes products that have been specially developed for IT security solutions for electronic classified information processing or CI communication and thus meet the specific requirements of this communication purpose. An example of secunet’s product portfolio is the crypto architecture "Secure Inter-Network Architecture", or SINA for short, which was developed on behalf of the BSI. SINA enables the secure processing, storage, transmission and documentation of classified information. Differently classified data can be strictly separated. The architecture offers a comprehensive product range consisting of terminal devices, crypto gateways and Ethernet encryption technology as well as the system solution SINA Workflow (SWF). In addition, a security partnership with the Federal Republic of Germany has existed since 2004. In various projects, secunet has gained experience in public administration, for example at the Federal Ministry of the Interior, the Federal Office for Information Security, the Federal Foreign Office, the German Air Force and the German Military Representative to the NATO Military Committee.
Dr Sven Egyedy
Dr Sven Egyedy is Chief Information Officer (CIO) of the German Federal Foreign Office and Head of Foreign IT. In addition to positions at the Federal Ministry of Finance, the Federal Ministry of the Interior and the Federal Ministry of Defence and their divisions, he was Commercial Coordinator for the construction contracts for the ITER nuclear fusion reactor at the European Joint Undertaking Fusion for Energy F4E from 2011 to 2015. Dr Egyedy is Chairman of the Board of the non-profit association NExT (Network: Experts for the Digital Transformation of Administration) and holds a PhD in social sciences.
As already mentioned, interdepartmental cooperation in the area of CI communication has grown historically. Since the Federal Foreign Office has been in charge of the federal measure, interdepartmental cooperation has been further intensified. The CI products for telephony and video have been extensively tested in the core departmental group and we have established constructive working groups to pool experience already gained in dealing with CI IT products and to exploit the existing level of knowledge in the federal administration. Furthermore, setting up CI IT infrastructure is highly complex, which is why we rely on the specialised CI IT expertise of our industry partners in addition to departmental experience. Through the various CI IT products and services that can be found in the product portfolio of the federal measure R-VSK, we bundle the interdisciplinary expertise of our industry partners. Our vision is to serve as a lighthouse project for functioning interdepartmental cooperation involving strategic industry partners for further IT measures within the federal administration.
The market for CI products is specifically geared towards the target group of public administration. The application scenarios and framework conditions differ from those of the private sector, since high secret protection-relevant requirements have to be fulfilled and complex test processes have to be gone through – keyword VSA. Against the background of the particularly sensitive nature of classified information, the aspect of digital sovereignty in CI communication takes on additional weight. Products and services from external software and hardware providers are needed to set up a CI IT infrastructure for interdepartmental classified communication. The dimensions of sovereignty in handling data and technological sovereignty in the areas of software, hardware and architectures play an important role. Consequently, high demands must be placed not only on the products used themselves, but also on their providers. National security interests must also be safeguarded at all times when cooperating with external service providers and suppliers. In this context, independence from third countries outside the EU is of central importance and the focus was set on companies that are predominantly based in Germany.
As a service provider for the federal administration and leader of the federal measure, we obviously want to provide our customers with secure, durable and high-performance CI IT. That’s why we only provide our customers with state-of-the-art CI IT. The end devices for CI communication have an update capability in order to be able to react dynamically to changes. Our industry partners are available to us as reliable partners for further product development.
After the operational approval by the BSI, the users of the authorities at management level will first be provided with the solution in 2022 according to a defined rollout plan. After that, all federal authorities will gradually be connected to the solution. In parallel, we are building new data centres in cooperation with the ITZBund, and their geo-redundant model will guarantee the availability of the cloud. From 2024, the "diplo version" will also provide partners and allies in other countries with a solution for direct protected information. The final stage of expansion will take place in 2025 with the "corporate version" for the secret-protected economy. When scaling the solution, the ability to integrate with other platforms is very important. In order to avoid media discontinuities in terms of user-friendliness, automated interfaces to the internal departmental networks must be created to realise seamless CI communication.
THE NEXT GENERATION RED TELEPHONE
As part of the new CI communication of the federal administration, secunet is providing a highly secure communication solution for desktop operation. The solution revives the classic “red telephone” for protected communication. However, the modern version is a hardened all-in-one PC with handset and screen for voice and video communication. The device is approved up to the GEHEIM (SECRET) level and is based on the SINA Communicator H. Two-factor authentication takes place by means of a crypto stick connected via a USB interface.
Do you have any questions or comments about this article? Then contact us via the contact form on the right!
secuview is the online magazine of secunet, Germany's leading cybersecurity company. Here you will find news, trends, viewpoints and background information from the world of cybersecurity for public authorities and companies. Whether cloud, IIoT, home office, eGovernment or autonomous driving - there can be no digitisation without security.
In addition to the online magazine, secuview is published twice a year as a journal, which you can subscribe to free of charge in printed form or download as a PDF.
secuview is the online magazine of secunet, Germany's leading cybersecurity company. Whether cloud, IIoT, home office, eGovernment or autonomous driving - there can be no digitisation without security.