Building on our extensive wealth of experience, we actively help to advance processes already established in the German Armed Forces and drive their further development.
DEVELOPMENT OF IT / INFORMATION SECURITY CONCEPTS
For German Armed Forces CPM (Customer Product Management) projects with an IT component, the project element of information security / IT architecture / standardisation and data protection is of key importance for obtaining an authorisation for use (“Genehmigung zur Nutzung”).
The need for project-related information security concepts is derived from this armament process. These project-related information security concepts are reviewed under the guidance of the accreditation body DEUmilSAA (German Military Security Accreditation Authority). Our analysis and assessment aim to protect the confidentiality and high operational readiness of your systems. It is crucial to recognise risks in order to be able to control them.
In addition to the German Armed Forces, customers for these services also include well-known defence equipment manufacturers. As well as tailor-made information security concepts for the German Armed Forces, we also provide similar services at international level for the military of other nations, in accordance with their methodologies.
We guide you to more security:
- Dealing with strict security requirements and standards
- Extensive experience in the defence technology sector
- Highly flexible with independent and product-neutral consulting
- Ensuring availability, integrity and non-repudiation
- Consideration of requirements, for example, from the BSI (German Federal Office for Information Security) IT baseline protection or NATO roadmap
- Certified staff, for example, according to ISO/IEC:27001 and BSI
- Based on customer-specific specifications, for example, IT baseline protection, NIST [National Institute of Standards and Technology] or EBIOS [a method for analysing the risks that information systems face]
ESG has been a partner for the public sector and the defence industry for over 20 years.
DEVELOPMENTAL CONSULTING
Many years of project experience are incorporated into the development processes through developmental consulting. Based on the phases of the CPM process, we provide targeted and results-oriented support from the analysis phase (part 1) onwards. This enables us to take relevant information security requirements (requirements engineering) into account for the projects at a very early stage. This makes it possible to carry out a requirements analysis, to jointly develop the system design and to strike a balance between operational requirements and information security concerns. In addition, potential risks for the project factors time, cost and effort are mitigated at an early stage.
We support you from the very beginning:
- Consideration of information security early on in the analysis and implementation phases
- Intensive consulting as a factor for success
- Early involvement of expert knowledge leads to cost reduction by eliminating costly re-designs
SECURITY BY DESIGN
The importance of secure architectures is increasing with the growing significance of information security. In addition to the requirements from the BSI IT baseline protection, there are additional requirements for military systems (e.g. for systems configuration and hardening specifications).
We develop security architectures tailored to military systems, provide support in selecting suitable products and help with the implementation. Special requirements from the respective operating environment are taken into account for this purpose. This leads to increased resilience and thereby enhanced assertiveness of the weapon system. The implementation of the information security measures can significantly influence the design, which is why it is best to consider this at the earliest possible opportunity. Insights on this can be gathered and initial designs can be created as part of the analysis phase (CPM). As a systems provider, ESG offers these services in all dimensions of the German Armed Forces, with the interdisciplinary involvement of our technical experts.
Development of resilient systems:
- Security as an integral part of your system
- Development of application-specific security architectures
- Highly flexible with independent and product-neutral consulting
INFORMATION SECURITY MONITORING
Maintaining and continuously improving information security is critical to resilience, especially during the in-service phase. For continuous monitoring of your system’s status, we offer the following services, including:
- Reviewing the need to update information security concepts
- Consulting on (re)accreditation requirements
- Test requirements for radiation-proof equipment
- Monitoring the validity of registration certificates (BSI, NAMILCOM [NATO Military Committee]) for products with information security functionality
- Evaluating vulnerability reports (CSOCBw [German Armed Forces Cyber Security Operations Centre] Advisories) and preparing project-related risk analyses, as well as drafting mitigation recommendations
Continuous monitoring:
- Supporting the Information Security Officer in his/her administrative activitieS
- Creating information security situation reports
- Background research on Common Vulnerabilities and Exposures (CVE)