Professional Documents
Culture Documents
Crypto SmartProtect
The highest level of cyber defence
Focus
President and Illustrations/photo credits | Crypto AG: Cover, pp. 2, 14, 21, 22 |
Keystone: p. 18 | Prof. Dr. Bernhard M. Hmmerli: p. 7 |
Chief Executive Officer Shutterstock: pp. 3, 8, 9, 10, 13, 20
CryptoMagazine 1/17 | 3
Focus Focus
Cyber war
IT system
Digitisation
exploitation
Computer
network
Cyber crime
Botnet
Cyberattack
Social engineering
Defacement Denial-of-Service
Critical infrastructure
Distributed Denial-
Resilience
Phishing
Advanced persistent threats Cyber risk Ransomware
Cyberspace
of-Service
Typical attacks on the integrity and authenticity of data, Workplaces in the sights of attackers Rapid developments expected
two further aspects of information security, are known as de- There has been an upsurge in attacks on terminal equipment. Two developments are accelerating the spiralling attacks and
facements. The content of a website is changed and falsified Some are used as a springboard to penetrate further levels of Attacks from cyberspace countermeasures. One is the proliferation of electronic devices
in the process to mislead visitors to the defaced Internet pages. an IT system. It is therefore crucial that organisations and affect all aspects of information and their networking. The other is the growing complexity of
This tactic is also common in connection with attempts to
use phishing to access passwords. Attackers try to employ fake
government authorities maintain high standards of workplace
security. That is true regardless of location but to a special
security. the tasks that these devices can perform. Industry 4.0 entails
process-integrated cooperation across companies and organi-
websites, e-mail addresses or short messages to obtain a users extent particularly for employees active outside their usual sations and is creating whole new dimensions of networking.
personal data and thereby commit identity theft. The term is work environment, for instance, travelling or at home. It is Attacks primarily aimed at enrichment or economic harm are A look at this and similar trends clearly shows that not only a
derived from "password" and "fishing", and means "fishing precisely the employees who must be reachable at all times known as cyber crimes. Offences such as identity theft or wealth of possibilities is opening up but that new attack
for passwords". who need especially secure infrastructure. In this context, it is business espionage generally fall into this case group as well. surfaces are also being created.
important to keep in mind that the required safety processes
All aspects of information security affected must be kept as convenient as possible, so employees are But cyberspace is likewise a place where war is waged. It is In the development of effective protective mechanisms, it is
The availability of data is prevented, say, through launch of not tempted to disregard security standards for reasons of uncontested that warfare in the information age always also all the more important not only to create measures aimed at
denial-of-service (DoS) attacks that render individual services, practicality. involves digital components. In mid-2016, NATO officially protecting data during transmission but likewise to keep an eye
websites or entire networks unreachable for users. If a DoS declared cyberspace to be a war zone. That means attacks on the growing number of terminals. Not least, privately used
attack is undertaken by several systems at the same time, it Conversely, the use of private applications at work say, social conducted there can trigger consequences akin to attacks on devices must be taken into account in security considerations
is known as a distributed DoS or a DDoS attack (distributed media open entry points for attacks. Social engineering is the ground, in the air or by sea. so that even the tiniest loopholes can be closed before attackers
denial-of-service attack). DDoS attacks are characterised by the employed to mislead victims into divulging data of their own gain access through them to entire systems.
large number of computers and services in use as a rule, accord, circumventing protective measures or installing mal- A cyber war can therefore cause an enormous amount of
botnets are used. A botnet is a group of computers, all of which ware. The perpetrators exploit human weaknesses such as damage. Military conflicts conducted with IT resources in
are compromised by a malicious code. The code turns them curiosity or fear to manipulate the victims. Consequently, the cyberspace are often categorised as being of three types: If an
into bots a term taken from "robot". The affected computers latter click on links that covertly install malware, for example, attacker's aim is to paralyse or destroy the opponents network
are monitored and controlled by botnet operators through a or they divulge passwords and other sensitive information. capacities, the actions are known as computer network attacks
command and control server. Another method of impairing (CNAs). Computer network exploitation (CNE), for its part,
the availability of data is to use ransomware i.e. malicious pertains to actions aimed at obtaining intelligence information
software that installs itself unnoticed. It restricts the availability from the opposing sides computers. Actions taken to protect
of the data until the user of a system pays a ransom or satisfies ones own computers and computer systems are known as
another demand from the attacker. computer network defence (CND).
Cyber risks have risen markedly in recent years. How would What is the appropriate response to these developments? What are common types of attacks on companies and
you describe the status quo of the cyber security situation There are two fundamental strategies: One is to rely on government authorities?
for companies and government authorities? deterrence at the policy level, through strict penalties for There is a whole range of attacks. Often, the point is to tempt
The World Economic Forum estimates that the cost of cyber instance. The second is for the organisation to be prepared if users into clicking on something be it a link or an attachment
crime in 2015 as applied to Switzerland totals about US$ 5 billion. something does happen. This latter strategy is summarised sent by e-mail. This is a way of installing malware that can be
This figure is four times as large as in 2013. By contrast, the with the catchwords "detection and response". In other words, used, say, to extract data. Malware of this kind is often the first
outlays for national precautionary measures in Switzerland attacks must be detected promptly and countermeasures taken springboard for penetrating the IT system of an entire organi-
amount to only about US$ 70 million. The trend in estimated quickly. In addition, the security architecture must be designed sation. Besides surveillance, attacks may also be aimed at
damage from cyber incidents indicates, on the one hand, so that an attack on one workstation does not render the entire impairing functionality. Prof. Dr. Bernhard M. Hmmerli has been teaching
dramatic growth, and on the other, in my opinion, a discre- IT system vulnerable in one fell swoop. information technology since 1992 at the Lucerne Univer-
pancy between the estimated losses and the investments made What types of attacks are particularly heinous and why? sity of Applied Sciences and Arts and since 2009 also at
in countermeasures. Could you comment on the perpetrators of attacks and There are no hard and fast rules on that. It depends on the the Norwegian University of Science and Technology.
their motives? activities of an organisation and the goals of an attack. What He focuses on teaching and research in the fields of
What is the reason for this trend? For one thing, there is a financial motive; for another, attacks is uncontested, however, is that serious problems can arise if a communication, networks and information security. He is
On the one hand, the level of professionalism among attackers from cyberspace pursue political goals. It is not uncommon to hack into an IT system goes undetected for an extensive period a specialist in the protection of critical infrastructures.
has risen enormously in recent years. The point is no longer have a subset of motives combining financial and political goals. of time. On the one hand, the activities of an organisation Since 2012, he has headed up the ICT Security Platform
recognition, as it was with the first hackers, but rather tangible could be monitored in this way over a longer period of time; of the Swiss Academy of Engineering Sciences (SATW).
financial gains. And dominance in cyberspace especially Could you describe a typology of the most frequent victims, on the other, attackers would be able to wait for the optimum
with respect to governmental action in this area. also with an eye to making a distinction between cyber war time to attack their target. That is why a "detection and res-
and cyber crime? ponse" team is so pivotal. There are known cases of attackers
How is effective protection against cyber risks structured? This distinction is difficult because combinations are com- having access to critical IT systems for years on end.
Until about a decade ago, many organisations assumed that monplace. Among victims, all conceivable players can be
investments in protective measures would suffice to prevent found, from private individuals who get taken in by a phish- How can government authorities protect themselves
damage from attacks. The assumption was correct for a long ing e-mail, or companies whose business secrets have been and national companies?
time. Yet the attacks have increased massively. In the mean- spied into, to countries who are watching each other in cyber- This task requires situation centres that continuously monitor
time, government authorities and large organisations are space to base their actions on the information they glean. activities in cyberspace and provide information about dangers:
under almost constant attack. And these attacks involve Efforts in this area should be intensified in Switzerland. With
substantial risks for information security in other words, the Reporting and Analysis Centre for Information Assurance,
they endanger the availability and authenticity of digital data known by its German acronym MELANI for short, we already
as well as its integrity and confidentiality. have a centre in Switzerland focused mainly on reporting
incidents and subsequently analysing them. Moreover, inter-
national collaboration on communicating about threats and
vulnerabilities is to be further intensified.
How big is the risk emanating from human beings? Studies The Crypto cSeminars are held at the Crypto Academy
shows that more than 50 percent of the primary attack entry Cyberattacks involve substantial in Steinhausen/Zug, Switzerland. Further information
points are attributable to employees behaving incorrectly.
In fact, the success of the initial infection of an IT system can
risks for information security is available at www.crypto.ch/seminars.
quite often be traced to an exploitation of incorrect human be- they endanger the availability and
haviour. Assume we have a government agency with 10,000 em- authenticity of digital data as well
ployees. Within one year, they all receive 100 e-mails from an
attacker sent with the objective of initiating the download of as its integrity and confidentiality.
malware. That means a total of one million attacks, which can
be carried out with relatively little effort. If just one employee
clicks a single time on the link, the attacker has achieved his Existing security systems often fail to stop customised attacks
objective. Now, the probability of an error occurring in one on terminal equipment. How can we assure information
out of one million cases is quite high. security in terminal equipment?
The problems involve several components: Each user no longer
What is the best way to keep the "human factor" has just one device but often has two to as many as five devices
under control? in use. With mobile device management (centralised manage-
A promising approach is generally for organisations to pursue ment) and virtual desktops (virtualising the PC desktop in the
diverse strategies at the same time. On the one hand, the point data centre), the security situation in a company can be im-
on the technical side is to create largely self-contained spaces proved enormously. Once again, the employees play a role in
within the IT system so damage caused by penetration in an this process. Continuous training on correct behaviour helps in
IT system remains clearly limited. It is also recommended to this context, as was already mentioned. Nonetheless, it can be
virtualise activities whenever possible. Finally, a central factor assumed that even those efforts will not achieve one hundred
is to sensitise employees continuously with an eye to awareness, percent security. To attain a higher level of protection, all as-
attitudes and behaviour. pects of a security architecture must be taken into account. That
way the confidentiality of the information is assured at all times.
The point of the evaluation stage is to collect as much This assessment is also conveyed by the experts from Crypto AG.
information as possible about the target of the attack. That Effective system monitoring is deemed an essential part of a The high-security zone is an isolated zone and does not have the direct integration of hardware-based components with which
includes a collection of IP addresses and diagrams as to comprehensive defence arrangement. It provides the opportunity access to the Internet. From the secure zone, the Internet can myriad secure VPN tunnels can be created. These tunnels, in
how the potential victims move within the IT system. This to detect illogical connections or other anomalies. To be able be accessed securely only via protection at the perimeter. turn, can be individually encrypted with keys that are independ-
information can initially be collected passively but later also to assure maximum IT security, there are also ways of building ent of each other. Until now, if sensitive data was edited on a
actively. Prior to the actual attack, the perpetrators must set IT systems today so they are fully protected against attacks of this Experts believe the key problem in the hacker attack mentioned terminal device, this task was done with minimum protection
up the waterholes, i.e. tamper with the Internet pages fre- kind, thanks to major ICT advances. above was that although different security zones had been de- and offered an easy target for cyber criminals.
quently visited by victims. Alternatively, they can also pre- fined, there were probably "holes" between them. The attackers
pare e-mails as a means by which to conduct the attack. The decisive factor in these efforts is that different security levels exploited this fact. These gaps were the only reason they were Crypto AG has now succeeded in closing this security gap by
are assigned within an organisation and communication occurs able to advance laterally through the system and become privy protecting terminal equipment with a combination of several
The initial infection stage is characterised by waterhole exclusively within these zones. Classified information at the top to company secrets step by step. hardware and software security elements. Crypto SmartProtect is
activation or manipulated e-mails. The actual attack begins. secret level, for example, is never allowed to leave the high-secu- the new technology for this purpose and furnishes full protection
If it succeeds the victims behaviour is carefully examined and rity zone. In addition, as few users as possible should have access Experts from Crypto AG say it has been no problem for quite for sensitive information in civilian and military fields of appli-
a suitable attack tool is selected based on the findings. These to this information. For subordinate security zones, the data that some time to assure highly secure communication within a cation. For more on Crypto SmartProtect, check out the
actions are referred to as social-manipulative attacks. is present is less sensitive and the security aspect is consequently security zone. Even if people are working externally on a laptop, following article on page 14.
less central. However, these zones, too, must be sealed so as not for instance, data can still be transported through protected
to endanger the security of the overall system. virtual private network (VPN) tunnels. This is achieved through
User environments
operating environments to be able to be run securely, they The Crypto SmartProtect Security Module is at the core part of
must be contained in a secure Compartment that effectively the hardware. It contains the boot image of the Crypto Smart-
Application
Application
Application
Application
Application
Application
Application
Application
Application
protects them against attacks from the outside. This protection Protect OS plus all encryption and authentication services.
is achieved with the secure operating system Crypto Smart- These security elements are all fully protected by the Crypto
Protect OS. The security operating system provides fully Security Architecture and are therefore unassailable. The four
insulated Compartments. The user environments in these fundamental security goals of confidentiality and integrity, Standard Standard Standard
Compartments are executed on the same processor by means availability and authenticity can be assured. Included are tried- operating system operating system operating system
of the security operating system and under the watchful eye of and-tested features such as secure boot, secure login, and disk
the microkernel, with consistent separation prevailing. The encryption. The first-named executes a comprehensive security
Virtualisation Virtualisation Virtualisation
architecture of the security operating system is based on the check on every boot. Booting is continued only if this check
delete and send data on their com- consistently separate Compartments yet still access public Crypto SmartProtect Security Module Encrypted disk
Hardware
Monitor Touchpad
security zones in consistently any sacrifices in terms of ease of use or being limited in data A
Keyboard Processor
handling by restrictive security precautions. Tasks can be
separate Compartments. performed in a manner that is not only highly secure but
B
Mouse RAM
also efficient and convenient. C
Optional
Government-supported
protection systems
Malfunctions and failures of critical infrastructures (CIs) have serious consequences. Comprehensive protec- or interrupting their availability. Among their goals, the Keener awareness for cyber risks
tive measures are all the more important, especially to minimise cyber risks. With the "National strategy for attackers want to impair the confidentiality or authenticity of Basically, the attitude taken in the strategy is that the indivi-
Switzerlands protection against cyber risks (NCS)", the Confederation points out where action needs to be the information with their actions enabling them to read, delete dual stakeholders are responsible themselves for implementing
taken and offers government bodies, assistance for CI operators. and modify data, overburden connections or server services, and optimising protective measures against cyber risks. Accor-
spy on information channels, or intentionally tamper with ding to the strategy, this has the following consequences for
monitoring or performance systems. CI operators: The risks are not allowed to be handled according
The infrastructures of a country are its lifelines. Their proper in information security. In light of the complex types of digital to solely economic principles. Instead, CI operators must make
and reliable operation guarantees stability, order, and security networking under way in various areas, it no longer suffices to efforts above and beyond that to minimise the risks.
basic requirements for the smooth functioning of society, protect these areas separately. Integrated protection approaches
business and government. There is a special focus in this are called for instead in order to minimise the ramifications of 90 percent of the important The Confederation notes, however, that there is still a lack of
context on critical infrastructures (CIs) from the sectors of incidents on the economy and the general public and to restore infrastructure areas depend on awareness in several sectors as to the threats emanating from
government authorities, energy, transport, public security,
waste disposal, finance, health, food, industry as well as
life to normal as quickly as possible.
IT and protected communication cyber risks. Integral thinking is likewise not yet established
everywhere. This approach says that cyber risks can be reduced
information and communication. CI protection is considered Attack on information systems technology. not just with technical measures such as fail-safe, alternative
extremely important. Along with strictly physical protection, The "National strategy for Switzerlands protection against and specially protected means of communication, and that
suitable protection against cyber risks has really come to the cyber risks (NCS)" was passed by the Swiss Confederation in information and data must be explicitly protected. Equally
fore in recent years. 2012 and reads as follows: "Cyberattacks on critical infrastruc- The effects of cyberattacks could have horrendous consequenc- important, are organisational issues (such as the classification
ture can have particularly severe consequences, as they can es for the entire population and the economy. For instance, of information or the regulation of access rights) and staff
It is estimated that 90 percent of key infrastructure areas in compromise vitally important functions or trigger fatal chain after a cyberattack, a blackout in the power supply would issues (i.e. security checks or behavioural training).
industrialised countries rely on information technologies (IT). reactions. Therefore, (often private) CI operators play a key role paralyse critical infrastructures as well as the entire national
The use of IT improves efficiency on the one hand, not least as providers of important services with overriding security economy. The ensuing effects for the general population would
due to networking among the different areas. On the other implications." include, for instance, failure of lighting, heating and other
hand, there is rapid growth in dependency and increased electronically controlled articles of daily use without which
susceptibility to malfunctions and manipulations. All in all, Cyberattacks are launched on computers, networks and data. everyday life would be inconceivable.
business, society, even whole countries have become more These attacks are aimed at interfering with the integrity of the
vulnerable, boosting the need for effective protective measures data or the functioning of the infrastructure as well as limiting
MELANI supports risk management of critical infrastructures The scenario for sending encrypted messages is as follows: Voice and text messages are
in the process, thereby helping to strengthen their resilience.
Viewed overall, the resilience of critical infrastructures is
First, the recipient creates his own pair of keys. The public key
is conveyed to the sender over the server, so the latter can use it
protected at all times and places
composed of four components: the robustness of the systems, to encrypt the message. With his own private key, the recipient with the Crypto Mobile HC-9100.
the availability of redundancies, the ability to mobilise support- can then decrypt the message. A possible weakness, however, is
ing measures, and the speed and efficiency of supporting that the provider can assign the sender a new public key, say,
measures if the worst comes to the worst. when equipment is replaced or re-installed. That would mean, For the exchange of text messages, the message of up to
for instance, that the sender would then use the key generated 1,000 characters in length is encrypted in the worlds tiniest
by the supplier to encrypt messages not yet received by the high-security encryption device integrated directly in the
recipient. This would put the provider in a position to decrypt phone and sent directly to the recipient. The sender promptly
Blackout in a major city possibly the messages with his new private key. Further, the terminal finds out that the message has arrived at the recipient. As soon
triggered by a cyberattack equipment itself could have potential entry points for attacks. as the message is handed over to the security application,
Key terms indicate this fact, such as the lack of integration security is assured not only for the transmission but also in
protection for the application, the lack of a genuine random both terminal devices. The message is saved in the secure data
number generator or also overly short key pairs. store of the HC-9100, specifically only in the sending and
receiving devices. This feature of the high-security solution
Encrypted chat from Crypto AG marks a major difference from the off-the-shelf models.
Crypto AG has offered an appealing and highly secure com-
munication solution for several years with a specially rugge-
dised mobile phone. Ruggedised means that an unauthorised
modification of the device is reported immediately. Voice and
text messages are protected at all times and places with the
Crypto Mobile HC-9100.
HC-7835
HC-9300
A government minister is told that secure communication between himself and his staff and the heads of the
various government ministries is protected against third parties without compromise and constantly guaran-
teed. An exchange of editable documents subject to the top level of encryption meets these requirements.
The cooperation with various offices in a government ministry Highly secure exchange of editable documents
takes a variety of forms: The government minister is supported The Internet or also a private IP network can be used for the
by his staff in exercising his political duties. Offices of the highly secure communication of the stationary or mobile
ministry must be supervised but everyday administrative tasks office of a head of state for government administration or the HC-9300
also have to be performed. In the performance of all these government ministers. IP telephony has won the day through
CMS-1200
responsibilities, the highly secure transmission of classified the global expansion of data networks and the performance
documents and information must be assured for all employees. capabilities associated with it. The confidential e-mailing of Crypto
The suitable security platform is used based on the location of encrypted and editable documents is assured with the use of Small office (Minister) Management
the given individuals. Central security management to control the multi-application platform Crypto Desktop HC-9300 and
the communication relationships and user groups is essential in the security application Message / File Encryption HA-6650. Highly secure communication is constantly
this process. assured for stationary or mobile offices over
the Internet or over a private IP network
Even when travelling, the government minister can also If need be, a backup communication channel based on satellite
encrypt data and send it securely to his staff using Crypto communication can be set up to assure constantly available and
The highly secure exchange of Mobile Client HC-7835. The Crypto Management Suite fail-safe capabilities. The Crypto Deployable Secure Mobile
classified information is possi- CMS-1200 assures the centralised security management of Office provides a compact office infrastructure that can be
ble at all times and in all places the Crypto platforms. Furthermore, the CMS-1200 has a operated by satellite communication at any desired location
customised user and authorisation management system and that covers the customary office components.
with authentication mechanisms.
With this product, Crypto AG offers a security solution for
communication and collaboration with end-to-end protection
that meets the highest standards.
Highly secure transmission of
classified documents and infor-
mation must be assured for all
employees at all times.
Abu Dhabi
Muscat
Kuala Lumpur
Rio de Janeiro
Crypto cSeminars
9 to 13 October 2017