Cybersecurity must be thought holistically
More and more areas of life and business are digital, networked and partly automated. Along these value chains, data forms a central component of networks. And if information and systems are accessible online, they can become the target of cyber attacks even faster.
The federal government plans to make the business processes of public authorities and state organizations leaner and faster through digital solutions. The pace of digitization will therefore continue to increase. At the same time, information security is to be strengthened. Both topics are of great importance for the Bundeswehr and its IT system house, the BWI.
Without cyber security, digitization is doomed to failure, and with the pace of digitization advancing, there are more and more attack surfaces for cyber attacks – especially when innovation cycles are getting shorter and digital solutions are entering the market faster. As a result, the requirements for the information security of IT solutions are increasing. This applies to an increased extent to the environment of the public sector and the Bundeswehr.
“Security by Design” provides a remedy: From the very beginning, cybersecurity is taken into account in the development of IT solutions. Security requirements for software and hardware are already taken into account in the early development phases of IT solutions. In this way, security gaps do not even arise. This saves time and money, because the further a project is, the higher the effort to fix security vulnerabilities.
The BWI also relies on “Security by Design” in the development and implementation of IT solutions for the Bundeswehr. Three fields of action form the framework conditions of the cybersecurity strategy.
1. Security governance along all business processes
Security governance controls the information security of an organization from strategy to implementation. BWI strives to standardize collaboration and process models across all business areas, taking clearly defined responsibilities into account. This ensures that all security requirements are implemented accordingly in all business processes. The goal: The creation of a holistic security concept to adequately address the complex framework conditions in the Bundeswehr.
In practice, cybersecurity requires not only a powerful and comprehensive security architecture, but also the embedding in relevant business processes and roles of an organization.
2. Strengthening cyber resilience
The steady increase in cyber threats in recent years is ideally accompanied by a continuous strengthening of resilience. Proven and new security technologies are used at BWI to make the IT and communication system of the Bundeswehr resistant to cyber threats. Resilience also includes comprehensive expertise, professional development and an exchange on an equal footing between cyber security specialists and the Bundeswehr via various established bodies.
3. Detection and response to cyber attacks
Cyberattacks are becoming more professional, sometimes work with automation and are often unpredictable. Continuously analyzing and evaluating the threat situation in cyberspace – whether in terms of crime, subversion, espionage or sabotage – in order to be able to react in real time is a core discipline of information security. For example, the “Log4j” vulnerability resulted in a new wave of security risks that affected companies worldwide. For the Bundeswehr with its complex IT system, this means that in addition to effective established protective measures, it increasingly needs ways to detect cyber attacks at the moment they occur. Only in this way can immediate countermeasures be taken – such as the isolation of affected subsystems.
With the help of big data and artificial intelligence, the BWI will complement the defense capabilities of the Bundeswehr in cyberspace in the future. This includes Bundeswehr-wide protection and monitoring systems as well as the presentation and analysis of data and IT systems, so that cyber attacks can be detected in real time and effective countermeasures can be initiated. Maintaining information security and restoring the operability of the IT system are the highest priority.
Cybersecurity is an integral part of digitalization. Not only in the Bundeswehr, but also in federal authorities. Anyone who takes a holistic view of cybersecurity and relies on future-proof IT systems is successful in the task of digitalization of the century.
For this task, BWI is looking for experienced IT security experts and those who want to become one. Further information can be found on the career page of the BWI.