Long-term security in the governmental context

Michael Hange

An essential pillar of the IT-securitystrategy of the federal goverment is an active cryptopolicy. In the nearly 100 years tradition the sensitive diplomatic and military communication has been encyphered. Today cryptography for encypherment is used conseqeuntly in the govermental network, where all kinds of communicatins are encipherd and, in special regulated application fields e.g. to protect sensitive health information. Beside encryption also cryptographic-based authentication-schemes, using smartcards as plattform, has become more and more   important in IT-security concepts. In 1998 the law for the so called qualified signature passed the parlament. A milestone in this year will be the European eIDAS-regulation on electronic identification and trust services for electronic transactions in the internal market, which will be transfered in national  law.

BSI plays the central role in the implementation of the national crytostrategy. BSI also represents German interest as national communication security authority in supra- and international organisation like EU or NATO.

With the so-called „Kryptoeckwertebeschluss“ in 1999 the federal government support a liberal cryptopolicy, which ist the guideline for all BSI-activities, concerning engagement in standardisation groups, development and evaluation of cryptodevices. In general the lifecycle of a cryptodevice in governmental application takes 20 -25 years. This means, that the prognose concerning the security of the cryptoalgorithmen and the concept of keydistribution comprises a period for more than 30 years starting with the concept and ending with the formal declassification. Cryptoalgorithmen, used for higher classified communication in the government, are developped for an even longer period of resilience against attacks.

Public visible are the BSI catalogue of recommended cryptoalgorithmen in the context of the Digital Signatur Law and Technical Directive TR 02102 1 till 4, which have practical impact to legislative initiatives like new Identitiy Card, e Passport, e-Health Card and Smartmeter.

What are the current and future challenges:

–        Promoting separation- and microcernel technologies in order to integrate  cryptography into secure plattforms

–        Support of the national cryptoindustry in order to avoid the dependency of foreign cryptoproducer

–        Raising awaerenss for the need of cryptography in business and private sector especially within the concept of the “Internet of Things” (IoT) incl Industrie 4.0 and in critical infrastructeres and here also the development of best practises for use of Cryptography in Indiustrie 4.0 /IoT

Permanent monitoring of the technology in the context of Quantum computing and in this context selection/optimisation ans standardisation of quantum-computing-robust algorithmen