Listening case Bundeswehr: This is what the expert says

The discussion about an apparently wiretapped conference of Bundeswehr members is currently causing a stir. IT security expert Gerald Richter advises security-conscious companies, organizations, and authorities to focus on access control and securing the end device when using communication solutions in this context.

The use of cloud-based solutions also needs to be critically examined in this context. Richter is the managing director of ECOS Technology GmbH. The German manufacturer specializes in highly secure video conferences, trusted IT infrastructures, and secure remote access.

"When it comes to video conferences and online meetings, many companies and authorities rely on common, widely used solutions. These have their place, but more in less sensitive conference content," explains Richter. "The security standards of such solutions are not always clearly traceable. Even though the major providers make considerable efforts to secure their solutions, there is hardly any control over possible backdoors or access by foreign security agencies, especially in the case of cloud solutions running on the systems of the respective manufacturers abroad. Hardened processes and special communication tools operated on-premises within their own IT infrastructure can provide a significant boost in security."

No secure video conference without secure end devices - secure at all levels with stick, software, server application, and service ID

Gerald Richter also emphasizes the crucial role of securing the used end device, which represents the weakest link in the chain.

"There are solutions available for communication completely isolated from the end device, where even operating on a potentially insecure computer or compromised WLAN is not a problem. Such an access solution can also be coupled with a personal smart card or service ID, such as the Bundeswehr's troop ID card. In this way, a very effective access control can be achieved relatively easily, regardless of location and the device used. This combination far exceeds the security level of conventional conference solutions. Someone who only has access data that may have been spied on, but does not possess the other components, has no chance of access."

ECOS Technology, for example, offers a specially hardened solution for highly secure video conferences with the ECOS SecureConferenceCenter in combination with the ECOS SecureBootStick. The ECOS SecureBootStick, developed based on the hardware of the German IT security specialist Digittrade, is approved by the Federal Office for Information Security (BSI) for access to information classified as VS-NfD and NATO/EU-restricted. One of the advantages is that standard computers or even private PCs and notebooks can be used without security restrictions. The connection is established independently of the end device from a secure, specially encapsulated environment. This reduces costs and administrative effort, as no additional computers owned by authorities or companies need to be procured and maintained.

Depending on the model, the stick also has a slot for PKI cards and service IDs in ID-1 format. The ECOS SecureConferenceCenter can be operated in a secured on-premises scenario on proprietary systems. Users have access to familiar video conferencing features, such as real-time screen sharing, video and audio sharing, and chat.

About ECOS Technology GmbH

ECOS Technology GmbH is a German software manufacturer for IT security products. Established since 1999, ECOS develops solutions for creating, managing, and distributing digital keys and certificates for securing and encrypting communication in the IT, OT, and IoT sectors. ECOS also offers solutions for remote work, remote access, and secure video conferencing with BSI approval for the confidentiality level VS-NfD. The core products include the ECOS SecureBootStick, ECOS TrustManagementAppliance, and ECOS SecureConferenceCenter. ECOS solutions are used in various sectors and industries, from top federal authorities to industry, with a focus on Critical Infrastructures (KRITIS) and companies of special public interest (UBI).

ECOS on the internet