CSSI overviewCSSI overviewCSSI overviewCSSI overview
Mr Sherif Abdelrazek
06 May 2014
Agenda1. Context2 CS in brief2. CS in brief3. End-to-end security4 Standard Project life cycle4. Standard Project life cycle5. Needs definition6 Project implementation6. Project implementation7. Post implementation phases8 B2ISS project
CS Comm
uni
8. B2ISS project9. IT Security Lab Implementation10 CS references ication &
Systèmes –
Char
10. CS references11. CS Consultancy services proposal
rte 2012
2
S iti I f ti t b dContext
Sensitive Information to be secured
SITUATION / CONTEXTSITUATION / CONTEXT TECHNOLOGICAL SOLUTIONSTECHNOLOGICAL SOLUTIONSState and Local Governments and Agencies routinely need to interact with sensitive information Threats from organized crimes and cyber
Advanced cryptography technologies andsolutions (Secure communication architectures,Authentication and Data Security, Network and IT
TECHNOLOGICAL SOLUTIONSTECHNOLOGICAL SOLUTIONS
Threats from organized crimes and cyber attacks are constantly changing
y,Security Governance…) bring effective responsesto these threats.
CS Comm
uni
in Governmental Information Systems, Information and Communication Systems Security Process : ication &
Systèmes –
Char
• Has to be rationalized• Is complex and critical• Requires high level of expertise and a rigorous methodology
y
rte 2012
3
• Requires high level of expertise and a rigorous methodology
CS in briefCS, designer, integrator & operator of CS, designer, integrator & operator of
mission critical systemsmission critical systems Consultancy services System Design, Build, Run Prime contractor for turnkey systems
Europe (except France) 9%
North America& Canada
6%
Africa & Middle East 1%
Prime contractor for turnkey systems World class expertise State of the art processes International experience
France84 %
International experience Innovation driven
Defense, Security37 %
Diginextproducts9%
Energy& Industry
13%
CS Comm
uni
37 %
Aeronautic26%
170 M€
in revenues
1700 employeesworldwide
1480employees in France
220employees abroad
13%
Space15 %
ication & Systèm
es –Char
in revenues 15 %
rte 2012
4
CS in brief Fields of activitiesFields of activitiesDEFENSE & SECURITY AERONAUTICS ENERGY
Operations
SPACE
Space SoftwareArea surveillance & Embedded systems Simulation & HPCOperations commandinformation systems
Command & control center
Space Software Systems & Services
› Ground control & Simulation
› Flight operation &
Area surveillance &interventionmanagment
Information andcommunicationsystems safety &
Embedded systems
Technical informationsystems
› Enterprise contentmanagment
Simulation & HPC
Industrielinformation systems& nuclear
control center
Communicationsystems
Support & logisticsinformation system
g pplanning
Big Data Intelligence
› Data processing,
systems safety &security
› Authentification services
› Cyberdefense
g
› Product lifecyclemanagement
Digital design
Nuclear safety
information system
Armed forces training
fusion & dissemination
› Georeferenced services
› Cyberdefense
Transverse Secured I i PLM / ECM High Pe fo mance
CS Comm
uni
DIGINEXTPRODUCTS
A CS group subsidiary, Diginext ensures product industrialization and marketing in the fi ld f
TransverseSkills center
Secured Infrastructures
Image processing Geographical IS
PLM / ECMReal Time Software
High Performance Computing
ication & Systèm
es –Char
PRODUCTS fields of :
Tactical data links (TACTX, STARLINX, SOLSTICE)
Simulation and vitual reality systems(Inscape Vertigo VirtualGeo Indigo
Navigation, geolocalization and detection systems(MILGPS, LORANC, STRADIVARIUS…)
Information systems for public transportation
rte 2012
5
(Inscape, Vertigo, VirtualGeo, Indigo,VisualSim, CS Wave)
Information systems for public transportation(MOBILITX…)
TransverseSkills center Virtual reality / 3D
CS in brief Innovation & Innovation & ExpertiseExpertise
DEFENSE SPACESECURITY AERONAUTICS ENERGY DIGINEXTPRODUCTS
Active participation to competitiveness clusters › System@tic; Minalogic; Aerospace Valley; Cancer research, Biotechnology and healthcare;
Sea, Security, Safety and Sustainable Development; Secured Electronic Transactions
Experts with state-of-the-art technology competencies: 220 technological & business oriented specialists federated in the company’s experts network› Information systems network security modeling & simulation embedded systems› Information systems network security, modeling & simulation, embedded systems,
intelligence, open source software, software and systems engineering
R&D: 9% of revenues
CS Comm
uni
Innovative components and products range› Command centers, tactical data links, communication and information systems security,
electronic warfare test & training navigation systems flight dynamics ication & Systèm
es –Char
electronic warfare, test & training, navigation systems, flight dynamics
rte 2012
6
CS in brief Global footprintGlobal footprint
Aeronautics: Pratt & Whitney Canada & US -Fadec development, validation & certification
including tests platformsDefense: Voice communication systems deployment for
NATO CountriesDiginext : Tactical Data link & navigation systemsSpace: ground segment & space services for ESA
Aeronautics: Embedded Software offshore center
Defense: Middle-EastConsultancy for Security Agency and Surveillance
program
CS Comm
uniication & Systèm
es –Char
locations
rte 2012
77
CS & the Cyber security
MSC
FIGFast Intervention group
MSCMaintenance in Security Condition
Consultancy & Audit SIEM
OperatingSupport
& AuditIS Security
SIEMPrelude SOC
Security Operation centre
CS Comm
uniication & Systèm
es –Charrte 2012
8Un SOC hébergé basé sur site
End-to-end securityGlobal footprintGlobal footprintConsulting and business support
Management support, business and project assistance, PMO, Security Strategy and Policy, Management of IS Security High Performance/ High Availability Computing Risk Analysis Certification supportIS Security, High Performance/ High Availability Computing, Risk Analysis, Certification support
Data Users and workstations
Communications NetworksSecuritySign digitally
CertifyProtect & Cipher
ArchiveP
Sign digitallyAuthenticate
Manage Identity & Access (IAM)
Cipher Comunications
Secure electronic messaging
Secure LAN and WAN Manage
Multilevel communicationsProve messaging co u cat o s
CS Comm
uni
Security GovernanceCybersecurity Strategy, Security Operations Centers (SOCs), Maintenance in Secure Condition (MSC)
ication & Systèm
es –Char
Network and Information System (IS) GovernanceNetwork Operations Centers (NOC) Data Centers Industrial Control Systems (ICS) rte 2012
9
Network Operations Centers (NOC) – Data Centers – Industrial Control Systems (ICS)
End-to-end securityIT Security ConsultancyIT Security Consultancy
& Support services& Support servicesRisk Analysis Penetration tests
• Management support• Bid process support
B i & j t i t PMO
Risk Analysis(Ebios, ISO 27005,…)
Penetration testsSecurity audits
• Business & project assistance, PMO• Security Strategy and Policy• Advisory services in IS Security, ISS Support
(ISS Policies key
MSCMaintenance in Security
High Performance/ High Availability Computing (Data Centres)
• Risk Analysis
(ISS Policies, key ceremonies, security docs writing like SSRS Otan…)
yCondition
CS Comm
uni
• Certification support • World class expertise• Successful experience in public and
Certification support
CyberdefenceLID ication &
Systèmes –
Char
• Successful experience in public and private sectors‐ Results driven‐ Client driven
support(ETSI, ISO 27 0XX, Government listed supplier RGS,...)
LID
rte 2012
10
Client driven
Standard Project life cycle
1.1. Needs definition
2. Development5. Maintenance & surveillance
CS Comm
uni
3. Tests & 4 Deployment ication &
Systèmes –
Char
Integration4. Deployment
rte 2012
11
Standard Project life cycle
Project jOwner
CS Comm
uni
Prime Consultant ication & Systèm
es –Char
ContractorConsultant
rte 2012
12
Needs definition
ConsultantConsultantRFP PROCESS
EOI
Interviews
Policy advisory
Specifications RFP RFP ContractInterviews
Market analysis
master planBudget
RFP documents
RFP Process
Contract negociation
CS Comm
uni
Site Survey (if necessary)
ication & Systèm
es –Char
Budget ll iP j t P j t Prime Prime rte 2012
13
allocation process
Project ownerProject owner Prime Prime contractorcontractor
Project implementation
ConsultantConsultantProject implementation
Developmentvalidation
Deployment inspection (SAT)Qualifications (FAT)
Prime Prime contractorcontractor
Development DeploymentTest & Integration
CS Comm
uni
& Integration
ication & Systèm
es –Char
Project ownerProject ownerDevelopment rte 2012
14
Developmentacceptance SAT acceptanceFAT acceptance
Post Implementation phases
Maintenance & surveillance
ConsultantConsultantAuditAudit
Maintenance &
Prime Prime contractorcontractor
CS Comm
uni
Maintenance & surveillance
ication & Systèm
es –Char
Project ownerProject owner
rte 2012
15
System operating
B2ISS ProjectConsultancy Services for management of
tenders for 2 projects
Baghdad Security ProjectMetropolitan areaOver 450 square kilometers
Border Security ProjectIraqi / Syria border 630 Km
i bj ii bj i Security ObjectivesFor Border Security Forces in this area:-> Improve effectiveness of Surveillance and Controls -> Increase efficiency of security personnel operations
Security ObjectivesFor Baghdad Security Forces in this area:-> Improve effectiveness of Surveillance and Controls -> Decrease reliance on the human element y y p p
Operational Objectives• Detect illegal crossing of borders• Prevent terrorism, drug & human traffic, illegal immigration
Operational Objectives• Detect illegal crossing of fences, walls, …• Locate, classify, alert, track abnormal events occurring
C t l i t it f l d d i Ch k P i t
CS Comm
uni
• Locate, classify, alert, track abnormal events occurring• Real-time transmission of events data to the Control Centres• Sending of interception orders to the Intervention Units• C2I Guidance of Intervention up to Interception• Recording of events for post-intervention replay
• Control integrity of people and goods crossing Check-Points• Monitor city streets to increase public safety order • Individuals support with escalation to Security Forces• Automatic detection of abnormal behaviours, abnormal goods• Monitor road traffic ication &
Systèmes –
Char
• Recording of events for post intervention replay• … • Conduct specific surveillance operations “on-demand”
• Tracking Individuals, and Mobile Terminals Tracking System• Real-time transmission of events data to the control centres• Sending of interception orders to the Intervention Units• C2I Guidance of Intervention up to Interception rte 2012
16
C2I Guidance of Intervention up to Interception• Record data helping in prosecution of individuals• …
B2ISS ProjectContract Scope of Works & Situation
Delivered
T dT d
Preliminary
POPSISelection
Delivered
A
CSSI, ITSC, POPSI Suppliers
EOI Process
E
TodayToday
Preliminary SRS V1(with
options)
ITSC Validation
RFP ITSC MOC& CSSI SRS
FinalRFP
Technical tendersAssessment
MarketAnalysis
Delivered
B
POPSI, Suppliers
Validation &
DecisionProcess
End of CSSI Consultancy
& CSSIContract V2
AssessmentReport
From CSSI
Sizing & Budget
Assessment
Carried out
FinalSizing
&Delivered
FMarket Analysis
CONOPS
CS Comm
uni
CSSI Consultancy ContractPhase 1
(with options)
& Budget
ITSC MOC MOI BOC
CONOPSCWORKSHOPS
ication & Systèm
es –Char
Site Survey
Delivered
DSite Survey
ITSC, MOC, MOI, BOCIntelligence, MOI&T, CSSI G Additional
Meetings
W k C i d tRemaining Works
rte 2012
17
CSSISite Survey Works Carried out
IT Security Lab. implementation
CS led a 3 years World Class Know-How project in Cryptologyf 2007 t 2010 f Middl E t t lfrom 2007 to 2010 for a Middle East governmental agency.
CS detailed a long term master plan based on 3 main phases over 15 years : CS detailed a long term master plan based on 3 main phases over 15 years :
› Initial situation: no scientific resources in the domain of IT security available in the Country
› Objectives: reach national autonomy on security and cryptology issues
CS realized the first main Phase with significant results:
CS Comm
uni
CS realized the first main Phase with significant results:
› An operational IT Security Lab created and currently managed by the customer
› 30 graduated engineers ication & Systèm
es –Char
› 30 graduated engineers
› First degree know-how regarding cryptology implementation and certificates deployment
rte 2012
18
IT Security Lab. implementation
Cryptology Cryptology
Provide & develop standards for customer’s
Continuous R & D processyp gyyp gy
Science & Science & TechnologyTechnology
customer s encryption or secure systems
Delivery of identification &
th ti ti
Legal Affairs
Mainte-nance
CertificationValidation
authentication certificates
Cryptology Technology locally d l d
Quality &
Methods
Admin & Facilty
Support
Certification Authority
and Evaluation
developed (ciphering hardware / software algorithms)
Cost-effective systems to protect
sensitive government
i f ti d
CS Comm
uni
Services to the National
Promotion of security awareness
information and various commercial
sectors
ication & Systèm
es –Charand additional missions
the National Community
awareness, Educational programs
rte 2012
19
... and additional missions
IT Security Lab. implementationEducation and Training
(In FRANCE)
Session 1 for 12 students
Session 2 for 12 students
Session 3 for 12 students
1st TKH phase 1nd TKH phase 3rd TKH phase
TRANSFER OF KNOW-HOW PROCESS
(In Middle East)
1 TKH phase
CS staff acting on training projects
1 TKH phase 3 TKH phase
Evaluation Customer staff acting on training projects
IT Security
Lab
CS Comm
uni
Technology TransferImplementation
ication & Systèm
es –Char
CS Experts Support
rte 2012
20
CS REFERENCESSOME ACHIEVEMENTS
Consulting Services for installation of integrated security systems in Baghdad and an Iraqi bordersecurity systems in Baghdad and an Iraqi borderConsulting services for assisting the Iraqi contracting authority related to the preparation of and follow up on two tenders aimed at securing the city of Baghdad and an Iraqi border.
Middle EastImplementation of a IT Security Laboratory to Secure Critical Networks
Baghdad and an Iraqi border.
General Secretariat for Defence and National Security (SGDSN)Advisory on state of the art secure communications
CS Comm
uni
Advisory on state of the art secure communicationsDesign & Implementation of a secured gateway between heterogeneous sensitive electronic mail services & dedicated high secured Workstations
C i l l i ll C ll i
ication & Systèm
es –Char
CHILI - National Electronic Toll Collection system Design and implementation of a complete solution for the delivery and management of Cryptographic Keys for a Chilean Electronic Toll Collection
rte 2012
21
System
OTHER ACHIEVEMENTSCS REFERENCES
OTHER ACHIEVEMENTSMOD – Consultant and Prime Contractor of the C4ISR of the joint forces j• Consultancy , system architecture, common foundation of digital signatures
and multi-tiered MSC • Build the NOCs/SOCs embarking SIEM Prelude, NOC Vigilo• Management and support of the homologation process (FR et OTAN)• Management and support of the homologation process (FR et OTAN)
Ministry of Justice - IS Security Consulting• Advisory on state of the art secure architecturesAdvisory on state of the art secure architectures• Risk analysis, support of homologation files• Support of the Security Process formalization
MOD - Vulnerability and Penetration Tests
CS Comm
uni
MOD - Vulnerability and Penetration Tests• Advisory on state of the art system penetration techniques• Black Box/ White Box, specific tests• Training of experts) ication &
Systèmes –
Char
• Training of experts)
French Notaries Council Implementation of Dematerialization Platform for notaries deeds (electronic
tifi d i t ti t i d t hi i t ith t b ti l )
rte 2012
22
certified signature, time stamping, documents archiving system with strong probative value)
OTHER ACHIEVEMENTSCS REFERENCES
OTHER ACHIEVEMENTSMinistry of Home Affairs - ID Cards for civil servants• Advisory on Digital Signatures and Public Key Infrastructure
NATO
Advisory on Digital Signatures and Public Key Infrastructure• Build of IAM system with strong authentication and smart cards• 200 000 cards in the field, target: 400 000
NATONATO Secret classified Projects for the implementation of the ground-to-air radiocommunications system (SRSA and LOC1) for the NATO Air Forces :
• Provide all air force operations centres with a reliable and secure ground-to-air• Provide all air force operations centres with a reliable and secure ground to air communications service for air missions in mainland France
• Carrying voice and data traffic between various air force entities and aircrafts• Tactical data link • Encryption system administration features
CS Comm
uni
• Encryption system administration features• Local and national network monitoring modules• Management and distribution of Encryption keys for Critical Equipments
French InterBank Payment and cash withdrawal System ication & Systèm
es –Char
French InterBank Payment and cash withdrawal System Implementation of secured critical services network between Banks for transactions authorization (up to 10 billion transactions per year / € 482 Billion in 2011)
rte 2012
23
… and several other Projects in Cryptology and IT Security domains
CS REFERENCES
PRELUDESOME PRODUCTS
Security Information & Event Management (SIEM) product to collect, normalize, sort, aggregate, correlate and display all security events whatever the monitored equipments.
The only European SIEM solutionThe only European SIEM solution
Open source solid core (Earliest version in 1998)
CS Comm
uni
Open standards compliance
A modular, customisable and ication & Systèm
es –Char
,hierarchical solution
Solution as hardware, software, i l bi i
rte 2012
24
virtual or combination
CS REFERENCES
VIGILOSOME PRODUCTS
Unified IS Supervision
Powerful solution for very large installed baseslarge installed bases
Secure and auditable code
Open standards compliance
CS Comm
uni
Open standards compliance
Open source and based on reference solutions of the industry
Modular and highly flexible for customized projects
Network Systems Applications
ication & Systèm
es –Char
Modular and highly flexible for customized projects
Top grade solution for high volumes
D l d di ib d d i i d b E
rte 2012
25
Developed, distributed and maintained by a European team
CS REFERENCESSOME PRODUCTS
TRUSTY rangegA complete range of secure application solutions joined on secured platform
CS Comm
uniication & Systèm
es –Charrte 2012
26
CS REFERENCESTrusted Platform's architect & Integrator
CS Comm
uniication & Systèm
es –Charrte 2012
27
CS in IRAQ
B2ISS Project enables CS to gain a significant and irreplaceable i f C lt t i I
Is present in Iraq since 2009
experience of Consultant in Iraq
Is present in Iraq since 2009
Created a Subsidiary Company in Iraq (Bawabet El Rafidain)
Currently manages a consulting services project with several Currently manages a consulting services project with several important ministries
Knows well Iraq security context and constraints
CS Comm
uni
Knows well Iraq security context and constraints
Has an important experience in the management of interviews of Iraqi Authorities and end-users
ication & Systèm
es –Char
Knows well Iraqi tender processes regulation (based on regulation 2008)
rte 2012
28
THANK YOU
CS Comm
uniication & Systèm
es –Charrte 2012
29
Top Related