National security and the need for a high degree of autonomy are often the two main reasons for a country to establish its own independent National Competence Centre for information security. A centre of this kind requires and embodies expertise in cryptography and related technologies. Its aim is to define a national algorithm and apply cryptographic methods to protect information of importance to the government.
Crypto AG supports customers in setting up their own NCC for information security in order to achieve total autonomy in this area. This ensures that all confidential data of their country remain protected throughout their entire lifecycle, not just during transmission over public networks. To cover all aspects of information security, Crypto AG recommends the implementation of a comprehensive ICT security architecture, which takes into account the three factors, technology (logical security), people (organisational security) and processes (physical, organisational and logical security).
For a successful implementation, customers can acquire expertise in the following areas from Crypto AG:
- A comprehensive understanding of cryptographic algorithms, security protocols and mechanisms, and their implementation in products (national cipher competence centre).
- Determination of roles, responsibilities and processes in information security (information security governance centre).
- Appropriate handling of key management as well as the management of critical parameters and security-relevant incidents (security operation centre).
- Comprehensive technical understanding of security architecture and its design (technical engineering).
- Verification and proof of concept (test lab and spare parts).
- Increased awareness of information security topics and full expertise in order to train others (training facility).
- Product support and maintenance.
After implementing an NCC, customers are able to train their own experts in information security and cryptography. These newly trained experts then become contact persons for civilian and military authorities for information security questions. They will be able to assess the quality of the implemented encryption processes and products and can take appropriate measures if required.
Autonomous government and administration are almost inconceivable today without a National Competence Centre (NCC) for information security.
In an NCC, comprehensive knowledge on cryptography and ICT are built up and developed – often with the help of outside experts.
Crypto AG has 60 years of expertise in the analysis of customers's infrastructure and organisational processes. Based on this knowledge, we then draw up fundamental concepts and recommendations for potential improvements.
As a result, our customers are in a position to run their own NCC, either fully or partly independently. They are also able to train the relevant experts and conduct further evaluations.
An NCC is a lasting investment in future security.