System Engineering Consulting

When it comes to an estimation of security consultancy in most systems, there are several questions which cannot be answered in detail upfront. In order to ensure an approach which is appropriate for a specific customer, HENSOLDT Cyber offers consultancy as a two stage process. This significantly reduces the financial risk of the customer that the IT consultancy extends the targeted goal for a specific product or system. Reason for that risk is that IT-Security is a vast field in which different solutions are appropriate for different customers, those solutions addressing different attack vectors which may be regarded or not. The protection means for said vectors significantly influences the necessary level of consultancy in the technical area.

Stage 1 – System Introduction / Identification of IT-Security needs

In stage 1, HENSOLDT Cyber creates an overview of the system, listing relevant applied technologies and specifying how these are interconnected.
Those technologies typically are:

Hardware Platforms

Operating Systems

Software Components

Cryptographic algorithms/ implementations

Operating Systems

Communication protocols

Internal system communication

External interfaces

External interfaces to world wide web

Applied IT-security mechanisms

Possible attack vectors throughout the supply chain are identified by HENSOLDT Cyber and discussed with the customer, creating a list of attacks and associated risks from the customer’s point of view. The result of this stage is a list of attack vectors including a recommendation which of them shall be addressed in the further system/product development.

Stage 2 – Extending System Design with IT-Security Aspects

Based on a well understood system design and attack vectors which shall be addressed, recommendations for means to protect against those attacks shall be identified. Those recommendations shall be, in discussion with the customer, added to the system design.

Possible impacts on the design shall be identified in regards to:

System performance

Product lifecycle Processes

Organizational aspects

Financial aspects

Safety aspects

Certification aspects

This stage typically involves different experts on customer side leading to a detailed update of the system design covering all necessary aspects.
At the end of this stage, a detailed updated system design for the customer is available, upon which explicit decisions can be taken. Those decisions typically are done under consideration of the benefit of addressed attack vectors and the impacts on functional system design in addition to financial aspects. The updated system design does not mandatory include solutions from HENSOLDT cyber but alternative suppliers as well.

Contact us

We are looking forward to hear from you. Please do contact us: consulting.cyber@hensoldt.net for further information.