Because system security is more than just a matter of Intelligence.
With the advent of increasingly complex and connected intelligent systems, the security industry continues to face increasing challenges which affect the physical, information and cyber security domains:
- The threat environment continues to evolve rapidly – both in terms of the identity and motivation of possible attackers (from internet-enabled activism to Advanced Persistent Threats) and in the technologies which they now have available (such as GPU and ASIC accelerated computation)
- The acceptable levels of risk are changing – for example, as media coverage is attracted to security failures, and security threats receive political attention
- The importance of intelligent systems security to an organisation is increasing as they become a source and repository of key business information and big data. The physical impact of cyber attacks – on a car, a medical device, or a nuclear fuel plant – is becoming crucial as Intelligent Systems take critical roles
- Increasing complexity and global connectivity is lowering the boundaries between organisations which helped limit risks in the past
- The costs of security measures are under continuous pressure. Security costs have been increasing, and this is driving cost reduction measures such as commodity solutions
- The constraints imposed by security controls are restrictions on an organisations operation and are also under pressure. Businesses want greater connectivity and greater interaction between global enterprises and, for example, individual staff may desire BYOD – Bring Your Own Device
Intelligent Systems / Altran addresses these challenges though a Global Security Practice which connects a number of business units and delivery centres. Our strategy includes:
- Using a full range of industry standards and best practices as guidance and benchmarks – including ISO 27001, EBIOS, MEHARI, HMG IS1 and ISO 15408
- Taking benefit from across diverse sectors and disciplines when appropriate (e.g. with the SafSec approach which incorporates practices from the world of safety engineering)
- Using approaches which identify and evaluate specific risks in order to determine proportionate security measures for the context and assets in question – this allows expenditure and effort to be concentrated effectively on areas of most importance
- Providing services specifically tailored to specific industries and applications where this provides benefit
- Developing and exploiting specific intellectual property in security-related disciplines
- Engaging with the government and industry in improving global security; Intelligent Systems / Altran has contributed to research programmes and standards bodies
- Deploying our own advice internally – relevant Intelligent Systems / Altran business units hold ISO 27001 and other accreditations
Packaged offers list
Our key security offers include:
- Risk Assessment & Security Management – Using a range of industry best practices, standards and methods, including ISO 27001. Also as part of Intelligent Systems / Altran’s proprietary STORM™ approach to overall operational risk management.
- Audit, Assurance and Testing – Evaluation of system and organisational security, including penetration testing, and product evaluation, including assurance development and supplier follow-up.
- High-Assurance Secure Software Development – Intelligent Systems / Altran’s proprietary software development techniques are one of few approaches able to provide the assurance required for the highest levels of product approval (EAL6–7).
- Physical Security Provision – Intelligent Systems / Altran’s Security Solution has a strong heritage in the design of physical security systems for the protection of the Critical Infrastructures, covering all phases of the project’s lifecycle from the Tender to Commissioning on site.
- Security Technologies – in a variety of domains from thru-wall radar to the SPARK tools for software information flow analysis in support of MILS.
- Aviation Security – providing the international Air Transportation community with pragmatic and cost-effective end-to-end security solutions for passengers, personnel, information, goods and infrastructures, protecting against international threats.
Tokeneer – high-assurance access control with biometrics & tokens for NSA
The US National Security Agency (NSA) wanted to determine how to build systems that are cost-effective, ultra-secure and certifiable to the Common Criteria EAL5. The Intelligent Systems / Altran Correctness By Construction approach for low defect software was applied to the development of a biometric protected enclave system. Intelligent Systems / Altran’s REVEALTM method was used to capture the requirement, and the system was specified in the Z formal computing notation. The implementation was in Ada, and the SPARK static analysis tools were used.
An independent assessment was conducted and found zero defects post-delivery. The Tokeneer project was named the winner of the inaugural Microsoft Research Verified Software Milestone Award. A subsequent US National Cyber Security Partnership report into improving Security across the Software Development Lifecycle concluded that “The “Correctness by Construction” approach demonstrates a substantial reduction in design defects and security vulnerabilities.”