#Product Trends
IT Security and precise time in the area of critical infrastructures
BÜRK MOBATIME Time Server can deliver the precise time
The topic of "IT security" is becoming increasingly important in the area of critical infrastructures and public safety. Stolen user data and passwords, widely unknown manipulations in the Darknet and various hacker attacks are keywords that unfortunately only describe the tip of the iceberg. Many IT attacks, on the other hand, do not even become public, future threat scenarios are very difficult to estimate and thus represent a very complex, hardly tangible topic.
The fullness of these threats and tasks often overlooks the importance of accurate system time for IT networks and endpoints. For example, the Federal Office for Information Security (BSI) in its catalog of measures "Hardware and Software" points out that "all computers involved in an operation should have a correct time reference". So this is "especially in the evaluation of logging information [...] of central importance", for correct error messages, synchronization problems with distributed systems or even documentation tasks correctly. One speaks in practice of the so-called "time stamp", normally it is associated with the use of the Network Time Protocol.
In many cases, CRITIS data (for example in energy suppliers, waterworks, hospitals, transport and traffic or in finance and insurance) are processed and stored in computer centers. The importance of a precise and correct system time is largely confirmed by managers of such data centers. Beyond the reasons already mentioned, time is even of central importance for the proper functioning of a computer center. Because if the time base is not right, the software applications were sometimes no longer reliable and also the rebooting of the IT system would be very time-consuming. And this in turn is important, since due to the increasing number of cyberattacks such re-shooting processes have to be carried out much more frequently in company practice.
The BSI confirms this view in its writings and names three possible expansion stages, how to ensure a reliable time base in the IT network. At the lowest level, at least one synchronization of the computer network by NTP would be by means of a network based time source (e.g., the Physikalisch Technische Bundesanstalt). On the other hand, in the medium expansion stage, it is already assumed that an IT time server, a device correspondingly equipped with quartz base and DCF radio antenna, will be integrated in the computer network as a time source. Finally, the Federal Office recommends as the highest expansion stage, to go with the receiver on the combination of DCF and GPS signals and to pay attention to a high-precision, internal timer (oscillator). It should also be noted that these recommendations were formulated as early as 2011 and that the IT security situation has presumably worsened since then.
In today's practice, therefore, it may be necessary to exclude any physical access to the Internet, e.g. when using a network service, for reasons of IT security categorically. Also one would probably ask themselves as IT responsible person the question, if this "time out of the socket" can still really meet the high demands in the data center concerning system / device availability today. In the case of the medium expansion stage, it should be criticized that the DCF radio signal is not necessarily considered tamper-proof, which is why the BSI also proposes a higher expansion stage with corresponding difference detection as an alternative.
In the meantime, a high expansion stage has become established as a standard solution for power plants, with two local IT time servers with precise, internal quartz base integrated into the computer network as NTP / PTP time sources. Both devices are optically interconnected independently of the network and constantly balance their quartz base. This is necessary because each oscillator has a small amount of quartz drift and therefore could leap in time when switching from one device to another. Such time jumps are technically incompatible in IT networks. In addition, these high-quality time servers are able to verify the respective incoming GPS time signals via an adjustable plausibility check and to issue error messages in the event of faults or even attacks.
All in all, these technical arguments point to a factual assessment that such precise, secure and highly available NTP / PTP time service solutions should also be used for IT systems in CRITIS structures.
