Research and Development

Research and development

Commercial research and projects

Research and innovation is at the heart of what we do. It enables us to provide unique, and different services to our clients.

We use our experience and understanding of existing best practices across the security and digital forensics areas, and develop unique solutions to address your specific problems.

Where possible, we integrate our existing client base into collaborative research and development project activity and develop unique solutions as needed.

We offer independent commercial research in the areas of information security, eDiscovery/eDisclosure and digital forensics. We bring together our domain-specific expertise with the appropriate research methodologies to deliver quality results to our clients.

We develop research for policymakers, service providers and business stakeholders. This includes evidence-based best practice, knowledge and insights, as well as expertise that can be used for decision making.

Key research areas include:

Government security policy development
Security standards and regulatory trends assessment
Security and forensics technology assessment
Market and industry assessment

Key research and development credentials

Our research and development department is led by qualified researchers. With experience in research and innovation management, as well as delivering the outputs which arise from collaborative projects, our team have the knowledge to support you.

Our credentials:

eDiscovery and digital forensics
- Ontology-based data representations of forensic data and metadata
- Relationship mapping and inference techniques
- Post security event analysis
- Early case metadata assessment
- Advanced forensics data collection
- Forensics evidence models
- Data redaction
Technology development skills
Security-by-design
Risk-based checklists and frameworks
Local security infrastructures
Technology commercialization support
Data analytics

Projects

We participate in information security, eDiscovery/eDisclosure, and digital forensics research and development project partnerships.

We bring experience of best practice procedures and an understanding of technologies, trends and emerging needs.

See a snapshot of some of our recent project involvement below.

Situation Aware Security Operations Centre (SAWSOC)

Period: 2013 – 2016 Project Value: €5m

About SAWSOC

Various physical and logical security technologies exist, but their management and function exists in isolation from each other in a security monitoring context.

While some markets and technologies have merged - for example SEM and SIM have combined into SIEM) logical and physical access control technologies have converged into Identity Management (IM), and security operations environments have evolved considerably - more is needed to improve function and security situation awareness.

SAWSOC has developed an advanced SOC platform that will support accurate, timely and trustworthy detection and diagnosis of attacks. It correlates events from a diverse range of physical and logical security sources to achieve enhanced situational awareness.

The project was supported by three critical infrastructure end-users in the air traffic control, energy distribution and stadium management domains.

Our involvement

We performed a gap analysis technical assessment of performance features for existing logical security technologies (e.g. SIEM, network monitoring solutions) to support SAWSOC requirements development.

We also developed appropriate incident response procedures to support the SAWSOC platform, as well as appropriate forensics data acquisition that facilitates legally admissible evidence capture.

More information: http://www.sawsoc.eu/

European Control System Security Incident Analysis Network (ECOSSIAN)

Period: 2013 – 2017 Project Value: €13m

About Ecossian

Both regional economies and the wider federated European and global ecosystem require that critical infrastructures function properly and are effectively co-ordinated from a security protection perspective.

Security threats must not only be managed at the individual critical infrastructure level, but must also be co-ordinated at a national and pan-European overall situation awareness level.

ECOSSIAN attempts to develop a Pan-European platform for mitigating and sharing security threat information at individual, national and Pan-European levels.

The project has a dual focus on both technological and societal/legal aspects of this problem. It aims to develop a community cloud threat sharing network, and ensure that issues around trustworthiness, anonymity, privacy and legality are addressed for relevant ECOSSIAN stakeholders and end-users.

Our involvement

We are supporting the ECOSSIAN project by:

doing a technical assessment of use cases and existing security monitoring technologies,
carrying out security and privacy risk assessments
leading the development of a common data acquisition interface
supporting, with the development of incident response procedures, live forensics data acquisition, and business continuity assessments for the ECOSSIAN platform

More information: http://ecossian.eu/

Comprehensive Approach to Cyber Roadmap Coordination and Development (CAMINO)

Period: 2013 – 2016 Project Value: €1m

About CAMINO

CAMINO was a Pan-European, SME-driven initiative that developed a comprehensive cybercrime and cyber terrorism research strategy, to support the European Commission to prioritize and allocate research funding.

The project also supported the development of stronger links between security research experts and organizations across Europe, aligning with other similar clustering initiatives.

Our involvement

The CAMINO consortium was led by six members of the Industrial Mission Group for Security (IMG-S), with BSI collaborating as an associate member

We led activities around assessing and identifying technologies with disruptive potential for cybercrime and cyber terrorism. We established the current state of the art Technology Readiness Levels (TRLs), as well as leading on activities around the adoption and dissemination of the CAMINO research roadmap.

More information: http://www.fp7-camino.eu/

Innovation Framework for Privacy and Cyber Security Opportunities (IPACSO)

Period: 2013 – 2015

We participated in developing a set of market and innovation supports for researchers and innovators in the privacy and cybersecurity marketplace.

More information available at http://ipacso.eu/

Spotlight: privacy management and self-service data protection assessments

BSI is currently developing a cloud-based privacy self-assessment application (codenamed “PGC-Assess”) which will support our Cybersecurity and Information Resilience consultants, clients, and professional market place to fulfil privacy requirements in an efficient, consistent and scalable manner.

PGC-Assess aims to support with the anticipated demand for efficient self-assessment and profiling of specific privacy activities and workflows in organizations. This is in line with emerging regulatory demands and specific requirements around privacy-by-design - in particular the EU General Data Protection Regulation (GDPR), due for EU-wide enforcement in May 2018.

Spotlight: eDiscovery service innovation

Our leading eDiscovery/eDisclosure service delivers unique research and development solutions to client problems.

Data analysis and message information reconstitution – patent pending

Organizing and handling unstructured data in a typical eDiscovery case has become increasingly difficult. Paper scans, malformed emails and similar “bad” input data can lead to several downstream data management problems.

Our research and development team has developed a pre-processing solution for eDiscovery professionals that enhances coding, reassembly and quality checking of documents and similar unstructured information - improving review capability, evidence quality and assurance.

Unstructured and proprietary email format reconstruction

One core focus within the eDiscovery domain is to increase process automation around the large, unstructured datasets involved in litigation events. This supports increased accuracy in litigation activity, enhanced efficiency, and greatly reduced costs via reduced manual processing and reviews.

While existing "cookie-cutter" software tools reduce this effort, typical large-scale caseloads encountered in large scale litigation activity also require bespoke technical solutions.