Since our partnership started in 2005, we have developed various specialist applications for the KStA, for example, ReLa for the administration of physical tax documents and Delphi, which allows generating statistics on the work of tax officers.
In this project, the KStA explained the current situation and the planned introduction of the flat network infrastructure and the new digital workplace in an initial workshop. In a second workshop, we then identified the working methods, the key processes, and the associated assets of the KStA in order to derive possible attackers and their motivation.
The following step was complex, thus requiring multiple workshops. We reviewed the technical situation both as it currently stands and over the phases of the project, including existing and planned security measures. This allowed us to identify the attack surface and threat scenarios.
Based on this, we determined, quantified and prioritized the specific risks for all phases of the rollout. The result was summarized in a report for the attention of the KStA.
Since the risks increase significantly with the new set-up, we have also developed detailed measures together with the KStA to minimize them and described them in a second report.