Trends in Society & Security – Thought Leaders Discussion at the Future Summit

It was a pleasure and inspiration discussing with other thought leaders future relevant trends in society and security. 

As follow-up to their keynotes and moderated by Stefanie Dreyer, the panel participants Daniel Kroos (OSCE – Organisation for Security and Collaboration in Europe), Steven Koleczko (DGC – Deutsche Gesellschaft für Cybersicherheit), Jay Tuck (Investigative Journalist) and Jochen Werne (Prosegur Germany & Prosegur Crypto) discussed impacts of technological changes on society and security. The panel took place during the 25th anniversary of the Hamburg@Work Future Summit on the historic freight ship Cap San Diego in the port of Hamburg and consisted of outstanding streams on digital future trends with Nils Müller – Trendone, political trends with Federal Minister Wolfgang Schmidt, Dr. Thomas Mirow – Senator ret. Hansestadt Hamburg, Dr. Carsten Brosda – Senator Hansestadt Hamburg, Prof. Henning Voepel – cep, Centrum für Europäische Politik, Thomas Fuchs – Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, technological trends with Dalits Steiger – SwissCognitive, Dr. Mira Wolf-Bauwens – IBM Research Europe  

Congratulations to the board and the team of Hamburg@Work under the leadership of Uwe-Jens Neumann for this outstanding achievement.

Details are available at: https://www.digitalcluster.hamburg/de/events/2022-09-22%2025th%20Anniversary%20SUMMIT-232933

Keynote: Analog Battlefields and Cyberwarfare: Risk & Opportunities in a Changing World

Until recently, most of us in today´s modern societies had had the privilege of assuming that a “real” war is a relics of a bygone era. This has changed. War in Europe is real and Cyberwarfare has become an asymmetric battlefield aiming at destabilizing whole economies and societies. In his keynote, Jochen Werne will lead you through historical analogies and share his thoughts with you on what soon might be a new reality and how you should prepare.

Kuppinger Cole – Cybersecurity Leadership Summit 2022

Hybrid Event

November 08 – 10, 2022

in Berlin, Germany & Online

Keynote Session by Jochen Werne

Wednesday, November 09, 2022 16:20—16:40

Location: Historic Kassenhalle

INTERNATIONAL RELATIONS: Solving global challenges needs borderless international collaboration

With pride GOST (Global Offshore Sailing Team) collaborates since years with the Asociación para la Investigación y Difusión de la Historia Naval de Cuba. The latest collaboration with respect to Expedition Blue Ocean is a living example, that despite the political state of affairs, organisations strongly focused on supporting international understanding can be instrumental in solving challenges which cannot be solved within the borders of just one country. 

Excerpt from EL Faro, June 2022 – Author: Maximino Gomez Alvarez – translated with deepL

AIDHNC SUPPORTS EXPEDITION BLUE OCEAN AND COMBINES IT WITH THE 30TH ANNIVERSARY OF THE FOUNDATION OF THE HEMINGWAY INTERNATIONAL YACHT CLUB OF CUBA”.

Despite the many difficulties faced, including the COVID 19 pandemic that we have been suffering for more than two years, the Association for Research and Dissemination of the Naval History of Cuba has not rested in its arduous work. 2022 has been an illustrative year of the progress made by this organisation, achieving great objectives in its growth and organisation. Several collaboration agreements have been signed, including one with the Hemingway International Sailing Club of Cuba, and support has also been given to various activities carried out by the prestigious international organisation Global Offshore Sailing Team.

Two events stood out in the month of May, Expedition Blue Ocean and the celebration of the 30th Anniversary of the creation of the Hemingway International Yacht Club of Cuba, in both activities the AIDHNC has been present.

In the case of the support given to the North Sea Endurance Expedition within the framework of the Blue Ocean event, several voyages were made, the one made by GOST, two others leaving from the port of Miami to Key West with the vessel La Caña (as the flagship of the AIDHNC) and another one made in Cuban waters to the north of the Province of Havana, with five vessels of the CNIHC. Thus, the flag of our organisation flew in the waters of the North Sea, until reaching the English coast, the Mediterranean Sea, as well as the Atlantic, the Gulf of Mexico and Cuba.

Extensive publicity work was carried out to publicise the Expedition Blue Ocean. Another of the activities programmed was a Children’s Drawing Competition with the slogan “For a clean and beautiful ocean” in greeting and support of the Blue Ocean Expedition and the 30th Anniversary of the CNIHC.

In the case of the Hemingway International Yacht Club of Cuba, with which a Collaboration Agreement had previously been signed, a complete collection of naval-themed works published by the AIDHNC was donated to this institution, and a Diploma of the AIDHNC was presented to Commodore José Miguel Díaz Escrich, who has directed this illustrious and renowned Cuban nautical institution since its foundation and up to the present day. Likewise, we supported the activities of celebration of the 30th Anniversary of this renowned Cuban Yacht Club, participating in the regatta held also in salute to this anniversary, as well as in the Reception held as a culmination of the activities held in the framework of these celebrations.

Press Brand Story: George Clooney would have no chance

The secret bunker for bitcoin assets

Published on 24.06.2022 | Reading time: 6 minutes

Source: Die Welt – original language German | Translated by deepl.com

International security company Prosegur stores cryptocurrencies in super-secret locations without internet access. Partner O₂ Telefónica makes the communication possible and ensures that it is secure.

Looking at money, it quickly becomes clear that times have changed. In the ten biggest bank robberies, around 1.5 billion euros were taken, all told. In crypto hacks, it was around 3.9 billion euros in 2021 alone, according to the analysis company Crystal.

Jochen Werne is not surprised. “Anything of value arouses covetousness.” Werne is Chief Development Officer and Chief Visionary Officer Prosegur Germany. He develops new services for the German subsidiary of the international security group. Prosegur Crypto GmbH offers such a service, Werne is managing director: a custodian for digital assets – without an internet connection.

New money, new risks, new security concepts

Security world market leader Prosegur is famous for its yellow money carriers and became big in the cash business. With the boom of cryptocurrencies, new demands came to the company with headquarters in Madrid. The goal: to be able to offer the world’s most secure storage method for cryptocurrencies. In Germany, Prosegur works together with the business customer division of O2 Telefónica. Together, they are setting themselves up at a new level of security – the highest level, because billions in Bitcoin, Ethereum and other digital currencies are at stake.

“Our goal is to help give the new ecosystem the trust it deserves through security components,” says Werne. “Our history is closely intertwined with the security of any asset. Crypto custody is a logical evolution of our business.”

O2 networks vaults and money

O2 Telefónica is taking over the communication for Prosegur Germany, and completely. Karsten Pradel, Director B2B at O2 Telefónica, explains: “It starts with the mobile phone service for 3300 employees. In addition, around 1,000 of Prosegur’s yellow armoured cars and networked safes are equipped with a Global SIM from O2 Telefónica. In this way, the armoured vans and the security boxes are directly and securely connected to Prosegur’s company network. Via GPS, the routes of cash transporters can be documented and secured.”

O2 also provides fast fibre-optic access and secures internal communication against external access with VPN (Virtual Private Network) access. A completely new feature is a software-controlled data network (SD-WAN): this allows the Prosegur data traffic to be controlled intelligently and quickly.

In this way, the environment at the site can be secured against threats – where the internet traffic originates. An intelligent component links all communication paths and always selects the best one. This has three advantages, says Sören Jahnke, Global Solutions Engineer at O2 Telefónica: “A lot of bandwidth at a low price, more redundancy and thus communication security (because copper cable, fibre or mobile are used depending on availability and demand) and a better user experience because the services work better: ‘Everything runs much faster'”.

Where it gets critical is when people and the internet come into play

Prosegur aims to offer the ultimate crypto custody method. Yet transactions in cryptocurrencies are actually secure. Their cash book is the blockchain. That’s where the crypto money is stored. The blockchain is a digital document; digital copies of this document are stored simultaneously on a large number of computers – this makes it forgery-proof. When a transaction is made, the data chain contained in the document is supplemented in all copies by a data block that can never be deleted again.

However, it becomes critical when people and the internet come into play. Anyone who trades in cryptocurrencies needs a wallet. This is a kind of digital wallet. The wallet software in turn creates a digital signature and processes a transaction with the owner’s private key. Only in this way does the owner gain access to his crypto treasures stored in the blockchain and can use them. “You can always trace every step, what happened when and where,” says Jochen Werne.

Danger for assets and for people

This wallet can be made available in an app or on a computer and is usually connected to the internet. This is called a “hot wallet” – it is convenient because transactions can be made quickly, but it is vulnerable to hacker attacks. A “cold wallet” (also called “cold storage”) works without direct internet access – this can be a USB stick, for example. This form of asset storage has two problems. Firstly, a cold wallet can be the target of an extortionist or robber, just like a gold bar or large amounts of cash stored at home. Secondly, cold wallets are only secure as long as they are disconnected from the internet.

“For us, cold storage is not enough,” says Jochen Werne. “Because having large assets at the disposal of only one person not only endangers the assets, but also the person who has that power of disposal. Here, criminals not only resort to direct threats of violence on this person, but they often also threaten family members.” Prosegur Crypto therefore takes a different approach. The company stores customer data in a hardware security module (HSM). The technology works in much the same way as we would expect in an agent film.

No chance for “Ocean’s Eleven”

“This is a computer in a military-standard shielded case that is kept in one of our high-security facilities and is not connected to the internet,” Werne explains. If, contrary to all expectations, such a device should fall into the wrong hands, it deletes the stored data. Security protocols then stipulate that the data can be reconstructed via a highly complex system equipped with appropriate codes. Prosegur has a whole range of high-security facilities. The locations of the crypto-bunkers are, of course, secret.

“The entire security is fully electronically monitored with various modules and security protocols on several levels. These are smart fences, for example, where possible threats are analysed by artificial intelligence,” says Werne. Even an attack like in the film “Ocean’s Eleven” – George Clooney’s crew simply turns off the power there – would not work.

“WE BELIEVE WE CAN OFFER THE MOST SECURE CUSTODY METHOD FOR CRYPTO ASSETS IN THE WORLD”

JOCHEN WERNE
Chief Development Officer and Chief Visionary Officer Prosegur Germany


And yet Prosegur customers can initiate blockchain transactions online – what follows is a sophisticated process. In the process, the hardware security module connects to a computer network that makes blockchain transactions possible.

The technology comes from GK8, a company specialising in crypto technology; the method used here is so-called multi-party computing (MPC). The transaction is transferred to the user’s blockchain via several security instances, using a patented technology that does not require a direct connection to the internet. This secures the critical moment of the transaction. “Everything else stays in cold storage” – most of the time the crypto assets are in the Prosegur high-security vault, without an internet connection. Jochen Werne: “We believe that we can offer the most secure custody method for crypto assets in the world. Currently, we are preparing to launch this service with the appropriate licensing in the strictly regulated German market as well.”

X-VOLUTION: Technologie und Gesellschaft – Ein Plädoyer für Aufklärung

Sascha Adam befragt im Schlußplädoyer die Teilnehmer des X-Volution Tech-Talks über ihre persönlichen Aussichten zum Thema technologischen Fortschritts und seinen Auswirkungen auf Wirtschaft, Unternehmen und unsere Gesellschaft.

Jochen Werne, Chief Visionary Officer von Prosegur German, Managing Director der Prosegur Crypto GmbH und mehrfach international ausgezeichnet für sein Engagement in International Relations antwortet mit Zuversicht und einer Reflexion für die internationale Politik.

Sascha Adam in his interview with Jochen Werne

In his closing statement, Sascha Adam asks the participants of the X-Volution Tech-Talk about their personal outlook on the topic of technological progress and its impact on the economy, companies and our society. Jochen Werne, Chief Visionary Officer of Prosegur German, Managing Director of Prosegur Crypto GmbH and winner of several international awards for his commitment to international relations, answers with confidence and a reflection for international politics.

Das gesamte Interview finden sie hier:

TIME of MISTRUST

A plea for trust in a time of mistrust. Trust is the foundation on which monetary systems are built. Trust forms the basis of international diplomatic relations and is the foundation for all progress.

But what happens once trust is shaken?

The diplomatic dispute over a multibillion-dollar submarine treaty – which took place three months before the Russian – Ukrainian war, concerns about a new cold war, and the collapse of the Bretton Woods system exactly 50 years ago are the manuscript for this maritime-themed French-American story about money and trust. It is an object lesson for our times, where we are witnessing the emergence of crypto-financial markets and thus stand on the threshold of a new form of money.

TIME OF MISTRUST

by Jochen Werne

After the traditional long summer vacation, France awakens in September from its brief self-created slumber, as it does every year. Life begins to take its usual course, even if some are still reminiscing, perhaps enjoying the first harbingers of post-Covid worry-free life. Not so Philippe Étienne. For him, on the other side of the Atlantic, in Washington, which is actually picturesque at this time of year, autumn begins with a diplomatic thunderstorm. A storm that must have been new even for the 65-year-old gray-haired eloquent ambassador of France. 6160 kilometers away, at the Élysée Palace, Président de la République Emmanuel Macron decides to call his top diplomat in the United States, along with his Australian counterpart Jean-Pierre Thebault, to Paris for consultations. The unprecedented act in Franco-American history is justified by Foreign Minister Jean-Yves Le Drian with the “exceptional gravity” of an Australian-British-American announcement, and impressively underlined with the words “lie,” “duplicity,” “disrespect” and “serious crisis.”

At the heart of this crisis is the surprise announcement by the aforementioned countries to enter into a strategic trilateral security alliance (AUKUS) with immediate effect. An alliance that also provides for the procurement of nuclear-powered submarines for Australia, effectively putting to rest a 56-billion-euro French-Australian submarine order already initiated in 2016. The conclusion of the agreement comes at a time when U.S. President Joe Biden has asserted to the UN General Assembly, “We do not seek – I repeat, we do not seek – a new cold war or a world divided into rigid blocs.” However, experts, such as renowned historian Niall Ferguson, have been talking about this so-called “new cold war” between the U.S. and China since 2019, and it is not about nuclear arms races, but rather about technology supremacy in cyber security, artificial intelligence and quantum computing. Even though nuclear-powered submarines are at the center of the diplomatic dispute, one is quick to note in the AUKUS agreement that cooperation in the aforementioned fields is one of the most important components of the treaty. An objective that is perhaps also congruent with French interests. But the dispute between the old friends is less about the “what” than about the diplomatic “how” – that is, about the breach of trust that is triggered when close allies are simply presented with a fait accompli. Facts that also affect them financially and personally.

Because money and trust are closely interwoven. The trust of a bank that the creditor will repay its debts. A citizen’s trust that the currency in which he or she is paid their salaries is stable. A state’s trust in a currency system that the agreements made there will be honored by all. Georg Simmel, in his “Philosophy of Money,” sums it up this way: “Money is perhaps the most concentrated and pointed form and expression of trust in the social-state order.”

Last year marked the 50th anniversary of another French-American trust-busting melodrama with a maritime backdrop. Benn Steil, senior fellow at the Council on Foreign Relations, describes the moving events of August 6, 1971, in his book, The Battle of Bretton Woods, as follows: “…a congressional subcommittee issued a report entitled ‘Action Now to Strengthen the U.S. Dollar` that concluded, paradoxically, that the dollar needed to be weakened. Dollar dumping accelerated and France sent a warship to pick up French gold from the vaults of the New York Fed.”

At first glance, this dramatic gesture by then French President Georges Pompidou in the final act of the collapse of the Bretton Woods system seems as strange as the withdrawal of ambassadors today. The basis, however, is similar and lay then as now in an equally shaken trust between the great nations that were nevertheless so closely intertwined. Without going deeper into the new monetary order created after World War II, with the U.S. dollar as the anchor currency, it is important to understand the reason for the French revolt evident in the “White Plan.” The plan provided that the U.S. guaranteed the Bretton Woods participating countries the right to buy and sell gold indefinitely at the fixed rate of $35 per ounce. The dilemma of this arrangement became apparent early on. For by the end of the 1950s, dollar holdings at foreign central banks already exceeded U.S. gold reserves. When French President Charles de Gaulle asked the U.S. to exchange French dollar reserves for gold in 1966, the FED’s gold reserves were only enough for about half that amount. The ever more deeply anchored loss of confidence forced the American president Richard Nixon on August 15, 1971 to cancel the nominal gold peg and the so-called “Nixon shock” ended the system as it was.

And where something ends something new can or will inevitably begin.

Today we live in a world where the stability of our currency is based on our confidence in government fiscal policy, the economic strength of our country, and the good work of an independent central bank. However, we also live in a time when new currency systems are already looming on the dense horizon. The basis for this was laid in 2008, not surprisingly, by one of the most serious crises of confidence in the international banking system that modern times have seen. And the new systems are being implemented with the help of cutting-edge distributed ledger blockchain technology. The new, with its decentralized nature, is challenging the old. While many of the new currencies in the crypto world, such as bitcoin, are subject to large fluctuations, stablecoins promise a link and fixed exchangeability to an existing value, such as the US dollar or even gold. However, the old Bretton Woods challenge of being able to keep this promise at all times remains in the new world. Millions of dollars in penalties imposed by the New York Attorney General’s Office on the largest U.S. dollar stablecoin, Tether, for not being fully verifiable do little to help trust, especially when less than 3 percent of the market capitalization is actually deposited in U.S. dollar cash. As always with new ones, trust has to be built up. This can be done privately, perhaps with a stablecoin backed 100% by central bank money, or by the state, with well thought-out central bank digital currencies, such as the digital euro planned by the European Central Bank.

We live in a world of perpetual rapid change and trust is, as Osterloh describes it, “the will to be vulnerable.” Without trust, there are no alliances, no togetherness, no progress.

Philippe Étienne was back in autumnal Washington after just a few days and has since been working again on what diplomats are best trained for – building trust.

Sources

Billon-Gallan, A., Kundnani, H. (2021): The UK must cooperate with France in the Indo-Pacific. A Chatham House expert comment. https://www.chathamhouse.org/2021/09/uk-must-cooperate-france-indo-pacific (Retrieved 24.9.2021)

Brien, J. (2021): “Stablecoin without stability”: Tether and Bitfinex pay $18.5 million fine. URL: https://t3n.de/news/stablecoin-tether-bitfinex-strafe-1358197/?utm_source=rss&utm_medium=feed&utm_campaign=news (Retrieved: 9/30/2021).

Corbet, S. (2021): France recalls ambassadors to U.S., Australia over submarine deal. URL: https://www.pressherald.com/2021/09/17/france-recalls-ambassadors-to-u-s-australia-over-submarine-deal/ (Retrieved 9/25/2021).

Ferguson N. (2019): The New Cold War? It’s With China. And It Has Already Begun. URL: https://www.nytimes.com/2019/12/02/opinion/china-cold-war.html (Retrieved: 9/30/2021).

Graetz, M., Briffault, O. (2016): A “Barbarous Relic”: The French, Gold , and the Demise of Bretton Woods. URL: https://scholarship.law.columbia.edu/cgi/viewcontent.cgi?article=3545&context=faculty_scholarship p. 17 (Retrieved 9/25/2021).

Osterloh, M., Weibel, A. (2006): Investing trust. Processes of trust development in organizations, Gabler: Wiesbaden.

Steil, B. (2020): The Battle of Bretton Woods: John Maynard Keynes, Harry Dexter White, and the new world, p. 377.

Stolze, D. (1966): Does de Gaulle defeat the dollar? In ZEIT No. 36/1966. URL: (https://www.zeit.de/1966/36/besiegt-de-gaulle-den-dollar/komplettansicht (Retrieved: 9/26/2021)

The Guardian Editorial (2021): The Guardian view on Biden’s UN speech: cooperation not competition URL: https://www.theguardian.com/commentisfree/2021/sep/22/the-guardian-view-on-bidens-un-speech-cooperation-not-competition(Retrieved: 9/29/2021)

Unal, B., Brown, K., Lewis, P., Jie, Y. (2021): Is the AUKUS alliance meaningful or merely a provocation – A Chatham House expert comment. URL: https://www.chathamhouse.org/2021/09/aukus-alliance-meaningful-or-merely-provocation (Retrieved: 9/24/2021).

Time Online (2021): France sees relationship in NATO strained. URL: https://www.zeit.de/politik/ausland/2021-09/u-boot-deal-frankreich-australien-usa-streit-nato-jean-yves-le-drian?utm_referrer=https%3A%2F%2Fmeine.zeit.de%2F (Retrieved: 9/25/2021)

Ad campaign O2Business: Partnerships matter

STRONG PARTNERSHIP FOR A SECURE FUTURE

As Germany’s market leader for money and value services, it is of particular importance for Prosegur to maintain professional partnerships with the best companies on the market. We are pleased to be able to rely on our partner o2 Business (Telefónica Germany) in the telecommunications sector worldwide and it was a pleasure for us to serve as a reference for their new campaign.

Many thanks to Heike Windfelder, Fritz Fechner, Ilka Wiehe, Erhan Ocak Malte Jost Edda Heue Vanessa Eggestein Hasan Celebi Heiner Eberle Collja Lorig Michael Mogk Peter Strauss Ogilvy Telefonica INTOKU PICTURES for the support, the fantastic shooting day and the great result

Campaign #advertisement #Prosegur #Telefonica #O2

124.000 views in the first 18 hours just on YouTube … a good start

https://www.o2business.de/produkte/mobilfunk/angebote/sehrgutesnetz-u-prosegur/

gi-Geldinstitute Expert Talk: How banks keep track of IT vulnerabilities

An article by Stefanie Walter, Editor | 01.03.2022 – translated with DeepL.com – Original in German available HERE

Expert Panel: Christian Meusel, Berliner Volksbank – Gerrit von der Hardt, Targobank – Thorsten Demski, Volksbank Bielefeld-Gütersloh – Andreas Meyer, Union IT Services DZ Bank Group – Jochen Werne, Prosegur – Marion Gratenberg, Targobank

The rapidly advancing technological transformation in the banking sector also brings problems. Instead of leading to increased security, labour savings and customer friendliness, different applications can also bring performance problems and even failures.

This must be recognised and averted in good time. Application performance management, performance engineering, software intelligence, overservability or process mining are the new buzzwords here. A holistic overview of all applications is helpful in resolving weaknesses and freeing up capacities for innovations in the business. In the gi-Geldinstitute roundtable discussion, this topic will be examined by experts.

Meusel: As a bank, we must first and foremost provide services for our clients. They are our main drivers. We in the operational organisation are therefore currently investing intensively in usability and direct availability in particular.

Demski: We want to avoid media discontinuities and streamline and improve process transitions in individual departments. The work on process improvement has accelerated a bit due to the pandemic. But it is a fundamental issue that we are dealing with in the context of digitalisation. Our last project focused on the speed of the credit processes. Our goal is not only to bring about decisions quickly, but also to ensure that they are as error-free as possible.

Gratenberg: We are concerned with making processes faster, but also more efficient from the customer’s point of view. In the last two years, we have invested a lot of time and analysis in the automation and optimisation of existing customer processes. An agile squad was also founded for this purpose. In the squad, we analyse where there is further potential to optimise and automate processes.

Werne: The goal of our process automation is to be as customer-friendly as possible. In Germany, we provide about 50 per cent of the total cash logistics. We thus guarantee the cash supply of the population and secure the liquidity cycle of companies, credit institutions and municipalities. In our cooperation with the banks, we want to drive the transformation. In our group, we are driving the optimisation of the IT outsourcing processes of the entire cash management and projects such as crypto custody. With Prosegur Crypto, we have launched a solution for the custody and management of digital assets that works automatically without an internet connection to achieve maximum protection against cyber attacks.

Meyer: Union Investment has two good reasons to optimise processes today – increasing process cost efficiency and regulatory law. As part of regulatory audits, we are required as one of the leading German asset managers to produce a business process map as part of the written order. I like the result: by using modern process intelligence tools, we recognise process weaknesses that need to be optimised. At the same time, we produce process models required by banking supervisory law. The auditing company PricewaterhouseCoopers confirmed an availability of 99 percent (2021) for the 170 applications used in the investment process. As part of the Genossenschaftliche FinanzGruppe (Cooperative Financial Network), we are the expert for the asset management of 4.8 million private and institutional investors with more than 400 billion euros in assets under management. We thus provide the IT required for this to more than 1,100 internal Union users with high availability.

Diener: In my role at Atruvia, the digitalisation partner of the Genossenschaftliche FinanzGruppe, I am responsible for measuring and analysing performance data for around 820 affiliated Volks- und Raiffeisenbanken. Basically, you have to distinguish between two topics in process optimisation: the business management part and the technical part.

When I think back to the early days of my working life in the early 80s, you would enter a short code into the old IBM terminals to support your work and be happy to receive an answer milliseconds later. Over the decades, many things have changed massively here. Business and technical performance moved closer together. IT has become a central core of everyday work and an essential part of overall process optimisation. In addition to dealing with speed, response times or simply checking whether systems are available, more emphasis is now placed on user experience and user behaviour. How is the customer, what are they doing, where are they having problems getting on in the application?

Von der Hardt: Challenges arise above all with very long process routes via different interfaces with channel breaks. Then you have to assemble information from the most diverse systems, databases or process areas. Because it is difficult to optimise something with a sixty percent view without knowing what the one hundred percent end-to-end customer view looks like. The goal is not to think in small puzzle pieces, but to have the entire customer journey in mind.

Werne: In the pandemic, our process management faces the additional challenge that, for example, retailers or bank branches that we supply with cash close here today and reopen somewhere else tomorrow. Against the backdrop of our current modernisation programme, we are also moving everything to the cloud. Since we operate globally, coordination between the different countries and standardisation play an additional role.

Von der Hardt: Challenges arise especially with very long process paths via different interfaces with channel breaks. Then you have to bring together information from the most diverse systems, databases or process areas. Because it is difficult to optimise something with a sixty percent view without knowing what the one hundred percent end-to-end customer view looks like. The goal is not to think in small puzzle pieces, but to have the entire customer journey in mind.

Werne: In the pandemic, our process management faces the additional challenge that, for example, retailers or bank branches that we supply with cash close here today and reopen somewhere else tomorrow. Against the backdrop of our current modernisation programme, we are also moving everything to the cloud. Since we operate globally, coordination between the different countries and standardisation play an additional role.

Meusel: The back office is an extreme driver of efficiency potential. With consistent optimisations and consolidations, we have been able to significantly reduce the resources tied up in recent years, not only through Atruvia’s solutions, but also through the broad use of technical innovations from other partners in the area of automation. Nevertheless, we still see topics with great potential, for example in the passive market succession, keyword probate, garnishment processing and other payment transaction services. As is well known, the active back office is currently experiencing high growth in the lending business. At the same time, the margins are melting away. We must therefore continue to look very intensively at how the balancing act of resource optimisation and business growth can be made possible, for example by means of process management. Here, of course, we use the analysis possibilities of Atruvia at our process times and try to achieve the necessary benchmarks through continuous process development.

Demski: We have also started in the back office. In the new year, we will take another look at customer service in the process analysis. This is where we can make the most profit. The procedure is first of all a precise recording of the processes and their interfaces. Based on this, we then evaluate which optimisation and/or automation steps make sense. Examples of automation for us are the processing of estates and processes related to online banking.

Von der Hardt: Targobank belongs to the cooperative Crédit Mutuel Alliance Fédérale Group from France. We are a retail and commercial bank with a focus on financing. Our process optimisation relates to these core processes. With Targo Dienstleistung we have a high-performance customer centre in Duisburg, which emerged from an industrialisation initiative at the end of the 1990s. Targobank has more than 20 years of expertise in digitalisation and process automation. It benefits from a large IT service provider and sees itself well equipped for the future in the highly competitive financial services market.

Gratenberg: In existing customer management, for example, we have automated large parts of the account closure process. This has been working very well for us for over a year now.

Werne: With regard to cash, the banking world has been in a transformation process for quite some time. Various credit institutions are already completely outsourcing their cash management for process optimisation and cost reasons. With smart machines, which Prosegur installs at its customers’ premises, cash can be disposed of directly and credited on the same day. The smart infrastructure, including dynamic monitoring and forecasting, optimises cash logistics and reduces costs.

Meyer: We already very successfully implemented a group-wide digitalisation initiative in the period from 2007 to 2010. Together with the central institutions of the DZ

Bank Group, more than 18 custodian banks and almost 90 securities trading houses, we were able to achieve a dark processing rate of 95 percent for transaction management and accounting across all countries and locations – both areas where the factors of mass and standard processing matched. Challenging in this context was the unification of message standards in the networks for financial transactions such as SWIFT and FIX and the first use of machine learning-based applications for the processing of still paper-based bookings. Today, the focus is on examining the use of AI in the context of feasibility and profitability considerations and thus realising further efficiency potential.

Diener: Processes are organised very differently at banks. We see our task in providing tools with which our customers can map, optimise and monitor the processes. It is no longer enough to look at individual use cases, from the click to the information expected by the customer on the screen. Business processes are viewed as a whole. The question is, what can be automated? Of course, this always takes into account the regulatory framework. A lot has happened in recent years in terms of technical performance. New technologies such as virtualisation, containerisation, self-healing systems – systems that manage themselves – have taken hold. The processing of a request in the data centre has become more complex and dynamic. It is important to make these new possibilities tangible for the customer and to support him in process optimisation.

Von der Hardt: There are cross-departmental and cross-bank teams/squads both in operational process management and in process optimisation initiatives. Especially in the case of RPA automation, departments and IT work together across the board.

Demski: We now have a fixed, very broad-based team. Among them are colleagues from organisational development who have always been involved in process management. We recruited the RPA team from this group and supplemented it with colleagues from IT and technology. They are then joined by experts from the specialist departments of the processes concerned. Together, they take a close look at the process side, analyse what can be automated and then enter into the development. The procedure is rather iterative in the sense of agility. A first version of an automated process does not necessarily have to cover 100 per cent of all cases. The best way for the developers to determine the greatest benefit is to work together with the departments.

Meusel: It’s always about giving a voice to as many people as possible who are ultimately users of process flows and results. It is important for us to find the right degree of participation so that we don’t get lost in too broad a grassroots democratic process in the further development. It is clearly about quality, about the return of investment, how much time I have to invest to improve the processes and what the actual effect is. For example, we have defined clear guard rails with the automation team for RPA and OCR solutions. In addition, there is always a comparison with the strategic goals. Often we have to fulfil various parameters with scarce human resources. In addition to involving the right people, we want to make the whole process as transparent as possible in order to make decisions understandable. We work very collaboratively, instead of putting every evaluation on the table and saying this is how we do it now.

Meyer: We have always carried out major changes as part of a project portfolio in cooperation between IT and the business department. We always look at the expenditure plus follow-up costs/benefits over five years. Based on this, we have a ranking and allocate resources to the projects accordingly. We don’t tackle every sub-process that could be automated because it simply doesn’t pay off.

Meusel: We always have evaluation options for our essential applications. What is challenging, however, is the networking and visualisation of the individual systems and analyses. The right degree of considered systems and subsystems plays an important role here. There are certainly promising offers on the market here. Since process mining is an important field for us, we are already in contact with service providers. But our discussions so far have also shown that good advice is expensive.

Werne: Despite several analysis tools that we use, it is sometimes not so easy to manage performance engineering in connection with different systems so that they are scalable and comparable. We haven’t yet found the egg-laughing lizard, where you just click and then know exactly what brings what performance. I doubt that it will ever exist in the level of detail that the theory implies. Do we have an overall view? The answer is, of course, yes. It’s not just banks that need to have it, but all companies with critical infrastructures. And not just because the regulator expects it. With new processes being introduced almost daily, the biggest challenge is to integrate them perfectly in order to continue to perform as usual.

Meyer: The use of such tools with regard to the IT infrastructure is carried out by our IT providers. At Union Investment itself, we successfully use such tools to analyse business processes. We can now load the data required for the analysis from the underlying applications into a process intelligence tool and systematically identify throughput times and routes, quantity structures, manual processing steps and their process effort. Because today almost every processing step leaves a digital footprint in the databases – and the tool generates the entire process model almost independently.

Diener: We have initiated many things in recent years: On the one hand, from a pure tool perspective, but also organisationally. System and application monitoring were to be merged, the entire monitoring process was to be put on a new footing. In particular, we invested in a comprehensive solution from Dynatrace. Their software intelligence platform uses a proprietary form of artificial intelligence to clearly visualise and monitor applications, microservices, container orchestration platforms and IT infrastructures, and offers automated problem detection. Analyses under a highly dynamic platform, such as Openshift, can only be performed in an automated way.

We want one hundred per cent visibility across all 50,000 systems we currently have in use in order to detect faults in advance. With the dynamics of communication between the technologies, it is no longer possible to say exactly which components are used for an individual communication. That’s why it’s so important to have this monitored via AI and to have it signal us when there are deviations from the norm that we need to take action or use automatisms from the outset to heal it accordingly.

Von der Hardt: Our process team has to identify very precisely where the weak points are in the overall process. We don’t yet use any special analysis tools from process mining for this. Personally, I think we first need a general streamlining of some processes. We are so busy changing processes that we no longer have time to optimise them significantly. We are constantly complicating them with new regulatory requirements.

Gratenberg: We can say that we have significantly fewer complaints and improved customer ratings with processes that are very standardised and automated. There are different degrees of automation. Partly, employees are involved in the processes if they are very complex. After reading out customer letters, for example, very different types of processing can become necessary, some of which still require human intervention. In addition to reducing the workload and making it error-free, there are of course still challenges with automation that are just a little different than before. If systems fail, a robot cannot work. An employee can still use a workaround. But there are always solutions. The processing by the robot could be postponed, depending on the urgency. It may also be possible to use a replacement robot, with the help of another licence.

How can performance engineering help to increase safety?

Diener: When customers report faults, we have to identify very quickly whether it is an isolated incident or a large-scale problem. Furthermore, in the past it was often difficult to recognise whether a system was the cause of a malfunction or was only suffering from a malfunction of a different origin. However, the central goal is to detect malfunctions or weaknesses preventively. In 2018, we had over 60 monitoring tools. With the Dynatrace platform, we now have a holistic performance data warehouse as a central component of our monitoring strategy. The number of tools has been reduced through consolidation. When a malfunction is reported, we can thus quickly determine which groups of users and exact functions it affects. We are able to quickly narrow down possible causes in order to fix the problem permanently. Incidents are specifically forwarded to the person who can solve them.

Meyer: Around 500 servers are operated for us in the data centres of our IT provider Atruvia for about 170 applications. These are permanently monitored using more than 20,000 measuring points. If a fan fails somewhere and a server gets too warm, expected data transfers do not take place and the like, the responsible application managers or the Atruvia control centre are informed immediately. Our service-oriented organisation has regulated standard processes for this. In such cases, incident or problem management is immediately active. Depending on the type of fault, either at Atruvia and/or at Union IT Service.

Meusel: The smaller or more individual a bank is, the more challenging it is to have its own process engineering. We are grateful that we work closely with Atruvia on this. When it comes to regulatory requirements, innovations, availability and performance monitoring, we can handle the complexity much better together with our central service providers. Often, our internal control centre can be quickly provided with centralised information and focus on communication with customers and employees. The central lever of Performance Engineering is the reduction of own applications and their monitoring.

Demski: We largely rely on Atruvia for the IT infrastructure and thus naturally benefit directly or indirectly from their monitoring systems. At the same time, we also operate our own monitoring for critical parameters of the decentralised or self-operated systems. In addition to the short-term disruptions already mentioned, the measured values are of course also indications of the utilisation and performance of systems and possible problems, for example, the runtimes for data backups or loading processes in the nightly maintenance windows provide information.

Do you have a concrete example from practice for vulnerability management?

Von der Hardt: Sometimes we first hear from the customer that we have a problem. If there is one, the customer looks for a way. Then you realise how many contact channels you have, some of which were not intended for this purpose. IT problems can usually be found and solved quickly. It becomes more difficult with failures of other companies. External business failures during the Corona period or the insolvency of a travel provider are examples here, where many customers with personal and financial concerns contact you via several channels and payment processes have to be checked at short notice. Then speed and good networking of the information channels within the company as well as to other third-party service providers is crucial. We still have homework to do here. We have to ensure the flow of information around the customer in such a way that we can give him satisfactory feedback at short notice.

Meyer: One example was the critical vulnerability called Log4Shell in the widely used Java logging library Log4j, which became known at the beginning of December. Through this vulnerability, attackers were able to execute arbitrary code. Together with our IT provider, we deployed crisis teams, used vulnerability scanning tools immediately and effectively, and where necessary, applied the appropriate security patches within a very short time.

Bank Blog Crypto

Bank Blog Publication: WHERE BITCOINS MEET HIGH SECURITY FACILITIES

State-of-the-art crypto custody

by JOCHEN WERNE

Original published in German at DER-BANK-BLOG. Please click HERE Translation created with DeepL.com

14 February 2022

Digital assets are as safe as their encryption? Unfortunately not. After all, the dangers do not only come from hackers. Security must be thought of more broadly, as examples of state-of-the-art crypto custody solutions show.

The protection of crypto assets can only be guaranteed if there is a clear awareness of the dangers. Attacks on digital assets such as cryptocurrencies or asstes no longer end with the numerous attack vectors of cyberattacks, but unfortunately already extend to the use of physical force against their owners. It is therefore important to raise awareness of possible dangers, as shown by examples of the state of today’s state-of-the-art crypto custody solutions.

According to Investing.com, the total number of cryptocurrencies as of 12 December 2021 is 9,004 with a total market capitalisation of US$2.24 trillion. After Bitcoin, Ether, XRP, Litecoin and co, the Libra Coin initiated by Facebook received unprecedented media attention, triggered by the announcement of the project alone. And the emotionality and sharpness with which the discussion was conducted shows how seriously the topic is taken internationally at the state level. It is about reputation, influence, control, responsibility and only in the last instance about technology. And for every investor, it is first and foremost about protecting his assets.

The right sense of danger

In the future, protecting our assets will not just mean keeping our wallet in the deepest pocket of our jacket or handbag or turning the key to our flat twice in the lock. In the future, we will have invested part of the fruits of our labour, our fortunes, in crypto investments and cryptocurrencies. This part of our wealth needs to be kept safe, and we need to understand exactly where and how. This requires that we understand the risks. The sense of danger must therefore adapt, as must the lure of the new opportunities. For this, it is of utmost importance to understand the real dangers and to take appropriate protective measures.

As yet, however, this sense does not seem to be all that pronounced. According to Slowmist Hacked , which specialises in aggregating information on detected attacks on blockchain projects, apps and tokens, the total amount of crypto assets stolen in 122 different attacks in 2020 is $3.78 billion. Even though the evaluation is based on the Bitcoin peaks of January 2021, it clearly shows the importance of greater efficiency in security.

In comparison, only 1.63 billion US dollars were captured in the ten largest bank robberies of all time. Considering that the largest robbery took place when dictator Saddam Hussein ordered his son Qusay to withdraw nearly US$1 billion from Iraq’s central bank with a handwritten note, and the tenth largest robbery netted the perpetrators just US$18.9 million, crypto-cybercrime has become an extremely lucrative business.

Crypto custody: Do hot and cold wallets offer sufficient security?

The famous military scientist Carl von Clausewitz argued in the early 19th century: “An army on the defensive, without fortifications, has a hundred vulnerable points; it is a body without armour”. “We must always retain sufficient forces beyond the garrisons to be a match for the enemy in the open field, unless we can rely on the arrival of an ally to relieve our fortresses and free our army.” In cryptocurrencies, the wallet is the fortress and the blockchain – the distributed ledger – is the army in the open field. It is the job of modern crypto custodians – as guardians of their clients’ assets – to ask themselves daily what additional measures can be taken to best protect cryptocurrencies and crypto assets.

Crypto custody solutions typically involve a combination of hot storage or crypto custody that is connected to the internet and cold storage or crypto custody that is not. Rakesh Sharma comments on Investopia, “Both types of storage have advantages and disadvantages. For example, hot storage is connected to the internet and therefore offers better liquidity. But hot storage options can be vulnerable to hacks due to online presence. Cold storage solutions offer more security. However, it can be difficult to generate liquidity from crypto holdings in the short term because they are offline. Vaulting is a combination of both types of cryptocurrency custody solutions, where the majority of funds are stored offline and can only be accessed with a private key.”

The risk of becoming a victim of physical violence in private crypto custody

The risk of theft of crypto assets is no longer solely about digital robbery in cyberattacks and hacks. Physical violence against the owner of crypto assets or threats to family members is already sadly present. In November 2021, for example, the American co-founder of Tuenti, once billed as the Spanish Facebook, Zaryn Dentzel, was the victim of such an attack in his private Madrid flat.

Dentzel stated on record that the gangsters beat him and stabbed him in the chest with a knife while shooting him several times with a Taser.

Thus it becomes clear that the protection of crypto-assets must also go hand in hand with the fact that a perpetrator who is prepared to use physical force understands in advance that his alleged victim does not readily have power of disposal over his total crypto-assets. Cold storage not at home, but in a cold space, for example a high-security facility, can provide the necessary protection.

State of the art crypto storage meets high security facilities

In July 2021, Prosegur Crypto – the crypto custody subsidiary of Prosegur, one of the largest security companies in the world – announced the creation of the world’s first “digital asset custody bunker”. The consistent combination of a physically and digitally inaccessible environment here is unique to date.

In collaboration with cybersecurity company GK8, Prosegur Crypto brings together all the infrastructure, facilities, technologies and security protocols required to minimise all risk areas identified in the digital asset custody chain.

The solution consists of state-of-the-art cyber security systems provided by GK8’s patented technology and the highest level of a military-grade secured protection environment. It is based on a “360° inaccessibility” approach, mapping over 100 protection measures into 6 integrated layers of security. This ensures the highest possible protection against physical and cyber attacks.

The HSM (hardware security module, a device that generates, stores and protects cryptographic keys) is housed in a military grade briefcase within the high security vault. This vault is only accessible to a limited number of people who manage the data manually and offline. Staff have restricted access to the information they handle to avoid any risk of internal theft and work from a secure facility where there is no risk of physical attack, copying or theft of systems or passwords. In the event of an unauthorised attempt to access the HSM, its contents are permanently deleted. Immediately, a recovery plan is activated, including a protocol for recovering private keys using seeds located in various other vaults.

The module is connected to an MPC (Multi-party Computation) system, which provides a fast signature process on a state-of-the-art computer network and generates transactions on the blockchain without a direct internet connection. This minimises the possibility of fraudulent access and eliminates any potential vector for cyber attacks. These system features are patented and represent a highly differentiated offering in the market.

Plea for openness: danger recognised – danger averted

The analysis shows that from Clausewitz to the latest developments in cyber security and crypto-custody, the security perspective has hardly changed. The more you rely on a single system or fortress, the more vulnerable you are. It’s all about layered security, which makes it time-consuming and very costly for attackers to get what they desperately want.

We are still only at the beginning of a new era for our monetary systems. An era driven by technology in which it is increasingly important for every actor to develop a good understanding of it in order to build sustainable ones. Technology has never been right or wrong, only the way we humans use it can make it so.

New technologies offer the opportunity to make our world more prosperous for all – let’s use it!

Mission NORTH SEA ENDURANCE – the Trailer

Enjoy a glimpse of the thrills awaiting the men aboard their expeditionary sailing yacht in the North Sea with this introductory trailer featuring moments from previous GOST missions.

NORTH SEA ENDURANCE TRAILER