The role of unmanned aerial systems (UAS) in the protection of critical infrastructure is becoming increasingly important. These systems are characterized by their mobility and flexibility, which make it possible to monitor even areas that are difficult to access efficiently and effectively. They provide high-resolution, real-time data that enables rapid responses to threats such as unauthorized intrusion or technical faults. UAS can replace or supplement traditional security measures, reducing long-term costs while providing state-of-the-art sensor technology for reliable detection. Thanks to their seamless integration into existing security concepts, they ensure comprehensive protection coverage without disrupting the communication infrastructure. False alarms are minimized and the systems are flexible enough to adapt to new threats.

UAS can be used for a wide range of applications, from monitoring and inspection to the targeted prevention of damage. They have established themselves as indispensable tools, as they not only secure critical infrastructures such as energy plants and transportation networks, but also ensure their operational continuity and thus effectively protect society and the economy.

The b.r.m. IT & Aerospace GmbH will be represented at the ILA in Berlin from June 5 to 9, 2024. The state of Bremen will present itself in the joint showcase of the northern German states, which is located in CHALET EAST 22 - 24

• AES Aircraft Elektro/Elektronik System GmbH
• AVIASPACE Bremen e.V.
• b.r.m. IT & Aerospace GmbH
• DLR Virtual Product House (VPH)
• ECOMAT
• esploro projects GmbH
• Hanseatische Waren Handelsgesellschaft mbH & Co. KG
• TRIGO ADR Germany GmbH

At the ILA 2024, b.r.m.. IT & Aerospace GmbH will be presenting its services and consulting for the U-Space Service Provider (USSP), UAS, SORA, VLOS and BVLOS operations.

From the development of the operating concept through to approval, even the most complex challenges of unmanned aviation can be mastered.

Our team of aviation experts will support you with your Advanced Air Mobility application, no matter what stage of development you are at.

Thanks to our many years of experience, from UAS development to the most comprehensive ascent permit in Europe covering over 3600 km², we give you the decisive time advantage to be successful in the dynamic drone market. As the future U-Space Service Provider (USSP) for the U-Space Geozones in the existing lower airspaces in which drones, UAS and other aircraft operate, we are at your side in all areas of flight guidance and authorizations.

Benefit from our UTM Data Services (Unmanned Aircraft System Traffic Management), including weather service, electronic visualization and digital air situation picture.

The Hatten-UAS German Flight Center is our test center for unmanned aviation and is located at the Oldenburg-Hatten EDWH airfield.

Hatten-UAS supports companies, authorities, organizations with security tasks, universities and research institutes in projects and product developments for unmanned aircraft systems.

With generous hangar space, licensed aircraft inspectors and an operating area that also allows mixed flight operations between manned and unmanned flight systems, we offer you everything from a single source - from ground testing to customer presentations.

Flugschule Borkum offers qualified training for your remote pilots for your UAS operations. As one of the first applicants for a "Light UAS Operator Certificate" (LUC), we support you in setting up professional flight operations.

Advanced Air Mobility Initiative Northwest Germany and German Bight & UAS Control Center Bremen (USSP)

Advanced Air Mobility (AAM) refers to the integration of unmanned, automated and autonomous aircraft into the common airspace of manned aviation.

The aim of the Advanced Air Mobility Initiative Northwest Germany and German Bight (AAM-NW) is to gradually establish structures for UAS operations.

The main focus here is on considerably simplifying coordination, automation and increasing safety while taking all relevant airspace users into account.

Experience is to be gathered in a U-Space real laboratory in order to develop future highly automated operating strategies.

Focke-Wulf - 100 years of aircraft construction - Bremen celebrates

On January 2, 1924, "Focke-Wulf Flugzeugbau A.G." began operations in Bremen. Even after 100 years, Bremen is still an outstanding location in the European aerospace industry and also the future UAS control center Bremen (USSP). This is how we are shaping the future of unmanned aviation.

Harald Rossol and Markus Rossol will be happy to provide you with further information at the ILA in Berlin.

You can reach us by telephone on +49 421 34 14 94 or by e-mail at brm@brm.de.

Visit b.r.m. IT & Aerospace GmbH at the ILA 2024 in Berlin and find out how your future UAS application can be successfully launched.

You will meet us in the Community Schalet of the Northern German States, which is located in CHALET EAST 22 - 24.

Drone companies and projects from Bremen

The Bremen Economic Development Corporation (WFB) has published a comprehensive article on drone activities in Bremen.

https://www.wfb-bremen.de/de/page/stories/LuRa/drohnenunternehmen-bremen

b.r.m. IT & Aerospace GmbH is part of it. Our company stands for the following topics:

• U-Space Service Provider (USSP) in all areas of flight guidance and approvals
• UTM Data Services, from weather services to electronic visualization and digital aerial imagery
• Bremen UAS control center (USSP)
• UAS, SORA, VLOS and BVLOS operations. From operational concept to approval, we can support projects in unmanned aviation
• Advanced Air Mobility Initiative Northwest Germany and German Bight

Bremen is also celebrating 100 years of aircraft construction this year
100 years later, Bremen is one of the outstanding locations in the European aerospace industry.
b.r.m. IT & Aerospace GmbH is developing the future Bremen UAS control center (USSP) and
is taking another step towards the future of Bremen's aviation industry, unmanned aviation.

Visit us at the ILA 2024 in Berlin, we are in the Bremen network in CHALET EAST 22-24.

Markus and Harald Rossol
brm@brm.de

In today's digital world, the IT security of corporate data and digital business assets is of paramount importance and has a highlighted relevance. The new SonicWall Cyber Threat Report 2024 offers revealing insights into the current cyber security and IT security situation that every company should be aware of. As one of the leading regional IT service providers in Bremen, b.r.m. IT & Aerospace offers customized solutions to master these challenges. We specialize in IT service, IT security and green IT.

Strong growth in cyber threats

The new report from SonicWall shows an alarming growth in digital threats. Cases of malware, encrypted threats and cryptojacking attacks are on the rise. The rapid 659% increase in cryptojacking is particularly critical. These findings underline the need for a robust and professional IT security strategy for companies.

Customized IT service for companies in Bremen

At b.r.m. IT & Aerospace, we are convinced that every company has individual security needs and benefits from a customized IT service. Our experts use the latest findings and modern technologies to develop security measures tailored to your needs. This enables us to protect your company - today and tomorrow. Offensive measures are the best defense. With proactive monitoring and threat intelligence, we can identify threats before they can cause damage.

Cyber Threat Report underlines the relevance of professional IT service

The findings of the SonicWall Cyber Threat Report 2024 highlight the need for a strong IT service. As a professional company with over 30 years of experience, b.r.m. IT & Aerospace is ready to support you and your company with first-class IT service and customized security solutions. Please contact our managing director Harald Rossol to find out more about our IT service in Bremen. You can reach us by phone at +49 421 34 14 94 and by e-mail at brm@brm.de.

In order to be optimally prepared for a UAS and UAV flight, pilots must be aware of new obstacles and other information in addition to the SERA. This works through information from German Air Traffic Control (DFS), the NOTAM.

What is NOTAM?

The acronym stands for notice to airmen. This is information and instructions about changes to the Aeronautical Information Publication (AIP). These changes can be temporary or permanent. They are crucial for orderly, safe and smooth air traffic.

Short-term and urgent instructions, procedures and information from the NOTAM serve as supplementary information for a flight. The fact that changes to the AIP are distributed by post means that they are not necessarily required for new changes.

What does a NOTAM say?

The instructions and information disseminated in a NOTAM are messages about installations, changes and conditions of any aviation facilities, services, procedures or hazards.

A NOTAM therefore warns pilots of obstacles that have been newly installed or are not recognizable due to defective lights, for example. It also contains warnings about drone activity and provides information about temporary flight restriction areas. For example, a disaster control operation site in the event of flooding. This special information is summarized for airlines in a briefing package.

Categories Briefing Package

The briefing package is divided into categories. These are Departure (departure airfield), Enroute (route), Alternate (alternate airfield), Destination (destination airfield) and Company-NOTAM (information that only applies to the airline).

New briefings on the latest amendments and new publications can be found on the DFS website. NOTAMs are also disseminated via the Aeronautical Telecommunications Fixed Network (AFTN).

In the age of digitalization and automation, there are always new ICT trends in the world of work. At the end of the year, market researchers, consultants and other experts present their assessments of the trends.

What is an ICT trend?

An ICT trend describes a tendency in information and communication technology. This creates technical gaps, new opportunities, but also challenges. As every new or old trend has an impact on the world of work and must also react to current circumstances, changes can occur quickly.

Ongoing ICT trends

For example, the coronavirus pandemic has led to a significant increase in hybrid working and digital meetings. This change calls for new business models and technologies, but these were very limited due to supply bottlenecks.

Working from home and virtual meetings have put a lot of strain on the IT industry during the lockdown. As a result, the issue of IT security and data protection was initially a disaster with far-reaching consequences.

The shortage of skilled workers has been one of the ICT trends for many years. As a result, many companies are striving to optimize their processes and automate their activities on a large scale.

New trends

According to experts, the use of cloud infrastructures and their services is set to increase further. These are particularly attractive for companies due to the savings and flexibility they offer. In addition, hybrid cloud strategies offer a promising solution. They are a combination of a service application (SaaS) and on-premise data centers. In this way, data protection and the security of exponentially increasing data growth can be guaranteed.

There is also a democratization of technology. Knowledge and skills are becoming more accessible thanks to high-tech platforms. Process automation and open-source AI applications encourage people to contribute their views and expertise and develop solutions. Democratization thus creates basic innovations throughout the organization that provide practical and cultural support.

 

Compliance with the DSGVO and GDPR is more important than ever in the age of the internet. They are the basic rules of data protection and data security. They also form the basis of transparent handling, which is intended to limit the misuse of data.

What is the GDPR?

The General Data Protection Regulation (GDPR) originates from the European Union and provides rules for the processing of personal data. The regulation must be applied if data is stored or is to be stored in a file system during processing.  

These apply throughout the EU in both the private and public sectors. This means that every company that processes personal data must comply with the GDPR. This also applies to natural and legal persons, as well as to companies working on behalf of a third party.

What does GDPR stand for?

The General Data Protection Regulation (GDPR) forms the new legal framework of the European Union. The regulation defines exactly how personal data may be collected and processed.

Since May 2018, these regulations have applied to all organizations based in the EU that process personal data. It also applies to all organizations worldwide that process the data of EU citizens.

DSGVO and GDPR at b.r.m.

The Bremen-based IT service provider b.r.m. is known for its GDPR-compliant data center. In addition, b.r.m. has strengthened its security through several parameters. From technical and organizational measures (TOM) to security analyses and risk assessments, business ressource management is ideally positioned.

In addition, Harald Rossol and Thorsten Brendel from b.r.m. are engaged as company data protection officers. They are experts in data protection and will be happy to answer any questions you may have.

Many companies and organizations had significant problems not only due to the coronavirus pandemic, but also in terms of IT security. 2021 was not a good year for IT security, as it revealed significant security gaps and cyber attacks on companies rose sharply, our 2021 review:

Development of cybercrime

In 2021, there was a significant increase in cyberattacks on companies and organizations. This trend has increased significantly since 2020. According to a study by the website Check Point Research, the number of cyberattacks on organizations of all kinds increased by 40%.

The pandemic created enormous time pressure for IT service providers due to the need to make work more flexible. In addition, hacker attacks occurred much more frequently and became increasingly sophisticated. Hackers were often faster than the defenses against them. One massive problem in IT security was the so-called zero day.

Zero-day gap as a major threat

IT systems are constantly evolving and software is therefore usually quickly outdated. New patches bring the devices up to date and close old security gaps.

However, this so-called zero-day included four security flaws in Microsoft Exchange servers, which were inadvertently implemented by the developers due to faulty programming code. This gave the hacker group Hafnium the opportunity to infiltrate and scan thousands of Exchange servers. However, as it has not yet been possible to clarify whether a backdoor was installed, the consequences for the future cannot yet be determined.

What can we learn from this?

You cannot prepare for a zero day, as they can occur anywhere and undetected. However, you can comply with data protection rules in accordance with the GDPR. There are two versions of this: privacy by design and privacy by default. The latter describes settings that are data protection-friendly by default. Privacy by design describes the data protection processes that are best complied with if they have already been technically integrated during development. A double locked door, so to speak.

However, this requires a reliable IT security policy. This relies not only on progressive technology, but also on an appropriate firewall. IT security is defined by continuous updates and qualitative combating of security gaps.

Review 2021: IT security is a very dominant topic in the IT industry and is associated with a constant striving for quality. In addition to process digitization, increasing the speed of data management and developing digital products is also a challenge for future IT.

In an increasingly digital world, modern IT services are more in demand than ever, as is an attitude towards solid IT security. In addition to qualitative and rapid processing of upcoming tasks by effective service providers, the area of data and network security, or IT security for short, is still an often underestimated sub-area.

As stated by our expert partner Sonicwall in the latest annual report, cyber attacks by ransomware and encrypted threats are increasing significantly. Ransomware attacks in particular have risen by 105% compared to the previous year and by as much as 232% compared to 2019.

In addition to our data protection resources through Harald Rossol and Thorsten Brendel, we also have extensive expertise in IT security and GDPR. Together with our partners, we have the concepts to keep your security up to date.

Ransomware - money or computer?

The method of extorting a 'ransom' by blocking the computer has increased considerably in recent years. The user of a computer then only sees the attackers' 'ransom note' on the monitor. The particularly perfidious thing about this is that if the victim agrees to the demand, their computer usually remains blocked anyway. It is therefore very rare to be able to 'buy your way out'.

Ransomware no longer affects just one operating system. Whether Linux, Mac OS or Windows, all users are affected by this digital form of highway robbery. There have also long been many instructions for building ransomware, known as 'crimeware kits', on the DarkNet. Ransomware usually does not encrypt the entire computer, but rather the data that is important to the user, such as the 'My Documents' folder under Windows.

Protection against ransomware is similar to protection against other viruses or Trojans. For example, a user receives an email with the attachment of an unpaid invoice, with a threat of punishment from the Federal Criminal Police Office, or with alleged usage violations by GEMA. Anyone who opens such an attachment has then handed the blackmailers the 'house key' themselves.

You should therefore NEVER open an e-mail attachment that does not come from an absolutely trustworthy source. GEMA and the BKA still use the good old letter post. It is also important to regularly back up all relevant data on external data carriers, as this keeps it out of reach of the blackmailers. Browsers can be protected against the execution of Java commands by installing applications such as 'NoScript', and ad blockers also offer increased protection.

Firewall: Overcoming walls

A program must always open a 'port' - or at least a porthole - if its generated content is also to be visible on other monitors worldwide. As in the case of a homepage, for example. Where something can leave such a 'port' or 'harbor' into the virtual world, something can of course also enter it. This is why 'firewalls' were created to protect a computer from unwanted access from the network. These security programs make sure that only the desired guests enter the home port according to defined rules. As a rule, every access must overcome two such protective walls: the first at the provider, the second at the client on the network computer.

Privacy by design - IT security as a holistic concept

The two terms 'privacy by design' and 'privacy by default' are older than the new General Data Protection Regulation (GDPR). However, the law has given them a whole new meaning (Art. 25 GDPR).

'Privacy by design' means that the technical structure of a data processing system must be designed in such a way that data protection is automatically integrated into the system. In other words, data protection and IT security must be a system feature. This is done through the 'Technical and Organizational Measures' (TOM) when installing the computers and implementing their programs. This is the manufacturer's turn.

'As quickly as possible', 'create transparency', 'minimize', 'enable' - all phrases that have so far created little more than a wide scope for interpretation.
In short, the rule of 'privacy by design' does not allow for a standardized answer; it depends on the respective data protection requirements. However, it is clear that the possible requirements of the GDPR must be taken into account when setting up a data processing system and when selecting and implementing the technology and software used.

Interested readers can find the complete Cyber Thread Report 2022 from our partner Sonicwall here.

In our series "IT Review 2021", we look at the most interesting and dangerous IT security vulnerabilities of the past year, today: Zero-Day and Hafnium. 2021 was not a good year for IT security and shows once again that IT security must be seen as a continuous process. Defenses against attackers must be constantly refreshed, otherwise they will rot like an old unmanned castle wall.

The nightmare par excellence: zero-day and IT security

Software manufacturers usually act very quickly against known security vulnerabilities or have already identified the problem. A corresponding patch closes the security gap and the program can continue to be used for the time being. For this very reason, it is important to have and keep modern IT systems up to date. Continuous improvement is the key to stable and secure operation of IT systems.

However, a massive problem arises from a so-called "zero day". This term refers to the fact that the vulnerability exploited here has been known for zero days, at least to the manufacturer and the public. Therefore, there is no patch or workaround to close this gap. It was simply not known. The most sensational case of a zero-day exploit worldwide is certainly Stuxnet. Here, several zero-day vulnerabilities were used to disrupt production systems and execute unexpected commands.

Zero Day and hafnium, what happened?

At the beginning of March, a total of 4 relevant security flaws, i.e. "zero-days", were discovered on Microsoft Exchange servers. These were presumably used by the hacker group Hafnium to systematically scan and infiltrate thousands of Exchange servers. According to research, the aim was to install a "backdoor" in the systems, so it cannot be conclusively determined to what extent this vulnerability will have an impact in the future.

According to some estimates, Microsoft reacted more slowly than desired, but the exploited security gaps have been closed. Several security patches have ensured that the zero-day exploit is no longer usable.

Proper IT security means continuity

Proper, i.e. reliable IT security is a wish and promise of all those entrusted with IT systems. In addition to the standard technology, such as a firewall, there are also a number of conceptual points to consider. The magic triangle of cost, time and quality naturally also applies to this area of professional activity. With regard to the time factor in particular, it is immediately apparent that there can be no absolute state of security in a dynamic system. In the case of a zero-day exploit, the time component is distorted to such an extent that a correct (qualitative) response immediately generates high resource consumption. A good IT security policy therefore relies on continuous improvement and adaptation to a dynamic threat environment. Systems must not be operated unattended. Only taking action when something no longer works inevitably leads to disaster. Effective and efficient action is characterized by continuity. Please also read the statement by Dirk Arendt from Trend Micro.