“Tens of thousands of attacks on the government network every day.”
How can the government network be protected against cyber attacks? And how can citizens be supported in the fight against digitally organized crime? BSI President Arne Schönbohm explains his strategy and how his authority needs to get ready for the future.
Mr. Schönbohm, as a higher federal authority, BSI is responsible for averting threats to the security of the federal government’s information technology. How many attacks on the federal government’s IT do you record every day?
Mr. Schönbohm: We record tens of thousands of attacks on the government network every day. In most cases, this is organized crime, with malware being sent randomly to all potential victims. In addition to these undirected mass attacks, the government networks are also exposed to targeted attack campaigns. In order to provide the best-possible protection for the networks and IT systems, we have established a multi-level security system that is made up of not only commercial protection products but also of individually adapted and developed measures. These products and measures are continuously reviewed, further developed and adapted to the dynamic threat situation.
Arne Schönbohm, President of the Federal Office for Information Security (BSI)
BSI also operates the BürgerCERT service that warns citizens and small businesses of security vulnerabilities. Do you see any parallels between the threats to federal government, businesses and citizens?
Mr. Schönbohm: We are all vicitims of the previously mentioned undirected mass attacks. Organized crime is all about making money by spreading phishing e mails or ransomware attacks as widely as possible. With the support of BSI, for example, through our BürgerCERT warning services, our citizens' website www.bsi-fuer-buerger.de or our hotline, citizens can do a lot to protect themselves against these attacks. We are currently expanding our activities in the field of digital consumer protection in an effort to provide even more help to users.
You have been president of BSI for a good two years now. Have the attacks and threats changed during this time?
Mr. Schönbohm: The attacks are becoming more and more professional, with new attack methods or scams popping up every day. In addition, we are at the beginning of an era of digitalization that should make life easier for all of us. But for this to happen, we will have to include information security from the outset. One relatively new phenomenon that we have been observing over the past two years is the spread of blackmail software, so-called ransomware. Attackers have discovered what seems to be a very lucrative new ‘business field’ which they are exploiting to the full. As a national cyber security agency, we responded quickly and published comprehensive recommendations and countermeasures for public authorities, business and citizens.
What do you see to be the consequences of this situation for BSI?
Mr. Schönbohm: As the national cyber security authority, BSI shapes information security in digitalization through prevention, detection and response for the state, the economy and society. We have made good progress here over the last two years. We have launched important measures at legislative and operational level, we have promoted the networking of stakeholders at federal, federal-state and municipal level, we have expanded cooperation with industry and, last but not least, BSI has also increased its manpower. We are very well prepared. But only as long as we, as a society, continue to improve our efforts to achieve a stable and successful cyber defence, ideally through a proactive approach and parallel to the threat situation. The legal framework must be further developed, existing cooperation structures must be expanded at both national and international level, and a functioning level of defence must be repeatedly put to the test. We must remain open to new ideas, anticipate new threats and boost awareness of the importance of IT security.
According to media reports, members of the German Bundestag from various parties recently spoke out in favor of repositioning BSI with a view to greater independence. What do you think of this proposal?
Mr. Schönbohm: Digitalization is not the kind of challenge that should be tackled with rigid departmental thinking. As BSI, we can already work on a cross-sectional basis. This means, for instance, that working on behalf of the Federal Ministry of Economics and Technology, we manage the security of smart electricity meters, on behalf of the Federal Ministry of Transport, we deal with considerations regarding the security of autonomous driving and we are discussing extensively the security of the electronic health card and other projects in the health care sector. Nevertheless, there are good reasons why we, as a security authority, are under the authority of the Federal Ministry of the Interior (BMI). Both must be possible if we want to take information security seriously and if Germany is to avoid falling behind at international level.
Which changes do you believe to be the most urgent for the organization or for the task area?
Mr. Schönbohm: In the coalition agreement, the German government entrusted us with a number of new tasks, for example, with regard to digital consumer protection or as a central certification authority. We are happy to tackle these new tasks and I assume that this will also be duly acknowledged and taken into account in the forthcoming budget negotiations.
Allow us to conclude on a personal note: What was your most formative experience as BSI President to date?
Mr. Schönbohm: The exciting thing about my job is that cyber security poses new challenges – but also new opportunities – every day. One of the most striking events in recent months was the cyber attack on the Federal Foreign Office which we were able to successfully master thanks to the tireless commitment and professional work of BSI’s staff.
Mr. Schönbohm, thank you very much for talking to us.