Cyber threats: “We need to turn the tables”

Cyber-Bedrohungen: „Wir müssen den Spieß umdrehen“

Life without the Internet is no longer conceivable. While this promises convenience, it also means that a modern economy like Germany’s is facing more and more new cyber threats. How should we deal with these threats?

The downside of digitalization

“The cyber threat situation is serious," says Steffen Ullrich, who works in the research division of genua GmbH, a subsidiary of Bundesdruckerei. People with their computers and smartphones, companies with their trade secrets and the government with its administration, structures and institutions are all facing enormous problems.

Despite the Critical Infrastructure Protection Act (KRITIS), I do not believe that the government’s infrastructure is sufficiently protected at the present point in time.
Steffen Ullrich, research division of genua GmbH

Double danger from cyber attacks

In 2015, the German Bundestag passed an IT security act for critical infrastructure protection (CIP). Yet, “Despite the Critical Infrastructure Protection Act, I do not believe that the government’s infrastructure is sufficiently protected at the present point in time,” says Mr. Ullrich. The biggest threat here is not just the attack in itself, but also the possibility of hackers leaving Trojans behind in these structures that then function as sleepers. Stuxnet, WannaCry, the influence on the US election, Spectre and Meltdown, not to mention the hacker attack on the German government’s network, are proof that this future has already begun.

Fighting was seems to be a losing battle

According to Bitkom, every second company in Germany has already been confronted with cyber threats. This not only causes economic damage amounting to EUR 55bn each year, it also slows down development. According to Bundesdruckerei’s study on ‘Digitalization and IT security in German companies’, almost three quarters of companies see IT security as the basis for successful digitalization. The attackers are usually concerned either with sabotage or with extorting money.

And they are the majority. After all, as soon as you've mastered a cyber threat like a Denial of Service (DoS) attack, the next problem already opens up. By 2020, households, businesses and government agencies will have an estimated 50 billion Internet-enabled devices. A gigantic gateway. In light of such numbers, this seems to be a losing battle.

In 2017, Germany suffered USD 2.6bn in damage due to cybercrime. By comparison, the damage recorded in China totalled USD 66.3bn and USD 19.4bn in the US.
Source: Symantec

Rethinking IT security to protect the ‘crown jewels’

“That's why we have to rethink IT security,” says Prof. Dr. Gabi Dreo Rodosek, Executive Director of the CODE (Cyber Defence) research institute and holder of the Chair for Communication Systems and Network Security at the University of the Federal Armed Forces in Munich. In an effort to level the playing field, there is not only the National Cyber Defense Center, but also the Master's program in Cyber Security with 13 new professorships and laboratory equipment worth tens of millions.

“We can no longer play this game, take part in this race against attackers. We need to turn the tables,” says Dreo Rodosek. She describes what data hackers want – be it government or private data – as the crown jewels that must be protected at all cost. “To do this, you have to free this data from its statistical hiding place and then work with the so-called Moving Target Defence.” A dynamic defence that moves around the crown jewels in the system – much like a money transporter driving a new route every day.

“Europe needs to wake up”

Dreo Rodosek has high hopes for artificial intelligence (AI). “There's no other way we can handle this high volume of data. With AI, we can automate cyber defence, i.e. attack detection, risk assessment and introduce suitable countermeasures.”

Nevertheless, this calls for qualified personnel. However, demand far exceeds supply. What’s more, Europe not only lacks qualified personnel, “Europe needs to wake up. We need greater digital sovereignty, we need something like Airbus, only in the cyber field.”

Cyber hygiene is becoming more important

In ten years at the latest, everything from coffee machines to the military will be digitized. “I'm afraid that what we will then see will be a more restrictive Internet," says Steffen Ullrich. “Companies must seal off important areas from unimportant ones. Staff will no longer be allowed to know everything, and the government will oblige manufacturers to take security measures.” In short: Cyber-hygiene will play an increasingly important role in every area, from the citizen on the street to the highest echelons of government. “This cannot be solved at individual level,” says Mr. Ullrich, “this is a problem for society as a whole – and that is how it must be tackled.”

Headergrafik Cybersicherheits-Institutionen
Headergrafik Cybersicherheits-Institutionen

In the name of cybersecurity


“Tens of thousands of attacks on the government network every day.”

In our interview, BSI President Arne Schönbohm talks about tens of thousands of daily attacks by cyber criminals on the German government network and the increasing professionalization of such attacks.