The cybersecurity situation report of Germany in 2014
In December 2014, the German Federal Office for Information Security (BSI) released its annual update on the cybersecurity situation during the year 2014. Whilst Wired and RiskyBusiness have taken note, it was underreported in the English speaking media. Thus, I thought I would sum up the most interesting aspects of the report.
The threat environment
Looking at the threat environment, BSI distinguished between APT actors and intelligence services. This is interesting to note, as oftentimes APT is used as shorthand for a state-led cyber exploitation. In the section on the threat emanating from intelligence services, the BSI highlights how the “analysis of the Snowden revelations expanded the technical knowledge and understanding of intelligence-led cyber attacks as well as attack methods” (p.22). It also led to an improved technical collection. From the Snowden leaks, the BSI took special note of the professionalism, the extent and the density of the intelligence gathering as well as the considerable resources invested (both people and finances). The report then goes on to explain four threat vectors that are used by intelligence agencies: strategic intelligence/reconnaissance, individual attacks, influencing of standards and implementations, and targeted manipulation of IT-equipment.
This is interesting, as it is (to my knowledge) the first time that the German authority for cybersecurity comments on how specifically the Snowden leaks contributed to their understanding of the intelligence collection by foreign agencies.
The incidents
The report splits the incidents in attacks against the public authorities, against private individuals, against companies, and such against critical infrastructure. Two bits of information are of interest:
the BSI is aware of one targeted attack per day (on average) with an intelligence background against the public authorities.
in 2014, there was an APT attack against a steel manufacturer that led to substantial damages. Following a spear-phishing attack, the attackers infiltrated the production systems. The facility experienced various failures of control system components, which resulted in not being able to shut down a blast furnace in a controlled fashion. The BSI noted the detailed knowledge of the attackers of the specific industrial control systems and the production processes.
The solutions
In awareness of the discussions around the activities of foreign intelligence services (i.e. Snowden revelations) the BSI defined three strategic goals:
Protection of fundamental values in the digital world through securing the technological capacity to act and the promotion of trustworthy information technology.
Establish frameworks and incentives, which lead foreign market leaders to adapt their products to German confidentiality requirements by integrating roots of trust (for example national cryptographic components) - especially in areas with elevated security requirements.
Establish the ability of the German economy, to connect the industrial core competencies with the Know-how of information security, in order to enforce the required IT-security standards in central parts of the economy.
The report overall, and the strategic goals specifically, demonstrate some of the long-term impacts the Snowden revelations have. The report indicates that Germany addresses the insecurity of its technological dependency on foreign manufacturers. How successful this undertaking will be remains to be seen.
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-63305947-1', 'auto'); ga('send', 'pageview');