09. January 2018
About the risks and side-effects of going digital
There was once an entrepreneur who was glad he could rule out the human error by equipping his computers with a fully automatic backup system. A purely technical solution would increase security, he thought. There’s one thing this man forgot: all his devices were connected to each other. This is when disaster struck. When he opened an e-mail containing malicious software, a Trojan encrypted all his data, including the backups, and demanded a hefty ransom.
“Local devices as well as cloud space, for example, Dropbox may be affected,” says detective chief inspector Olaf Borries. He is in charge of the “Zentrale Anlaufstelle Cybercrime für die Wirtschaft” of the Landeskriminalamt Berlin (LKA), the help desk for cybersecurity of Berlin’s State Criminal Police Office. He pulls out many stories like these when he goes on his awareness tours to chambers of commerce, private sector representatives, government agencies, hospitals, universities and other places of research. Danger lurks around every corner. Terrorists, criminals and competitors try to sabotage important systems, extort money or obtain valuable data. Such cases get worldwide attention, most recently the malicious software WannaCry in May 2017. In an innovative environment such as Adlershof, where expertise and data are important success factors, cyber security is a crucial issue for researchers, entrepreneurs as well as WISTA-MANAGEMENT GMBH, the technology park’s operating company.
Faced with the increasing digitisation of many aspects of how we live and work and the interconnectedness of diverse types of computers and machines in the so-called “Internet of Things” (IoT), it is crucial to make communication secure and safeguard smooth-running production processes. The digitisation of industrial manufacturing (Industry 4.0), smart homes, smart watches, driver-less transportation – all these buzzwords make Borries look more worried: “Everything is going online and most of those things are being treated with gross negligence, all over the world.”
Every IP camera going online becomes part of a network. Perfectly personalised e-mails spread malicious attachments. The most recent scam involves sending out unsolicited applications, which are perfectly fitted to match the recipient company’s profile. One click is enough to have one’s data encrypted, or IT systems integrated into a botnet Not only can one fall victim to criminal activities, one can also become a part of them. More than once, Borries has seen cases of criminals misusing company servers as, for example, storage for illegally obtained bank data.
The policeman wants to raise awareness - step one on any security agenda. The LKA, he emphasises, is the responsible agency for active defence and prosecution, but not for problem-solving. Usually, he steps in when the damage is done. It is imperative to report crimes and file charges, says Borries. This is the only way the police gets an idea of the problem’s scope and learns about the perpetrators’ strategies and tools. “We are currently estimating a dark figure of 90 to 99%. This has got to change.”
Incidentally, the entrepreneur from the introduction was lucky in the end: two weeks before the Trojan attack, he had replaced a faulty hard drive. This gave him access to a relatively recent backup that was separate from the rest of the system. But those not willing to press their luck, should take cyber security seriously and systematically approach the problem. This is the message put out by the LKA man Borries as well as several Adlershof-based companies such as Rohde & Schwarz Cybersecurity, ESG Elektroniksystem- und Logistik-GmbH and Phoenix Contact Cyber Security, who offer services and products for IT security.
With 70 employees in Adlershof, Rohde & Schwarz (R&S) develops software products that help research and development facilities to securely connect to data centres, customers and partners. Web application firewalls prevent attacks on websites and IoT servers. Measurement technology of IP networks enable customers to detect when research or manufacturing devices access unusual servers or unknown protocols. “Both indicate possible attacks and should be examined and fixed before damage or loss of production occurs,” says Peter Rost, director of business development and strategy.
The 50 Berlin-based employees of Phoenix Contact focus on upgrading robots, production facilities and process plants. “These facilities have a life cycle of several decades, so they tend to use IT on a large-scale that wasn’t originally built for digitisation,” says chairman Dirk Seewald. Remote maintenance is a specific threat scenario because it continues to be done online for lack of alternatives (modem, ISDN). Phoenix Contact’s portfolio offers convenient mini-computers, which can be used by in-house technicians.
ESG offers its customers with broad expertise in building or upgrading complex, safety-relevant IT systems, for example, in digital manufacturing (Industry 4.0) and IoT, as well as the secure handling and goal-driven analysis of large amounts of data. Cyber security plays a pivotal role when choosing suitable architecture concepts, analysing threat and risk scenarios, evaluating systems and their safety-related capabilities, including information security management systems and disaster recovery planning.
A panel debate on 29th January 2018 will have representatives of the three companies and CDI Borries from LKA Berlin talk extensively on the issue of cybersecurity and give tips for simple, practical measures. This is especially important since free accessibility of data is essential for a place of science and research.
by Dr. Uta Deffke