Defending the invisible threat

It took weeks to find him. And when they did, the extent of his activities had been quite remarkable. A self-confessed nerd, barely out of his teens and still living with his parents, had managed to hack through a number of security systems and garner – as well as leak – data from a number of prominent political figures, including Chancellor Angela Merkel, during December last year. And he did it alone. In the aftermath of this incident, questions arise now more than ever as to the level of cybersecurity in Germany and how the Federal government intends to proceed against such hackers in the future.

Top article

In response to the attack, Interior Minister Horst Seehofer said that both politicians and the public must significantly increase their awareness of cyber security. He went on to announce the recruitment of hundreds more cybersecurity experts to the police force, as well as the establishment of a round-the-clock IT crew who would use early warning system software to both prevent and recognise such attacks. Speculation also included the possibility that the hacker himself might be encouraged to forego a potential three-year prison sentence and instead, in ‘Catch Me If You Can’ style, become a national IT security officer himself. And while the outcome of the hack took a promising turn for the young talented teen, there’s still a lot of catching up to do in Germany when it comes to cybersecurity.

Germany has pointedly and publicly been ushering in an age of digital industrial revolution where machines are to be connected to the Internet of Things and where artificial intelligence runs industrial processes on the back of Big Data analysis. But as Deloitte’s cyber security report 2018 pointed out in its introduction: “Successful digitalisation will depend on cybersecurity.” Given the wave of digitalisation currently sweeping Germany’s companies, cybersecurity ought to be a flourishing industry.

Yet the flourish is missing, despite its enormous potential. Most concerning to industry actors is the lack of so-called ‘superbrains’ within the IT security sector. Without them, there is also a lack of startups and innovators. That is why leading German research institutes such as Fraunhofer SIT, the Digital Hub Cybersecurity in Darmstadt, and the Helmholtz CISPA are teaming up to find everyday workable solutions to the market’s challenges and the ongoing cyber threat. Still, the depth and quantity of the research is not yet enough – not, for example, when pitted against the 900,000 attacks registered on Deutsche Telekom routers in 2016 alone.

Almost half of the companies surveyed by Deloitte said they had been attacked daily or weekly in 2017 – and only 10 per cent of them reckoned that Germany was ‘as well-prepared as possible’ when it comes to cybersecurity. The industry needs to find a boost from somewhere.

But there’s widespread disagreement over where this boost should come from. Politicians believe that businesses should invest more, while the business sector feels that it is politicians who are not doing enough to enable cybersecurity. Perhaps the leaking of all the politicians’ details might change that but then again despite numerous businesses targeted by hackers, spammers, and viruses alike, the political sphere has been slow to respond with anything other than the cyber equivalent of a sticky plaster. The world of business is despondent too: only around a third of those surveyed by Deloitte thought a truly effective large-scale solution could ever be found.

This is perhaps the crux of the matter: the investment required by a business to create a large-scale and robust cybersecurity solution against the multiple threats out there would be huge. Given Germany’s landscape of small-to-medium enterprises, many businesses just don’t have the means. They see the state as the only authority with the resources and power to do this effectively – not least as the state would be able to create a blanket solution.

Politicians do not contradict this but the various political factions cannot agree on what such a security system should look like or how far-reaching it should be. Until these things are agreed upon, there will not be much progress on the macro level, meaning sticky plasters will continue to be the order of the day. But this is not all bad news; it means that for industry specialists, foreign investors, and start-ups alike, a vast opportunity exists to help close this gap in the market – and such activity is urgently needed.

For more information on the German Cybersecurity landscape, see the new Fact Sheet ‘Software & Cybersecurity’ by Germany Trade & Invest.