In connection with the Russian invasion of Ukraine, concern is also growing in Germany about possible cyber attacks against critical infrastructures: communications, energy supply, transport, industrial production, research, administration – almost no area in a highly developed country can do without modern information and communication technologies.
“Attacks on the digital infrastructure by criminals or state organizations threaten not only the prosperity and security of our society, but also freedom and democracy,” warns Professor Jörn Müller-Quade from the KASTEL Institute for Information Security and Reliability of the Karlsruhe Institute of Technology (KIT).
Cyber security experts such as Müller-Quade have long complained that companies, public institutions and institutions are not well prepared for digital threats. On the contrary:
“We now urgently need to develop multi-level security concepts for critical infrastructures, which in particular also have analog emergency plans.“ The failure of the remote control of thousands of wind turbines in the past week makes you very attentive. The very big attack in the cyber war could still be missing, he believes. “The big bang is not always the goal, especially because it is noticed immediately and triggers countermeasures.“ In fact, many attacks were running in the background, for example to spy on targets in order to prepare larger attacks later.
In addition, Müller-Quade particularly criticizes Europe’s high dependence on software and hardware from manufacturing in third countries. “We can only see through their weak points to a limited extent because we don’t know the source codes!“ The expert believes that one way to ensure digital sovereignty is to produce more of our own stable software in Europe. Müller-Quade relies on the open source principle, i.e. software whose source code can be viewed freely, i.e. can be changed collectively.
Müller-Quade does not see the development of a cyber army, which is being debated as part of the planned 100 billion euro investment in the Bundeswehr, as a major priority. “IT security must be improved so that we don’t have to expect major damage in the first place, this protection seems to me to be more urgent than building a cyber army. So, figuratively speaking, I would invest here mainly in fortresses, and not in cannons. The point is that important facilities still function even if IT systems fail.”