Cyber attacks from Russia: “This is only the beginning”

The attacks met German security at one of their most sensitive points: two suppliers of the military were victims of cyber attacks a few weeks ago. An engineering firm from Lower Saxony, which implemented specifications from the secret “Operation Plan Germany”- was also affected- a central document for troop movements in the event of tension and war.

As so often, the trail leads to Russia. Thomas R. Köhler is the author of several books on cyber security: he sees Germany poorly prepared against attacks.

Mr. Köhler, the Bundeswehr recently explained that the impact of previous ones Cyber attacks was “rather low”. Isn’t this statement given the recent events?
The problem with cyber attacks is that with elaborate attacks it sometimes takes months or even years before they are discovered. So today we do not know whether someone has already entered a system on a large scale. This is particularly fatal when it comes to national security interests. So the risk is enormous.

Since the war against the attack against the Ukraine In 2022, the number of cyber attacks and trial tests by Russia increased massively to European systems. Do you count on another increase?
This is only the beginning. In my view, Russia still plays under its possibilities. Moscow’s information technology striking power is often underestimated. Already at Christmas 2015 there were larger power outages in Ukraine, which are considered the work of Russian hackers. As well as telecommunications or district heating, the power supply is part of the decisive civilian infrastructure. That is the premier class of cyber security. Here we should be very worried. Especially since the infiltration of technical systems happens in silence – especially where the high -security level does not yet apply. We see this most clearly with the suppliers now.

Can you please explain that more precisely?
As a rule, suppliers do not switch to high -security protection if they run a military project, but only do the most necessary, because security costs money. There is usually also a lack of awareness that you could become an attack goal yourself. Many companies that work in or for the armaments area are just just waking up. The decisive vulnerability is located here.

You have mentioned the cyber attacks on critical infrastructures in Ukraine. How safe is the German infrastructure?
There are clear guidelines and rules for critical infrastructure, in short: criticism – they have been renewed in the EU since 2008. 2022. Nevertheless, we are largely bare in practice. I am almost surprised that there were only a few power outages in the three years of the Ukraine secretary. And I’m not alone.

One of the two current attacks should be a so-called ransomware attack. How does that work?
The attacker data encrypts and only release it again after payment of a ransom. If something like this occurs, this does not speak for the IT competence of the companies concerned, because there are now good instruments to interfere or at least limit such an attack at an early stage.

However, ransom demands do not speak for a state -controlled attack.
In fact, Eastern European or Russian hackers use ransomware to blackmail companies. In this case, however, it could also be an attempt to distract the suspicion of Russia. We also know from secure sources that there are close connections between cybergangstern and government work.

How can Bundeswehr And better protect your suppliers?
The Bundeswehr not only has to make clear guidelines for suppliers, but also enforce them consistently. In addition, it must be checked how control can be integrated into the supply chain. In the civilian world there are enough examples of how to plan something like that, but also with prices and control.

For example?
In 2017, the Maersk company as the largest container shipping company in the world was paralyzed for days due to contaminated software in a third country-and with it dozens of ports. The whole world was affected because in a small office with a few employees at the end of the world. A accounting software used there had been hacked unnoticed. Since this incident, every viewer should be clear how important the safety of the supply chain is.

Which industries have to be traded in?
This applies to all essential technical, but also legal services, from law firms to engineering companies to suppliers from hardware and software. Wherever internal data is used, special caution is required.

Sometimes there is talk of “Hack Backs”, i.e. digital opposites. What do you think of it?
It’s a nice idea. But it harbors a big problem: unlike in the conventional war, I often don’t know where the attack actually comes from in digital space. I had a case in which I was able to track a cyber attack up to a server in Finland. Then the question arose: who was it now? A evil Finn or a Russian who hijacked the server in Finland to attack the world from there? The consequences of such a counterattack would be collateral damage that the world has never seen. In addition, a “hack back” is often brought into play in order to distract from the failure of your own defense.