BSI: First successes in cyber security, but no all-clear
Cyber security in Germany remains serious - the end of the coalition threatens to remove important laws. Federal Interior Minister Nancy Faeser warns.
(Image: Dmitry Demidovich/Shutterstock.com)
At the presentation of the situation report by the Federal Office for Information Technology (BSI), Federal Minister of the Interior Nancy Faeser (SPD) says that despite the tense threat situation, there is also positive news: Many potential victims had increased their resilience and would therefore be better armed against attacks.
The Bundestag elections are also playing a role for the BSI these days. The Bonn-based authority wants to secure the election in concert with other players, but sees this as a sporting challenge. Minister of the Interior Nancy Faeser addresses the fact that AI-manipulated content is being used for destabilization and propaganda. "We need to protect our democracy, especially in the digital world," says Faeser. Attacks on trust in democracy come primarily, but not only, from Russia. For the Bundestag elections, it was necessary for candidate profiles, websites and electoral authorities to be secure.
The implementation of the NIS2 legislation is a key building block for increasing the resilience of society and the economy. She hopes that this will also succeed "under the current circumstances", said Faeser this morning in Berlin. She wanted to hold talks with the opposition soon. If the CDU/CSU or the FDP do not somehow support the NIS2 legislation and the sister law on the analogous protection of critical infrastructures through the Bundestag, the procedure would have to be restarted from the beginning with the new Bundestag elections and would be reset due to the so-called discontinuity.
Videos by heise
This would also deprive the BSI of the legal opportunity to monitor the actual implementation of NIS2 and intervene if necessary. BSI President Claudia Plattner is calling for the law to be passed as quickly as possible, "ideally in this legislative period." However, without a budget, which will definitely not be forthcoming, the BSI will not have the posts it actually needs. Nevertheless, Plattner would rather have the law quickly: The lack of funding is "a problem", but the bulk of the work lies with the companies for now.
Crowdstrike learning
Claudia Plattner emphasizes that there is effective protection against cyber threats. The Crowdstrike incident showed this: "And that was just an operational incident, not a cyberattack, but it made us painfully aware of our vulnerability," says Plattner. At the same time, however, it also demonstrated how capable those affected are of acting. The aim is to find solutions that systematically enable the defenders to act faster than the attackers. However, this is a major challenge, as the report shows.
According to the report, 78 new vulnerabilities alone become known every day and the BSI receives 18 reports of previously unknown security gaps, so-called zero-day exploits, every month. The BSI has passed on over 400 vulnerabilities to manufacturers, said BSI President Claudia Plattner. This was also made possible by the fact that companies were more open about vulnerabilities.
The security of 64-bit Windows versions in particular is being attacked more frequently, according to the status report, citing an increase of 256 percent compared to the previous year's report. Of the 309,000 new malware variants observed every day, the majority are active in this area.
Perimeter as a problem
The BSI is very concerned about the further increase in attacks on perimeter systems, i.e. firewalls, gateways and virtual private networks (VPN) as well as other systems that are supposed to help protect the networks and computers behind them. The BSI has recorded a significant increase in threats in this area –. These are often inadequately secured, for example without effective two-factor authentication. The most prominent case of this kind in Germany was the CDU headquarters, whose infrastructure was successfully attacked in May using a zero-day exploit in security software. Poor implementation of security standards in the security software had led to the attackers gaining further access outside the login mask via path traversal.
IT service providers are also particularly targeted by attackers, reports the BSI. Poorly secured and freely accessible Confluence instances are a particular target for attackers. The Bonn-based cyber security authority is therefore calling on all companies to segment their networks more clearly, reduce external accessibility to the bare minimum and take a closer look at security and resilience measures. IT service providers who work for a large number of other companies are particularly attractive targets as a vector for attacks – and their customers must take into account in their own measures and considerations that they will continue to be targeted by highly professional attacker groups.
Poorly secured charging infrastructure
In the report, the BSI looks at the IT security of e-car charging stations, among other things, and reports that all six systems examined on the market had massive vulnerabilities in some cases. Even the most rudimentary IT security standards were not met. This in turn is also dangerous in that the charging infrastructure interacts directly with the power grid and at least private connections should also feed into the power grid in future by means of bidirectional power flow. If load peaks are artificially generated by hacking, Germany faces the threat of at least regional blackouts. However, some of the problems have since been resolved, writes the BSI in its report.
(mho)
