National Cybersecurity Conference: Sharp warnings, blunt swords and AI

Contents

Concern about IT security is written all over the faces of the guests invited to the Hasso Plattner Institute's annual "Conference for National Cyber Security". The conference opened on Wednesday. Representatives of all security authorities involved in cyber security in Germany, from the BSI and BKA to ZITIS, the Office for the Protection of the Constitution, the Federal Intelligence Service and the Bundeswehr, came to debate the situation and the right conclusions with researchers, entrepreneurs, associations and a few representatives of civil society.

Most of the debates on the first day in Potsdam had the same headlines as they could have had since the conference was first held, but this time the content was more cautionary and warning. Sinan Selen, Vice President of the Federal Office for the Protection of the Constitution, gave the most remarkable presentation. He named a problematic player in the virtual space without much ado: the People's Republic of China.

Office for the Protection of the Constitution warns of Chinese capabilities in no uncertain terms

According to counterintelligence, revelations about the Chengdu-based IT security company i-Soon confirm that cooperation between private and state actors is becoming increasingly close in China. According to the documents in the leak, what I-Soon offered was "Advanced Persistent Threat as a Service", said Selen. I-Soon is obviously not a normal IT security company: "This is explicitly about going three, four or five steps further in addition to penetration testing."

Access to ten targets via email was offered for 52,000 euros, while penetrating the network of the Vietnamese Ministry of Economic Affairs would have cost 50,000 euros; on average, the company estimated 9,000 to 13,000 euros per order. Anti-terrorism support" was also part of the company's portfolio – meaning the surveillance of Uyghurs in the historically Muslim region of Xinjiang in northwest China. Internal chat histories of the company provide further clear indications of the level of activity. Basically, the BfV vice president said on Wednesday, "the state in China is making significantly more and targeted use of civilian support."

"Our opponents have a lot of staying power"

Selen's warning about China's capabilities is not least intended to shake up the German economy. "Quantity and quality have reached a significantly higher level than a few years ago," he warns regarding China, adding that the market has also become more confusing. This will change the overall situation in the coming years. Government agencies and opinion-forming will come under greater attack in the future. "Our opponents have a lot of staying power," Selen warned against naivety when assessing the consequences.

Attacks on political actors, for example, are not a matter of the first few weeks. "They need information to start disinformation, to carry out hack-and-publish operations," said Selen. Looking at the events in isolation is not right, said Selen. It's not about the individual attack, but about long-term operations where the attackers' profits are used weeks, months or even years later. The defense against such attacks is usually the responsibility of those affected, who in Germany can turn to the police, constitutional protection offices and IT security authorities for at least initial assistance in acute cases.

BSI wants to move away from checklists...

The President of the Federal Office for Information Security (BSI), Claudia Plattner, who has been in office for almost exactly one year, emphasized in Potsdam how important it is to take concrete steps. The importance of IT security is still far from being understood by all companies and organizations. Yet it is "at the heart of production" and indispensable. Considering the challenges, a comprehensive, different approach is therefore needed. "The only chance we have is if we manage to reposition a country," said Plattner, repeating the appeal she has been making for months for Germany to become a cyber nation.