it.sa describes itself as the ‘Home of IT Security’. The it-sa Expo&Congress in Nuremberg connects IT security providers and IT security managers in person. The dialogue platform it-sa 365 also brings them together online between the trade fair dates under the motto ‘Solutions – Networking – Knowledge’. We had the honour of giving an interview on the topic of ‘How secure are critical infrastructures in Germany?’.
Who are we?
Manuel Bohé, founder and Managing Director of Concepture, and Holger Berens, Chairman of the Board of the Association for the Protection of Critical Infrastructures (BSKI) and Managing Partner at Concepture. The two were interviewed by Nina Bundels from it.sa 365.
Threats from cyberspace and the threat situation
How secure are critical infrastructures in Germany (KRITIS)? This is more or less a steep starting point for Holger Berens, who begins by outlining the various sectors of KRITIS, thereby making it clear that there does not appear to be a simple answer to this question. The second point is the BSI Act, which is mandatory for KRITIS. It contains threshold values after which companies must take the legally prescribed measures. However, there are also many smaller utilities that do not fulfil these thresholds, but are nevertheless essential for the supply. The result, especially in the event of an attack on these smaller suppliers, would ultimately be the same – a supply problem with critical services for the population.
IT Security Act 2.0
When asked how companies feel about the new IT Security Act 2.0, Manuel Bohé begins by pointing out that there is currently still a transitional period due to the novelty of the law, meaning that companies still have time to gradually implement the requirements. However, he sees one central point, namely intrusion detection, as a very useful component that also offers added value for companies. Holger Berens adds that today it is no longer a question of whether a company will be attacked, but when it will realise it. These tools can help with this. However, he also appeals for these measures to be made mandatory for all companies – including small and medium-sized enterprises (SMEs). Manuel Bohé agrees with him in principle, but as an entrepreneur, he appeals first and foremost to companies to take responsibility for their own actions, even if voluntary measures have not always worked well in the past. It’s not all that complicated, he says, it’s just that the small basics of security are not practised and SMEs are overwhelmed with technical terms and the mass of measures.
Current threat situation with regard to the war in Ukraine
Holger Berens does not believe that the threat situation has changed significantly. This is because it was already present at a high level before. At this point, he again defines the different types of perpetrators and the motivation of the attackers – as we have already done in one of our articles. The war has increased the risk that well-intentioned actions could ultimately lead to real escalation, especially among the group of ethically motivated hackers (e.g. ‘Anonymous’). He still sees the biggest problem in organised crime. This is still where most of the damage is caused – and with a high attack density. Manuel Bohé points out that a lot has happened since the attacks of the past. Precisely because Germany has not shone in the past, especially when it comes to attacks on state institutions. In addition, ransomware attacks, for example, have become increasingly brazen and complex. The situation is difficult to assess at the moment and is fuelled by a lot of scaremongering and hypotheses. Holger Berens therefore advises against spreading panic – Manuel Bohé points out that a little panic in the past has also helped to get things moving.
Risk analysis – a prime example of tragic topicality
The basic game of risk analysis ‘probability of occurrence and extent of damage’ is well known, recalls Holger Berens. However, the war in Ukraine has shown that scenarios that were completely unimaginable a few months ago, i.e. with a very low probability of occurrence, have suddenly become reality on our doorstep. This also took him by surprise. The extent of the damage is immense, the KRITIS must now react to it, at least the awareness for it is now there.
Full interview :
If you would like to watch the full interview with Holger Berens and Manuel Bohé, you can do so on the it.sa 365 website (free registration required). We would like to thank it.sa for the opportunity to conduct this interview.
Cover picture: Copyright: Michael Schindler, wirdenkenlokal GmbH
