Fear of cyberattacks on public water supply
Security experts from research, politics, economy, and the police of three countries use conference at KIT in Karlsruhe to call for better protection of critical infrastructures in the Upper Rhine region
Power supply, public health system, disaster control, or public administration – ubiquitous computerization makes any of the infrastructures that are vital for our daily lives vulnerable to cyberattacks that can completely paralyze their operations. This warning was issued by German, French, and Swiss security experts from research, politics, economy, and the police who met at Karlsruhe Institute of Technology (KIT) last week.
The experts stressed that creating more security requires an effort of the society as a whole. Under the tri-national SERIOR project (www.serior.eu ), the experts jointly investigate ways to protect the vital infrastructures in the Upper Rhine region against attacks from the Internet.
Cyber criminals are a threat not only to organizations that are generally recognized as being crucially dependent on information technology, such as communication companies, stock exchanges, media, or railway companies, but also to infrastructures that are very basic and simple at first sight, such as drinking water supply and sewage systems, the scientists warn. On the occasion of their conference on Thursday, July 4, the researchers pointed out that ensuring the protection of these infrastructures is a key task of national and entrepreneurial risk management and a central topic of Germany's security policy. "The protection of critical infrastructures is incumbent on society as a whole, a task that requires coordinated action backed by all responsible players – government, economy, and the public."
Although cyberattacks are hardly predictable – as the most recent incidents such as the "WannaCry" ransomware assault showed – risk management in institutions, companies, and other organizations must not be restricted to reacting to an incident, the experts demand. They criticize that countermeasures are only taken after harm has been done.
However, there is an urgent need for action: The threat presented by cyber criminals will increase even more in the future, the experts for IT security participating in the event emphasize. Due to increased task sharing among cyber criminals and the fact that hacking services have gone commercial, individual hacker skills are hardly required to operate an effective cyber offensive. The Baden-Württemberg State Office of Criminal Investigation stated that a fully-fledged industry has developed whose turnover figures already exceed those generated in the international drug traffic.
The computer systems employed for controlling critical infrastructures are becoming increasingly complex. This, however, does not result in more, but rather in less security, the experts believe. They assert that securing less complex systems is by far easier and more promising. Cost and efficiency considerations result in more and more infrastructures being controlled from a central location. This is a problem because a successful attack will have dramatic consequences for the entire infrastructure.
The security experts unanimously complain about the lack of awareness on the part of the users as regards the risks incurred by insufficient cyber security. People must be wised up more efficiently, but also be made accountable. Security is not for free: It costs money and/or might interfere with people's privacy.
Provided by Karlsruhe Institute of Technology
