By Arne Schönbohm, President of the Federal Office for Information Security (BSI), Bonn
“IT security has become one of the central requirements of information and communication technologies.”
Powerful and secure communication systems are the central nervous system of 21st century society. Hardly any part of society can do without reliable and secure IT and communication systems. They are essential for a functioning economy and for many other areas of our closely networked society. They create the prerequisites for mobility and data exchange as well as for the transfer of capital, goods and services. They ensure the networking of medical devices in an operating theatre and are a pre-requisite for Industry 4.0, the energy revolution and the operation of critical infrastructures.
Cyberspace is an arena for criminals
But at the same time, the level of threat is increasing as a result of vulnerabilities within these systems. The number of IT attacks increases every year. They are becoming ever more professional, and their consequences ever more serious. Successful attacks on communication systems, hospitals and companies, on democratic institutions such as the German Bundestag, on media and on media campaigns, such as election campaigns, show us just how vulnerable our society is and how sophisticated the perpetrators are. Parties involved in crime, terrorism and in intelligence systems use cyberspace as an arena for their activities. This means that IT security has become one of the central requirements of information and communication technologies. Successful digitalisation will not happen without cybersecurity. The instigators of these attacks are organised on an international basis; they profit from global networking and the camouflaging opportunities provided by the Internet. Their tracks are often difficult to follow, attempts to do so quickly come up against national borders. The openness and extent of cyberspace allows them to carry out disguised attacks by hijacking vulnerable victim systems and making them into tools for their attacks. Too often, neither the identity nor the background of the attacker can be established.
Increase resilience and foster partnerships
The more important digitalisation becomes for our lives and businesses, the more important it is to increase Germany’s resilience to cyberthreats of all kinds. It is necessary to interlink stakeholders in the state, the economy and in society at national and international level, as only a common approach will lead to success. In the future, maintaining partnerships with other states and organisations will become an essential element of a forward-looking cybersecurity strategy. In addition to cooperation in the United Nations, this also includes cooperation in the EU, the Council of Europe, the OSCE and other multinational organisations. The aim must be to improve the international community’s coherence and ability to act in order to protect cyberspace by means of international coordination and appropriate networking. That is why the BSI is also the national cyberdefence authority for Germany towards NATO. Strengthening cybersecurity also requires the enforcement of international behaviour rules, standards and norms. The first step towards better cybersecurity is to develop some common minimum rules (code of conduct) with allies and partners. This requires overcoming the discrepancy between increasing multi-lateralisation and sovereign assessment and decision- making. Proven German and European IT and data security standards must be strengthened and maintained in the globalised world.
The German solution
The German Federal Office for Information Security (BSI) has been Germany’s state competence centre for IT and cybersecurity for more than 25 years. Its professional expertise is recognised far beyond the world of public administration. The BSI as the national cybersecurity authority shapes information security in the digital world for government, business and society, with a clear legal mandate, which was expanded once again by the IT Security Act in 2015. When the BSI was founded, the decision was to separate the “codebreakers” from the “codemakers”. This proved to be a very smart and forward-looking decision. As a result, the BSI has been able, over the years, to build up great public trust, especially in the economy. As Germany’s national cybersecurity authority, the BSI is engaged at a European level and is involved with the relevant European bodies. In the past, the BSI also launched joint initiatives with other Member States. At European level, there is a network of government CERTs (Computer Emergency Response Teams) in which there is trusting exchange and mutual support. The effectiveness of the international cooperation was evidenced by the successful dismantling of the Botnet infrastructure “Avalanche”. Germany’s activities were successfully coordinated by the National Cyber Response Centre.
Private parties are involved
At international level, as well as at European level, private parties are increasingly involved in cybersecurity measures. These include cybersecurity exercises, public-private partnerships for network stability, cost-effectiveness analyses and risk assessments as well as campaigns to raise awareness concerning the dangers of the Internet among the population and SMEs. These forms of cooperation between the states and their security institutions, between the IT security authorities and the economy and between politics and society must be systematically and continuously expanded. They form an essential basis for successful measures in the fight against cybercrime.
Arne Schönbohm has been President of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) since February 2016. Born in 1969 in Hamburg, Germany, he studied International Management in Dortmund, London and Taipeh. Mr Schönbohm worked in different positions at EADS, inter alia as Vice-President for commercial and defence solutions. In 2008, he became Chairman of the board of the BuCET Shared Services AG (BSS AG). Prior to his current position, Mr Schönbohm was President of the Cyber-Security Council Germany. Throughout his career, he was security expert and advisor for several political decision-makers on the regional, federal and European level.