Germany warns of nation-state cyberespionage threat
31 July 2017 | 0
German industry is under attack, and they may not be aware.
According to Bitkom (Germany’s digital industry association) a full 53% of German companies have been victims of economic espionage. While the German domestic intelligence and security service, Bundesamt für Verfassungsschutz (BfV), warns of the ever-increasing instances of nation-state cyberespionage.
BitKom’s report, Business Protection in the Digital World (pdf-German), shows over €55 billion are lost each year due to espionage, sabotage or data theft within German industry. The survey queried 1,069 managers and security officers across a breadth of industries.
BitKom’s president, Achim Berg, noted, “Companies need to do much more for their digital security. The study shows that the risk for companies in all industries and of all sizes is real.”
He was joined in this admonishment by Dr Hans-Georg Maaßen, president of the BfV, who said, “The study highlights that we must direct our special attention to the defence of espionage attacks on the German economy in times of digitisation and Industry 4.0. In terms of a holistic and sustainable economic protection including not only IT-related measures but risk-minimising plans in the areas of organisation, personnel and awareness. It is also important the intensive cooperation between business and government and the authorities themselves—as in the ‘Initiative economic protection.'”
The BfV’s annual Report on the Protection of the Constitution provides foundational support of Dr Maaßen. The report highlights the activities of Russia, China and Iran as being the primary players in the world of cyber espionage targeting German interests. Russia is primarily focused on pushing its political and geopolitical narrative. China, however, is focused on industry, research, technology and the armed forces. The Chinese use social networks (Facebook/LinkedIn) to recruit on a large scale. Their MO is textbook:
“Ostensible researchers, recruiters and head hunters contact persons with promising profiles and try to lure them with attractive opportunities. Finally, they invite these persons to China where they are approached by the intelligence services.”
The Chinese are targeting trusted insiders for the desired information.
The Iranian effort has been focused on critical infrastructure, with cyberattacks not only being used for information collection but also for sabotage purposes. That said, the Iranians continue to spot and recruit human sources with access to desired technologies.
Economic and industrial crime within Germany seems omnipresent. Examples contained in the BitKom report evidencing the depth to which German companies have been victimised include:
- Theft of sensitive digital data — 17% (every sixth company) had sensitive digital data stolen over the past two years.
- Emails — 41% of companies noted their email systems had been compromised
- Financial information — 36% found financial information had been purloined by attackers.
- Intellectual property — 11% had their research and development, patents targeted
- Personnel — 10% of companies saw the loss of employee-centric information.
- Analog events — 20% of companies reported instances of phone call and meetings being listened to by unauthorised personnel, while others reported the theft of documents, papers, samples and components. Four percent of companies reported their production systems had been compromised and crippled or sabotaged in an analogue manner (i.e., not a digital attack).
- Digital events — 18% of companies reported they were subjected to social engineering, with every eighth company (12%) having seen their systems digitally sabotaged.
The most common theft remains the theft of devices, with a full on 30% of companies seeing laptops, tablets and smartphones stolen in the past two years,
A full 62% of Bitkom’s respondents noted how the trusted insider (be they current or former employees) being responsible for espionage, sabotage and data theft. With more than one-third of companies (37%) noting their perpetrators being home grown from Germany.
Industry reports the instance of foreign intelligence services to have been a low 3%, with 7% categorised as “attacker unknown. Of those attacks that could be attributed to foreign entities, the distribution was not surprising:
- Eastern Europe — 23%
- China — 20%
- Russia — 18%
- US — 15%
- Europe — 12%
- Japan — 9%
Sadly, both BitCom and the BfV report that less than one-third of companies turned to the government for assistance in sorting out the attack they experienced. Dr Maaßen said, “Only when companies report attacks to security agencies can realistic picture of the situation and defensive strategies be developed. “
The number one reason for not reporting a cyberattack? “Fear of reputational damage.” And those who do report often omit information because they fear negative consequences (35%) or the cost is too high (29%).
Public private cooperation
Public-private partnerships have never been as important to the protection of industry and nation as they are today. Industry is often many generations more advanced in technology than their government partners and thus brings unique knowledge to the table. The government, however, can contribute resources that the private sector cannot legally bring to the table. It is in the interest of every country to have industry and nation operating in a collaborative manner, not just in Germany, as the alternative is to lose intellectual property, research and development and economic stability.
IDG News Service