War and Data Security: 'The Best Defense is a Better Defense' (Frankfurter Allgemeine Zeitung, Germany)
situation in Europe and many parts of the world is more precarious today than
it has been for many years. Unfortunately, we have seen that war has unequivocally
returned to Europe as an aspect of foreign policy. That has far-reaching
implications for cyber security.Modern
Internet communications technology as a way of confusing the enemy and propagandizing.
And it is well known that cyber technology can be used offensively to attack
and disable enemy infrastructure and systems." -- Munich Security
Conference Chairman Wolfgang Ischinger
"We are seeing
a dramatic loss of confidence. The revelations of Edward Snowden, surveillance by
the NSA and other incidents have changed our thinking - on security policy as
well. On a government level, this leads many countries to expand the offensive
potential of cyber technology. Meanwhile, the protection of their own systems
is sadly neglected. We return to the old motto: Attack is the best defense. But
I fear that this is not correct in this case. Cyber protection is a matter of
national security and that is why the following must apply: The best defense is
a better defense." -- Deutsche Telekom CEO Timotheus Höttges
[This column was originally posted December 6, 2014]
On Monday, executives and policymakers conferred on cyber security. In
a conversation with the Frankfurter AllgemeineZeitung [FAZ], Deutsche Telekom
CEO Timotheus Höttges and Munich Security Conference Chairman Wolfgang Ischinger
warned that the risk to computer networks and public infrastructure is growing.
FAZ: What, Misters Ischinger and Höttges, is
the scale of the threat?
From a foreign policy and security perspective, the situation in Europe and many
parts of the world is more precarious today than it has been for many years. Unfortunately,
we have seen that war has unequivocally returned to Europe as an aspect of
foreign policy. That has far-reaching implications for cyber security. Modern Internet communications technology is now used as a way of confusing the enemy and propagandizing.
And it is well known that cyber
technology can be used offensively to attack and disable enemy infrastructure
Everyone is potentially at risk – every state, every business, as well as every
citizen. That is why companies like Deutsche Telekom increasingly have some
level of responsibility for supporting and improving cooperation in this area. To a certain extent citizens
are resigned to this, because in the face of the Internet's
complexity they feel helpless.
FAZ: How does this manifest itself?
Feelings of helplessness result from an expansion of risk and diminished protection.
More and more people are worried about the security of their data, but hardly
anyone is doing anything about it. Our new security report shows that 90
percent of respondents believe that a majority of companies pass on or misuse
data. At the same time, everyone "agrees," for example, with data
security requirements when shopping online. But hardly anyone reads them. There
is a certain contradiction in behavior there. I hope that our conference
contributes to a greater awareness of risk among Internet users.
We are seeing a dramatic loss of confidence. The revelations of Edward Snowden,
surveillance by the NSA and other incidents have changed our thinking - on
security policy as well. On a government level, this leads many countries to
expand the offensive potential of cyber technology. Meanwhile, the protection
of their own systems is sadly neglected. We return to the old motto: Attack is
the best defense. But I fear that this is not correct in this case. Cyber
protection is a matter of national security and that is why the following must
apply: The best defense is a better defense.
FAZ: Are you afraid of terrorist attacks
on computer networks and public infrastructure?
We shouldn't present ourselves as prophets of doom, but in security policy it's
a good idea to assume the "worst case scenario." And the worst conceivably
scenario would in fact be that modern, well-equipped groups familiar with
modern technology, like those we observe at the moment in Syria and Iraq,
could concievably attack our networks. I am not afraid that this will impact the water
works in Cologne or Munich tomorrow, but these groups will stop at nothing - we've
seen that again and again. We - government, industry and society, must be
prepared for such scenarios. Unfortunately, this remains far off - even in the
collective awareness of risk.
Timotheus Höttges: The dangers are very real. Think about the
attack by Syrian hackers on the water supply in Haifa a year ago - and in the
United States, about 60 percent more cyber attacks on public infrastructure
was recorded in 2013 over the previous year.
FAZ: Has the topic of cyber security reached
the boardrooms of the economy?
Definitely, yes. This can be seen from the fact that more and more of our
summit participants come from industry - and also in the response to our
services, like the major new data center in Magdeburg where we maintain one of our
biggest "clouds." Companies want to know where their information is stored,
and they want to be certain that sensitive customer and company information is
well protected. But we are also seeing that small and mid-sized companies
require a lot of catch-up work when it comes to security-related issues.
FAZ: Has the quality of the attacks
The attacks are becoming more sophisticated and the attackers are learning quickly.
In addition to classical automated programs that attempt to tap information or paralyze
networks, there are more tailored attacks on individual companies. Frequently,
social networks are used to steal personal employee information that facilitates
the penetration of networks.
FAZ: In spite of all the cyber risk,
connectivity continues to move forward. Under the rubric of Industry 4.0,
factories and entire value chains are being digitized. Doesn't this create new
areas for attack?
Timotheus Höttges: In
the early days of the railroad, people were afraid that the high speeds would
be incontrollable and lead to accidents. As a consequence, measures were taken
to minimize the risks. The establishment of the TÜV, for example, then called the Dampfkessel
Revisions Verein [technical inspection association]. We
face a similar challenge today. Yes, there are risks associated with any new
technology. No one wants to downplay that. Vulnerability to cyber attacks
increases with Industry 4.0,
which is why the effective protection of systems will become even more
important - together in communication and in cooperation across all sectors. We
must learn to control the risks, because we cannot afford to slow down the
process. Digitization is the most important driver of growth and societal
FAZ: In terms of data protection and
security, America and Europe are still worlds apart.Or do you see progress, Mr. Ischinger?
We had at the end of June the first meeting of the U.S.-German
Cyber Dialog in Berlin. Unfortunately, the result was not too satisfactory.
But if we want to rebuild trust, we cannot destroy the thread of discussion. The
Munich Security Conference will make a contribution to raising awareness. That
also means recognizing that not just us Europeans, but also more and more
Americans, are demanding data security and privacy.
FAZ: Why is it so difficult to achieve a
Even in America, Snowden and his revelations created a stir. But for historical
reasons, Americans have more confidence in their secret services than Europeans
do. Nevertheless, it should still be possible to build bridges and find common
ground through dialog between the Bundestag and the U.S. Congress, for example,
as well as in non-governmental spheres.
Posted By Worldmeets.US
Timotheus Höttges: The
approach to data protection is completely different than in Europe. In the
United States, the use of personal data is generally permitted, unless it is expressly
prohibited. Here it is exactly the opposite, being derived from the fundamental
right to informational self-determination. This fundamental right is not
recognized to the same degree in the U.S., and that leads to turmoil in our
globalized digital world.
FAZ: For example?
This fundamental difference in the way we understand data protection is one of
the reasons digital champions like Google or Facebook were not successfully
created in Europe. Business models of this type, in which data are stored and
processed without consent, would not even be possible in Europe.
FAZ: But huge amounts of data from
European users end up with American companies.
That is why it's even more important for industry and consumers that there are
reliable rules for the game. We need unified European data protection
regulations that leave no loopholes. The right to informational self-determination
must apply to everyone. What shouldn't happen is that data from European users
can be used differently outside Europe than inside.
FAZ: Google' CEO Eric Schmidt warns that
the strict E.U. data protection rules being proposed could lead to a balkanization
of the Internet [last video, right]. Is there something to this?
Timotheus Höttges: Data
generated in Europe should be stored in Europe and should be subject to a
uniform data protection law. Each provider who adheres to these rules will have
access, regardless of whether the company is from America, Asia, or Europe. This
is not a fragmentation of the Internet, but rather the creation of digital