Easy game for spies? Our digital, electricity and gas networks are not sufficiently protected, says the German Office for the Protection of the Constitution. According to the current “Security Notice for the Economy”, the domestic critical infrastructure is being specifically investigated by foreign secret services and other “perpetrator groups”.
The Office for the Protection of the Constitution has legitimate concerns
Acts of sabotage by foreign states or extremists can have far-reaching effects and lead to serious damage. This is particularly true with regard to critical infrastructures (KRITIS) and KRITIS-related companies, which are essential for a functioning community. Protection against sabotage is therefore one of the core tasks of the constitutional protection authorities.
In the course of your threat analysis, you regularly discover information about gateways that can be used to prepare for and support attacks or even make them possible in the first place. It can be assumed that foreign intelligence services, among others, are specifically spying on them and exploiting them to prepare further measures. Numerous activities have been observed in the past that could have involved spying by foreign intelligence services.
Excerpt from the “Security Notice for Business” from December 2, 2022
There is therefore freely available information about vulnerabilities, nodes and even emergency procedures. Companies and authorities sometimes place information about critical infrastructure on the Internet completely unprotected, writes the Süddeutsche Zeitung . This is partly voluntary, but also due to legal requirements. This “provides potential saboteurs with the logistics information they need for an attack more or less free of charge.”
“Vulnerabilities and thus starting points” can be “identified in order to carry out physical and cyber-supported acts of sabotage,” warns the VS report. And it gets even worse: companies also post detailed instructions for crisis situations on the Internet, which enable secret services and terrorist groups to “interrupt or at least disrupt” the ongoing emergency procedures after an attack.
Attacks on Deutsche Bahn, October 2022
The letter from the Office for the Protection of the Constitution was preceded by two attacks on Deutsche Bahn's fiber optic lines, which vividly illustrated what was at stake: On October 8th, rail traffic in northern Germany stopped working for almost three hours. Thousands of travelers were stuck at train stations in Berlin, Hanover and Hamburg. The GSM-R train radio system failed in Schleswig-Holstein, Lower Saxony and Bremen, among others. And if this network no longer works, trains will no longer be allowed to run.
What happened? The perpetrators cut fiber optic cables near the Herne main train station in North Rhine-Westphalia and in Berlin-Hohenschönhausen. In Herne, hub for fiber optic connections affected. In Berlin, the cables were damaged on the open stretch between two S-Bahn stations. According to golem.de , the railway's fiber optic cables are laid along 20,000 kilometers of route: "They are practically unprotected in cable shafts."
Potential gateways for espionage
The letter from the Office for the Protection of the Constitution lists a number of potential entry points for spies and saboteurs:
- Presentations originally aimed at authorities and market participants
- Map material that shows the locations of facilities or routes
- publicly accessible internal documents such as instructions and guidelines that describe processes, information obligations and communication channels in detail
- Contact information beyond legal limits that could be used for social engineering or spear phishing
- Job advertisements for IT staff that provide information about the hardware and software used (such as network components and firewalls).
- IP addresses or address ranges can be used for scans that reveal vulnerable or poorly configured services on a company's system
Authorities have to balance transparency and secrecy
The Federal Network Agency is fully aware of “the changing threat situation and its responsibility for protecting sensitive information”. “The area of tension between the information needs of market players and the public and the necessary need for secrecy is regularly examined and reassessed,” the Süddeutsche Zeitung correspondence with the authority. “Sensitive information on critical facilities is not publicly accessible, and companies do not even have to provide documents that are classified as requiring confidentiality.”
According to tagesschau.de, Telekom also wants to restrict the flow of information. It will therefore no longer provide some of the data required for the infrastructure atlas . This “contains location data on the infrastructure of network operators” which “is made available to companies, but also to the federal government, states, districts and municipalities as part of the gigabit expansion”.
Concrete recommendations for action for (IT) security managers, human resources managers and company employees are best found directly in the Security Information for Business 04/2022 - Subject: Protection against sabotage.
For information about threats to your industry from espionage and sabotage, terrorism or violent extremism, as well as for specific security inquiries or suspected cases, contact the Prevention/Economic Protection Department of the Federal Office for the Protection of the Constitution (BfV): [email protected] , +49 30 18792-3322
Sources:
verfassungsschutz.de , wirtschaftsschutz.info , Federal Network Agency , SZ , Tagesschau , golem.de , glomex
Fact check: FIFA won't display Pelé's feet in a museum
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )