Cyber attack victims fear exposure | Science| In-depth reporting on science and technology | DW | 17.09.2012
  1. Inhalt
  2. Navigation
  3. Weitere Inhalte
  4. Metanavigation
  5. Suche
  6. Choose from 30 Languages


Cyber attack victims fear exposure

European firms and governments are slowly taking cyber security seriously. But finding a balance between self-regulation and legislation may prove as big a challenge as the threat itself.

September has so far seen two very different events in the international telecommunications sector.

First, Germany's Deutsche Telekom hosted its inaugural Cyber Security Summit. About 70 executives from some of the country's biggest companies had gathered in Bonn to discuss one of the biggest digital threats to their businesses.

And at the same time, Chinese telecommunication companies, ZTE and Huawei, were in the US, defending themselves against allegations that they posed a "security threat" at a House Intelligence Committee hearing in Washington.

Huawei's attempts to expand into the American market have been thwarted by the US government.

The company is also viewed with suspicion in Australia, where it was blocked from bidding for contracts on a huge broadband network.

Few companies step forward

Huawei, the world's second largest telecommunications manufacturer, is not unwelcome everywhere. It recently announced plans to invest 2 billion dollars to expand its research and development division in the UK.

But Howard Schmidt, a former cyber security coordinator in the Obama Administration says the onus is telecommunication manufacturers and operators to prove they are not creating software or hardware that can act as "intelligence gathering device."

A visitor uses a touch screen to check out cloud computing software applications at the booth of German company Deutsche Telekom at the CeBit computer fair in Hanover,

Cloud computing may reduce costs significantly, but it represents more security threats

In February, the Cybersecurity Act of 2012 was presented as America's attempt to force companies that make IT for essential infrastructure, like smart electricity grids and water supplies, to adhere to certain security standards. But the Act failed to pass in the US senate in August.

"One of the concerns that many of us have about regulation is if you have regulation mandating companies do something, then the company is building products around compliance, not doing what they need to do to be innovative to come up with new products for us," Schmidt told journalists in Bonn.

Most of those who attended the Cyber Security Summit in Bonn prefer self-regulation.

But they say they do also see the need for transparency. Companies can be reluctant to disclose cyber attacks because they fear it will harm their reputation - as was the case for a major financial institute.

"They had been a victim for two months before they found it," says Schmidt, "they notified the government, and it took more than 102 days to let other companies know what this company had gone through."

Getting the public on board

In some industries, companies withholding information that could help prevent others in their industry from suffering potential damage can face prosecution. But the same is not the case with IT security.

Deutsche Telekom CEO, René Obermann, believes the media is to blame.

"Companies that have suffered a cyber attack [...] are punished twice - once through the attack and then through a loss of reputation because they can be strongly criticized by the public," says Obermann.

A user with his smartphone

Smartphones, which employees use to access work email, can also pose a security risk

Obermann says the media can be too quick to blame the company that has suffered an attack.

A resulting lack of transparency - as companies seek to protect their reputations - has led to a disconnect between the industry and the public.

"The public gets the impression this is just one security hype, nothing is really happening. All they ever hear about is teenage hackers, activists and so forth," says Dr Sandro Gaycken of Berlin's Freie Universität, "but things are happening - very dangerous and costly things - but we never hear about them because it's embarrassing."

According to the Allensbach Institute's Cyber Security Report, companies with a turnover of more than 500 million euros are 19 percent more likely to be targeted in a cyber attack. This is expected to increase significantly in the coming years. An industry move towards disclosing information on cyber attacks and subsequent costs would help generate better public understanding.

"It would help the issue tremendously if things came out because it would create more pressure on the politicians to put more effort and more money into this problem," says Gaycken.

DW recommends