The threat from the network

On September 19 and 20, the Munich Security Conference (MSC) and German telecoms giant Deutsche Telekom host the fourth Cyber Security Summit. This year's event is the first to take place in Silicon Valley. Around 100 high-ranking representatives from science, politics, business and the military will discuss the current challenges in cyberspace at Stanford University in Palo Alto, California.

The topics include defense against cyber attacks, the future of warfare, the development of standards and rules for cyberspace, the fight against cyber-terrorism and the economic importance of cyber security. Ahead of the event, DW spoke to Thomas Kremer, member of the board of management for data privacy, legal affairs and compliance at Deutsche Telekom AG.

Deutsche Welle: Together with the Munich Security Conference, Deutsche Telekom has been one of the organizers of the Cyber Security Summit, which has taken place three times in Germany. This year, the security conference is taking place in Silicon Valley in the US. Why?

Thomas Kremer: Silicon Valley is a region that is highly innovative in all areas involving cyber security. New methods come from here. It is an international meeting place. Cyber security cannot be regulated on the national or even European level - you need an international network. We therefore need to go where the action is.

What has happened in the field since the last Cyber Security Summit two years ago?

At the first Cyber Security Summit, we worked hard to promote the idea that cyber security is not only a matter for specialists, but a matter for decision makers. I believe that this is the area where we made the most progress. Today it is clear in most companies that IT security and cyber security must be discussed at the top table. With certain limitations, the same goes for small- and mid-sized companies.

A second aspect is that cooperation in security issues between authorities and companies has very clearly improved. In my opinion, this progress is thanks to the Cyber Security Summits we held in Bonn.

What is the scope of the threat in cyberspace? Has it worsened - for example in terms of Industry 4.0?

We clearly see that with increasing digitalization of all aspects of our professional and private lives, the sphere for cyber attacks has grown. We have a bigger threat potential. At the same time we see that the attackers behave increasingly sophisticated.

That's something we experienced painfully here in this region when several hospitals were victims of cyber attacks. The attacker simply encrypted all files so that it was essentially impossible to keep working with the patient files. This is a disaster for a hospital. Cyber criminals then tried to blackmail the hospitals.

This is one of the very latest threats that we have here. We have to address it, because we know that the vast majority of all companies have already been victims of cyber attacks. And that will continue to increase.

What are the biggest challenges in cyber security?

Companies no longer surround themselves with a firewall that acts like a castle rampart, completely securing them. The sophistication of attacks has long since driven this system to absurdity. What we need now are systems that monitor our IT in real time and give us a signal when there is unusual activity. We also need teams that, if they detect unusual activity, closely analyze the system, repair it or switch it off, to end an attack quickly.

The second point is international interconnection. We need global agreement on the issue of cyber security and the necessary steps, including regulation. Frameworks that address, for example, the issue of weak software and software errors: this cannot only be here in Germany or in Europe, but we need global rules, because cyberspace is worldwide and the cyber criminals travel worldwide. A framework like this is one of the challenges we are addressing at the Cyber Security Summit in Palo Alto.

I want to return to your first point. Does this mean that I now can generally no longer protect myself against cyber attacks? But instead I can only react when an attack is coming?

Individuals can do an incredible amount for their security. In principle, it's the old basics. You should set up a firewall on a private computer, install updates and change passwords once a month. If you take these precautions seriously, you will be protected against more than 90 percent of all attacks.

And businesses?

High security for business can be achieved only if it is not thought of as purely local. That is, the security that we produce is not something the company keeps "in the basement." Instead, we need cloud solutions. We need large data centers that work professionally with high standards to address the issue of data security - and that is the trend.

Transparency and cooperation are your major topics at the conference in Silicon Valley. But Deutsche Telekom still wants to sell its security products. And it therefore also has to differentiate itself from competitors. How does this fit together?

If any company thinks it can solve all its problems alone, it is certainly on the wrong track. When it comes to product development, we also need an international exchange of ideas. We as Deutsche Telekom welcome this. And from the results of this exchange, we will be able to respond immediately in our security activities and then offer our customers security models. And this is true not only for large enterprises, but especially for small- and mid-sized companies.

The interview was conducted by Insa Wrede.