IT security incidents affecting German critical infrastructure are on the rise

The number of IT security incidents reported by critical infrastructure companies in Germany has soared.

In 2017, the German Federal Office for Security in Information Technology (BSI) received 145 such reports from critical infrastructure providers. In the second half of 2018 alone that number reached 157, Welt am Sonntag reports.

Reporting requirements

The BSI is the federal agency charged with managing computer and communication security for the German government, as well as monitoring the security of computer applications and the Internet, protecting critical infrastructure, certifying security products, and more.

Energy system operators and operators of public telecommunications networks and public accessible telecommunications services are required to report to the BSI significant disruptions of their IT systems, components and processes that resulted in the failure or impairment of the critical infrastructures operated by them.

If a failure or impairment is possible but has not yet occurred, a notification is only required if it’s due to an “extraordinary IT fault”:

• A new, previously unpublished vulnerability
• Unknown malware
• New ways of exploiting security vulnerabilities for which there is no patch yet
• A successful foiling of existing security measures (e.g., separation, sandboxing, etc.)
• Extraordinary (D)DoS attacks that initially can’t be countered with the existing mitigation measures
• Successful, attempted or successfully fended off targeted IT attacks by APTs
• Exceptional and unexpected technical defects (e.g., after software updates or a server cooling failure)
• Spear phishing
• Extraordinary IT disruptions in the field of process control systems (vulnerable PLCs, exploitation of errors in SCADA / PLC protocols or generally unsafe protocols, malfunction after firmware update).

The quality of cyber attacks has changed

Although the reported IT security incidents are not all a consequence of cyber attacks, there is a definite change in the quality of the reported attacks, other security sources have confirmed.

The German Interior Ministry’s division for the North Rhine-Westphalia state noted that, in the past, the reported cyber attacks were mostly espionage attempts, but that sabotage attacks are now becoming more common.

The security authorities suspect that foreign intelligence services are behind such attacks.

The BSI also believes that the number of cyber attacks against critical infrastructure is considerably higher than reported, as some smaller providers are not required to report them and some providers who should report them might be inclined not to because they fear a hit on their reputation.