The State of IT Security in Germany 2018 the STATE of IT SECURITY in GERMANY 2018
Total Page:16
File Type:pdf, Size:1020Kb
The State of IT Security in Germany 2018 THE STATE OF IT SECURITY IN GERMANY 2018 2 THE STATE OF IT SECURITY IN GERMANY 2018 | FOREWORD Foreword Our modern, high-tech society depends on the functio- In its 2018 report on the state of IT security in Germany, nal integrity of information technologies and commu- the BSI has presented a well-founded and comprehen- nication systems, effective infrastructure and a secure sive overview of the threats facing our country, our supply of energy. These systems are the foundation for people and our economy in cyberspace. Above all, how- technical progress and economic development in our ever, it illustrates the successful and indispensable efforts country. the BSI undertakes on our behalf. Germany, its residents, businesses and governmental agencies remain in the As such systems grow more complex and all the areas crosshairs of those looking to carry out cyberattacks. of our information society become more interconnect- Taking on these challenges and devising rapid, efficient ed, however, the risks posed by disruptions and attacks responses to the latest dangers in cyberspace remains from within Germany or abroad are increasing as well. the central task of the BSI and its employees. Threats in cyberspace are highly dynamic, and cyber attacks are becoming more adaptive and professional. Both IT systems and the methods used to attack them are constantly evolving at a rapid pace. The Federal Government takes seriously its responsibili- ty to ensure security also in cyberspace by maintaining a framework of IT security laws, pursuing a cybersecurity strategy and strengthening the relevant agencies. Nevertheless, we cannot – indeed, we must not – rest on our accomplishments. Instead, we will further develop our IT security legislation (IT-Sicherheitsgesetz 2.0) as a way to strengthen the government’s mandate to provide adequate protection in this regard. Our aim is to achieve a further expansion of the guidance and support the BSI offers to our federal republic, its states, citizens and companies. Nevertheless, these matters demand more than just governmental action. When it comes to guarding against such threats in business and industry, companies themselves are called upon to enhance their IT security measures and adapt them to new challenges. Cooperation and the sharing of information among all the entities involved are essential to address the dangers of cyberspace effectively. Security standards need to be established and enforced, and that requires a strong moderator. In addition to serving as the security service provider for Germany’s federal administration, the BSI already offers a broad portfolio of security services for business and industry as well as society in general. I am committed to further expanding the BSI’s capabilities Horst Seehofer and advancing it as our national cybersecurity authority. Federal Minister of the Interior, Building and Community 3 THE STATE OF IT SECURITY IN GERMANY 2018 | FOREWORD Foreword With the increase in motorised traffic at the beginning the level of threat. The legal framework must be further of the industrial age, new regulations had to be created, developed, existing cooperation efforts intensified nation- new technical facilities implemented and new behaviour ally and internationally, and affected protection measures learned in order to guarantee road safety. For more than continually put to the test. We need to remain open to new 100 years, traffic lights have regulated the traffic and road things, anticipate current threats and intensify our aware- traffic regulations have been in place since 1934, providing ness of the importance of IT security. rules of conduct for all road users. For some road users a required test was even introduced before they were allowed We must stay clear on one point: the digitisation process to use their vehicle. New professions were created, new cannot continue successfully without cyber security. BSI rules laid down, and new institutions had to govern traffic. approaches this process in line with its own guidelines: as the national cyber security authority, the BSI is responsible Today, we are at the beginning of a new era again. Digiti- for digital information security for the state, businesses and sation increasingly determines the activities of states and society through prevention, detection and reaction. businesses, as well as the everyday life of citizens. And just as in the early days of the industrial age, we need to create new I hope you find the 2018 status report interesting and regulations, implement new technical facilities and learn informative. new behaviours to increase cyber security. A few examples include the German IT Security Act, IT-Grundschutz stand- ards and behavioural rules on how to handle smartphones, tablets and more are just a few examples. In contrast to the start of the industrial age, however, we have less time to respond and adapt to this new techno- logical foundation as a society. The pace of innovation in digitisation is breath-taking. New applications and new products are reaching the market in ever shorter cycles with new companies based on innovative digital technologies displacing the old established ones. And globalisation and technical networking mean that mistakes in development, gaps in regulations and negligence in behaviour often have immense consequences. The more important digitisation becomes for governmental activities, our businesses and our everyday life, the more the associated challenges of cyber security must be tackled jointly by all those involved at national and international level. Germany has made good progress in this direction. Impor- tant legislative and operational measures have been imple- mented in all areas. The networking of players at federal, state and local level has been driven forward, cooperation with industry has been expanded, and the BSI has been significantly increased in terms of personnel. We are well prepared. But only as long as we as a society continue to increase our Arne Schönbohm efforts for a stable and successful cyber defence at least President of the Federal Office proportionately to but ideally as a proactive response to for Information Security (BSI) 4 THE STATE OF IT SECURITY IN GERMANY 2018 | CONTENT Content Foreword Foreword Horst Seehofer, Federal Minister of the Interior, Building and Community 3 Foreword Arne Schönbohm, President of the Federal Office for Information Security (BSI) 4 1 The Level of Threat 7 1.1 The level of threat to the Federal Government 7 1.2 The level of threat to critical infrastructures and the business world 10 1.3 The level of threat to society 17 1.4 Attack methods and means 23 2 BSI Solutions and Services 53 2.1 Target audience: state and administration 53 2.2 Target audience: the business world 64 2.3 Target audience: society 72 2.4 Target audience: international cooperation 84 2.5 Cyber security needs IT professionals 88 3 General Evaluation and Conclusion 91 4 Glossary 96 Legal Notice 99 5 The Level of Threat 6 THE STATE OF IT SECURITY IN GERMANY 2018 | THE LEVEL OF THREAT 1 The Level of Threat This chapter describes the level of threat to IT security in Protection against malware Germany in the period from 1 July 2017 to 31 May 2018. It is divided into three areas: the Federal Administration, Cyber attacks on the German government’s networks critical infrastructures/the business world and society. occur on a daily basis. In addition to arbitrary large-scale It also looks at the methods and means of attack used by operations, these networks are exposed to targeted attack perpetrators, in addition to the general conditions and campaigns. causes, providing a number of examples of how attacks on IT security can affect life in a digitised society. The most frequently detected attacks on the Federal Administration involve e-mails containing malware. Using automated anti-virus measures, an average of 28,000 e-mails 1.1 The level of threat to the of this kind were intercepted in real time each month before Federal Government they reached the recipients’ inboxes. Of these, an average of around 6,000 malicious e-mails were collected each To ensure that government institutions are able to carry month using specially created anti-virus signatures alone. out their constitutional tasks safely and sustainably, the The decline in these figures compared to the previous year’s state‘s information systems must be able to operate reliably report can mainly be attributed to the sharp downturn in and without disruption. This is the only reliable way to ransomware in 2017, which was also observed outside the guarantee forgery-proof documentation of administrative government’s networks. In comparison to previous years, activities and to allow the state to communicate with its significantly more malware was distributed via links in citizens without gaps and protected against manipula- e-mails rather than as attachments. tion of any kind. If this is not possible due to impaired or non-functional information systems, confidence in the In HTTP traffic, an average of around 500 malware pro- integrity of the state is shaken. In digital society, the infor- grammes were detected and blocked each month in 2017. mation systems of the state authorities have thus become This was another area in which the trend towards merely critical factors for the functioning of the community. incorporating links to malware into e-mails rather than attaching the malware itself continued in 2018. 1.1.1 Insights from the protection of To supplement its automated anti-virus measures, the BSI government networks operates an additional downstream system to detect malware in the government’s network traffic in accordance with End-to-end encrypted communications and a robust, the expanded authority granted to the BSI by German law redundant architecture are the most important measures (Section 5 of the BSIG). The manner in which it combines taken to protect the central government.