BSI denies increase in infrastructure hacks
February 17, 2019Germany's cyberdefense agency has denied that it recorded a significant rise in the number of cyberattacks on critical infrastructure, according to public broadcaster ARD.
Germany's Federal Office for Information Security (BSI) reportedly said it had noticed an increase in the number of cybersecurity incidents affecting vital utilities in 2018, but that it could not say how many were due to cyberattacks.
Read more: Germany struggles to step up cyberdefense
Earlier, the Welt am Sonntag newspaper reported that the BSI had attributed the increase in disruptions to cyberattacks.
Nearly 160 disruptions, not attacks
In the last six months of 2018, according to the figures seen by Welt am Sonntag, the BSI recorded 157 attacks on utilities and infrastructure — 19 of which were against the electricity network. It was a considerable increase on 2017, in which there were some 145 attacks for the whole year.
While past hacking efforts have been more about spying, the newspaper reported, an increasing proportion were now aimed at sabotaging infrastructure such as electricity, water and communications.
"Security authorities are concerned," Welt am Sonntag noted. "There has been a noticeable increase in the number and caliber of attacks, with the aim of shutting off power and water supplies."
Security authorities were reported to believe that the number of attacks involving foreign intelligence agencies was on the rise.
Read more: Six hack attacks that shook the world
Authorities believe the actual number of attacks could be far higher than the number reported, the newspaper said. Many attacks on mid-sized infrastructure targets — such as electricity distribution systems and municipal utilities — were thought to go unreported.
Operators of utilities such as gas and electricity providers and sewage works are obliged to report such attacks in Germany. Facilities such as hospitals and public transport networks, however, are not.
Nightmare scenario
Sectors covered by the terms of the report include energy, water, health, food, telecommunications, transport, finance and government. However, online attacks that threaten to cripple power plants are seen as the real nightmare scenario.
Last June, German intelligence reported that it believed Russia was behind a widespread cyberattack on German energy providers. It had previously drawn comparisons with an attempted attack on a German power plant and an incursion on a Ukrainian power plant.
Read more: Russia hack attacks: Revelations from 'spy mania'
Katherina Reiche, managing director of the German Association of Local Utilities, told the Frankfurter Allgemeine Sonntagszeitung that facilities like power plants should be given the level of cybersecurity that currently protects security services.
"A central federal responsibility for cybersecurity is necessary for an early response to cyber threats with streamlined structures and short decision paths," said Reiche in comments published on Sunday. "Municipal providers and electricity grid operators must be involved."
The German government is already planning a new federal agency concerned with cybersecurity, to be based in Halle (Saale) and Leipzig, in the German state of Saxony-Anhalt.