Security risk: Cyberspace
February 12, 2016
"The cyber domain was, is and will continue to be one of the most challenging aspects of international security." With these words, the director of the Munich Security Conference, Wolfgang Ischinger, placed cybersecurity high on the agenda of this year's conference.
One of the core issues, says Ischinger, is the language of the IT experts themselves, something so complicated it's leaving many people behind.
Nearly 200 business leaders, insiders and IT experts attended the 2nd annual International Cybersecurity Conference. The conference was part of a parallel program at the Munich Security Conference, which kicked off Friday for three days of meetings, with some 600 influential decision-makers from around the world attending.
Being the venue of the conference, the Bayerische Hof Hotel is already bursting at the seams, which may account for the unusual location of the cybersecurity meetings high up on the sixth floor in a room beside the swimming pool and sauna area.
During speeches and presentations held by high-ranking officials, members of the audience can peer outside to see people in white bathrobes smoking cigarettes on the roof terrace.
Cyberworld's opportunities and risks
Among the high-profile attendees were Andreas Dombret, executive board member of Germany's central bank, Al Tarasiuk, who serves as head of IT Security at Deutsche Bank, and Paul Nicholas, chief of Global Security Strategy at Microsoft. Also there were Heiko Löhr, a director at the Criminal Division of Germany's federal police, Axel Stepken, a member of the board at TÜV SÜD, and John Suffolk, the head of Global Cybersecurity at Huawei, the Chinese network defense firm.
As was recently the case at the Global Economic Forum in Davos, the so-called fourth industrial revolution - the increasing connectivity of the world as well as the digitalization and automation of industrial processes along the value chain - was in the spotlight.
Robin Niblett, director of the London think tank Chatham House, linked these developments to the driving force of economic growth over the last two decades: globalization. The Internet's ability to connect people was the fundamental basis upon which globalization occurred, according to Niblett. Now, at a time of slower growth, the capacity to handle large amounts of data was essential.
As is often the case at IT conferences, attendees and presenters were united in the belief that the enormous opportunities digitalization provided for economic growth had to be used. At the same time, all the participants were fully aware that the ways in which our society depended on the Internet and the subsequent potential for cyberattacks were increasing exponentially. The cyberworld has created a new hyper-asymmetry, according to Niblett. Whereas in the analogue world, war required perhaps three assailants to overwhelm one enemy combatant, in the digital world, one attacker could render 1,000 people defenseless.
445 billion euros in damages
While the findings regarding increasing dangers proved unequivocal, the opinions on how seriously those at the executive level take this issue - and tackle it - were divided. Several speakers mentioned a remarkably increased awareness of the problem by business leaders, as noted, for example, by Christopher Lohmann, the Central and Eastern European member of the board at the Allianz Insurance Group.
Thomas Köhler of the consultancy Ernst & Young saw it differently. He referred to a survey taken last year of more than 1,300 companies, which revealed that 88 percent of those asked felt that IT security within their firm was not sufficient. That same survey said 36 percent considered it unlikely that a highly advanced attack on their company would even be recognized.
The Bavarian Minister of Economic Affairs and Media, Energy and Technology, Ilse Aigner, spoke about the costs of these cyberattacks during her opening speech. In Germany alone, annual damages are estimated at 50 billion euros. Globally, the damages are estimated at some 445 billion euros annually.
The digital crown jewels
As the conference continued, several ideas on how to improve cybersecurity arose. Companies first had to prioritize the security of what they would consider their "crown jewels." A broader public awareness was possible with programs on data safety and data austerity, perhaps in a way similar to those programs aimed at increasing awareness of traffic safety. Above all, however, peering into the future was required in order to identify potential problem areas and develop responses to them early on.
With an eye to the rapid developments occurring as part of Industry 4.0, the Internet of things and e-government, calls for independent certification have grown louder. As the attendees all agreed, the more we are interconnected digitally, the more we need that good old-fashioned analogue quality: trust!