This week on my way to Istanbul I stopped in Bonn to attend the first German Cyber Security Summit where eighty C-level executives from large German corporations discussed cyber threats and how to address them. I was invited to brief participants from critical infrastructure on cyber attack scenarios. The discussion that followed culminated in the expressed desire to have a telephone hotline to a government entity that could be called in case of disaster – a “Cyber GSG-9”. The GSG-9 is a German counter-terrorism unit that was established after the model of the Israeli Sayeret Matkal. The unit became famous in 1977 after their successful rescue of hostages from a hijacked Lufthansa airliner in Somalia.
Two aspects of this idea struck me. First, the thought that a major cyber attack which would leave large utilities with their plentiful resources helpless could be thwarted by a small team of experts who would save the day with some clever counter-hacking, maybe even by remote access. Second, that a team of cyber superheros, if it would exist, could be found within a German government agency.
The reality is that the more aggressive cyber attack scenarios on critical infrastructure leave little opportunity for remediation in cyberspace; it is more likely that low-tech, analog civil defense will be required, with a potential escalation to military force. Earlier this year, NATO advisors got that straight when they discussed a cyber attack scenario on a power grid in a panel lead by Colonel Tim Evans at the International Conference on Cyber Conflict in Tallinn, Estonia. It was realistically assumed that a cyber attack on the grid would compromise national security of the victim country up to the point where an invocation of Article 5 could be called for, eventually resulting in a kinetic response by joint NATO forces against the assumed originator of the attack. (What was not discussed in Tallinn was that such escalation could be the ultimate goal of the attacker, which could turn out to be a terrorist organization. Movie buffs will remember “The sum of all fears” with Ben Affleck and Morgan Freeman.)
The one thing that did not occur to both the European executives and NATO is the idea that prevention by protection would even be possible. An overall reactive mindset prevails. The funny thing is, government could install the telephone hotline that the execs ask for right away. All that needs to be done is to loop the recorded message: Don’t panic.
Ralph Langner