How Can Countries Protect Critical Infrastructure from Cyberattacks?
So far, the incident is considered the largest publicly known cyberattack on Ukraine’s critical infrastructure since February. But Potii stressed that authorities have since fended off several other attacks.
He warned that Ukrainian authorities — although they currently register a relatively low volume of hacking incidents — suspect Russia is preparing new cyberattacks on critical infrastructure. And he cautioned that pro-Russian attackers were also zeroing in on other countries in the West.
“We share the same enemy,” he said. “And this enemy is prepared for the next attack.”
How to Fight Back Against Cyberattacks
So, how do you make a country’s critical infrastructure more resilient against cyberattacks? Experts say a multi-pronged approach is necessary.
On the one hand, governments need to better protect their own systems from falling under the control of hackers, as seen in Albania, Montenegro or Costa Rica.
That is why Germany’s government is, for instance, currently overhauling the IT safeguards of its communication channels. The country is also setting up a data center outside its own territory to store critical information, which could serve as a massive backup if intruders managed to take over the systems.
But those public efforts can only do so much — not least because around the world, most critical infrastructure is owned and operated by private companies, as illustrated by the attack on satellite company Viasat.
Germany, like all members of the European Union, is therefore working on new rules to force providers of critical infrastructure such as energy companies or telecom firms to protect their systems with a certain standard of measures.
Similarly, the US passed a law this spring that will soon require providers to notify authorities quickly after discovering a hack.
Beyond those legal requirements, close cooperation between private technology companies and public officials will be essential, said Kemba Walden, the principal deputy national cyber director at the US White House.
“It is really the private sector who owns that space,” she said.
Working Together on Cybersecurity
There is also a growing consensus among cybersecurity experts that like-minded countries should boost international cooperation in cyberspace.
“We can’t do it alone,” said Christian-Marc Lifländer, the head of the cyber and hybrid policy section at NATO. “We all have different pieces of the puzzle, and that’s why information and intelligence sharing is key.”
So far, law enforcement authorities have often been hesitant when it comes to exchanging information about cyber threats.
“There is room for improvement,” acknowledged Sinan Selen, the vice president of Germany’s domestic intelligence service.
But the recent spike in cyber incidents as well as a deteriorating global security environment has led to authorities sharing more intelligence, said Manuel Atug, a spokesperson for the AG KRITIS (Critical Infrastructure Working Group), an independent initiative of German critical infrastructure experts.
But while he called that “a good development,” Atug also cautioned that “to make our critical infrastructure truly resilient against cyber attacks, we need a more holistic approach.”
For decades, he added, Germany had missed its chance to raise more public awareness for cybersecurity, as well as to train a new generation of experts. “We should, for example, finally start teaching cybersecurity and coding skills in schools.”
Speaking in Potsdam, German Foreign Minister Annalena Baerbock signaled that her government was aware of those shortcomings.
When she went to visit Kyiv earlier in September, she paid a visit to the country’s cyber security authority, where she was led into a room full of students between the age of 16 and 22-years old, she said.
“You are our true experts,” she remembered telling them, adding that this should serve her country as inspiration to have “more courage to think outside of the box.”
Janosch Delcker is Chief Technology Correspondent at DW. This article was edited by Rob Mudge, and is published courtesy of Deutsche Welle (DW).