Comment on the hacker attack on the network of the Federal Government (IVBB) of Alexander Zeyss, CFO of DRACOON:

On Wednesday, it was announced that hackers had managed to gain access to the highly secure federal data network. The attack had already struck the security authorities in mid-December and, according to the Chairman of the Parliamentary Control Panel, it probably lasted until Thursday of this week. According to the information available so far, the attackers were able to penetrate the network of the Federal Foreign Office – whether other ministries are also affected can not be confirmed or ruled out at present. If it really concerns an attack lasting for months, this means enormous damage for the Federal Government. As devastating as this attack is, it could only be the beginning of a devastating wave of attack should federal decision-makers not take immediate action on data security and privacy.

In order to protect the sensitive data and in this case to protect the country and democracy must act quickly and a binding end-to-end encryption of all federal authorities enforced. Because: where else than in the authorities of the Federal Government are very sensitive data whose compromise has far-reaching consequences, in this case for the good of the whole country and its citizens.

Four years ago, the Federal Government’s Digital Agenda was published, which defined one of the goals of Germany becoming the “number one encryption center in the world”. As early as 2014, leading IT security researchers at the Fraunhofer Institute also clearly advocated end-to-end cryptographic solutions as part of the NSA investigation committee in order to make it harder to intercept intelligence services. Unfortunately, there is much more catching up to do when it comes to encryption in Germany, as the recent hacker attack illustrates. At the state level, a State Office for Security in Information Technology (LSI) was opened for the first time in Bavaria at the beginning of the year. The goal is to react to the growing threat situation in order to make the state’s IT, such as the Bayern server and the Bavarian public agency network, more secure and to advise citizens and municipalities on the topic of IT security. Also, the digital information should be encrypted here.

In general, in all areas of digital communication and the subject of data exchange, be it internal or external to the authorities, a solution must be implemented that encrypts all data consistently and at any time end to end. Ideally, encryption takes place in three ways: on the client side, on the transmission path and finally on the server. This is the only way to ensure maximum data security when exchanging data, so that attacks are largely ineffective. Abuse of data is prevented by this end-to-end encryption and the authorized users of the solution have full data sovereignty, because no one else, not even the operator, has access to the data.

If the federal government continues to neglect the topic of encryption, further IT security incidents are inevitable – there is still a long way to go before Germany really has developed into the “number one encryption location in the world”. Both companies and the government must take the threat situation seriously and act here. Trade in this case means an unconditional, nationwide end-to-end encryption of communications for the protection of corporate and government data and thus for the protection of citizens.