German Government Commissioner for Information Technology Klaus Vitt | German Federal Ministry of the Interior
Klaus Vitt discusses his role protecting Germany from cyber attacks.
3/20/17, 7:54 PM CET
Updated 3/20/17, 8:10 PM CET
BERLIN Meet the man in charge of protecting Europe s largest country against the ever-changing threat of hacking: the German government s IT commissioner, Klaus Vitt. During an interview with POLITICO at the German Interior Ministry, Vitt described the country s current cyber threat level as increasingly critical, announced plans to cooperate with private companies and explained why his analysts believe most professional hacking attacks on Germany come from Russia or China.
In September, Germany elects a new parliament . Could the vote be manipulated by cyber attacks?
We have analyzed all processes during election day . Wherever we found weak spots, we have introduced measures and taken precautions. In Germany, there are no electronic voting machines or automation .
The vote, therefore, is not that big of a target . However, there s never a security of 100 percent.
You re talking about potential attacks on the IT network on election night . Another issue is cyber attacks that could happen in the run-up to the election . People are concerned that stolen material from hacks could be used to compromise candidates . Do they have a reason to be afraid?
The danger is real . This is why our Federal Office for Information Security (BSI) advises parliamentarians and their groups in the parliament how to protect themselves . It starts with using virus protection software on your private computer but certainly doesn t end there.
Have cyber attacks increased during the last couple of years?
Yes, the threat situation is becoming increasingly critical . We still observe many security breaches in software and hardware, as analyzed in the BSI s annual report on the state of IT security . This in itself is critical . At the same time, however, our society, economy and state are increasingly becoming more digitalized, which also makes them more vulnerable . On top of that, attackers are becoming more professional, and they are using more intelligent malware.
In 2015, a broad-scale cyber attack on the Bundestag, the lower house of the German parliament, made headlines . What consequences did the government draw from the incident?
The Bundestag is in charge of its own IT security . However, there have been numerous consultations on how the parliament should make its network more secure, and the government took part in them . These recommendations were put into action very consistently . The network and its security components were completely rebuilt from scratch.
Could foreign intelligence services be involved in attacks like the one in 2015?
We are dealing with very professional attackers, that s why only in rare cases can you identify them indisputably . We analyze serious attacks very thoroughly to find out from where they originate . In order to do that, we take patterns from comparable attacks in the past as a reference . Based on such analogies, one can say with a certain probability where those attacks originate from and those analogies suggest that a majority of attacks comes from Russia or China, at least geographically.
How can Germany protect itself?
Attackers want to produce the largest effect possible . That s why they target their attacks primarily against critical infrastructure.
With Germany s IT security law introduced in 2015, we have created legislation that focuses on such infrastructures . On the one hand, it introduces minimum standards for IT security: how operators need to protect themselves against cyber attacks . There are regular checks to make sure they still follow those standards . On the other hand, they are obliged to inform authorities about any critical IT security incidents . If operators are affected, they need to alert the BSI about it, which in turn can analyze it, assess the threat and inform other operators as fast as possible so that they can protect themselves in time. I would like to apply a similar model to other companies which are not operating critical infrastructure and the public administration.
In November 2016, Germany introduced a cyber security strategy: a plan for the country on how to protect itself and how to best react to cyber attacks. What about attacks that have already happened and data that may have been taken?
A cyber attack can have different goals . One aim can be to extract information . If you have no possibility to prevent this, you need to cut off access to the internet . This was one of the measures taken during the cyber attack on the Bundestag . From this moment on, no more information can be extracted. However, in the aftermath, it s difficult to detect where malware could possibly have had access to and which data has been extracted.
What measures are you taking?
To guarantee an appropriate IT security level, we will consolidate the data centers and the networks of the national government and its institutions. Today, we have around 1,000 rooms with servers: large ones, medium-sized ones, small ones . We will centralize them at three or four highly-protected, locations . The same thing will be done with the networks . This is how we will protect the administration with a high standard of IT security.
Another measure is expanding our Cyber Defense Center opened in 2011 . The goal is to always have a clear description of what s happening in cyber space . To do that, we will analyze and assess cyber incidents, with all national security agencies exchanging technical information about the incidents with each other . Needless to say, cyber space is not limited to just Germany. And there s another plan we are pursuing: In Germany, we have large international companies with their own cyber security units, who observe cyber attacks, similarly to what our Cyber Defense Center does .
Four DAX companies have joined forces in the so-called German Cybersecurity Organization (DCSO) cooperation . Our idea is to work with them through exchanging technical information . However, we need a contractual basis for that . This is about highly sensitive data.
When in 2015, a Bundestag subcommittee met to discuss the hacking attack, a BSI official told the MPs that only around 15 employees inside his office had the expertise to analyze and deal with such an attack . This doesn t sound like a lot of people?
The BSI is only one unit in our Cyber Defense Center . We have more experts in the Federal Criminal Police, in the Armed Forces, and in both our domestic and the foreign intelligence agencies.
Talking about personnel: Part of the cyber security strategy is hiring more cyber security experts . How easy or difficult is it to find candidates with the necessary expertise?
There is a great demand for IT security experts . The BSI has hired several people recently . It wasn t easy to fill those positions placing an ad in some newspaper wouldn t be enough .
All those positions could be filled; in the meantime, however, we have new open positions.
How attractive a job is, however, is not only defined by its salary but also by how exciting or dynamic its environment is and by its compatibility with having a family.
The interview has been edited and condensed for clarity.
Related stories on these topics:
Security distributor Ignition Technology is “avoiding appliances like the plague” as it focuses on pure software security solutions, according to chief strategy officer Sean Remnant. Speaking at Ignition’s partner update event at The Shard in London, which saw the distributor showcase its vendors, Remnant explained that Ignition and its emerging vendors are leading the way in moving security away from appliances and into fully software-based solutions. Founded in 2015, Ignition currently carries 3GRC, Cato Networks, Cloudistics, Cylance1, Digital Guardian, Illusive networks2, Menlo Security, RiskIQ and WhiteHat Security in the UK.
“Appliances and boxes are on a slippery slope,” Remnant said. “We believe that everyone, including the consumers, is interested in software-based delivery models, consumption-based models, and they absolutely want annuity and subscription services.
“Going down that route means that we are doing away with the old-school, hardware-based approach and that’s really hard for the channel to swallow, including the vendors.”
Remnant explained that these software-led vendors are looking to displace legacy technology that has been failing customers for the past three decades. He said the security sector has got itself stuck in a rut of adding layer upon layer of products to the security stack, which has left users with complicated security infrastructures producing a mass of security data that is impossible to interpret. Because of this, there needs to be a shift towards more intelligent solutions that can assess the data themselves and act accordingly in an automated fashion, he explained.
“There is a lot of legacy technology – signatures, behavioural analysis, sandboxing – it’s all very old tech and a lot of it has been around for 30 years,” he said.
“The CISO in a lot of enterprises is getting a really hard time . All of us in this room have sold the CISO a number of appliances and a number of solutions and they’re still getting problems.
“We don’t think more layers are necessarily better – that’s just a route that we have gone down as an industry because stuff hasn’t worked – but it was the best that we had at the time . I don’t feel guilty, because it was just the best that we had at the time.
“If you’ve got response solutions you’ll probably need resources to look through the data for those needles in the haystack, which might be good for consultancy but it’s not particularly good for the customer, so what we want to do is drive down the operation cost of owning security infrastructure.”
David Lannin, director of technology at security reseller Sapphire, attended the event and told CRN that in his experience, clients are looking for ways to protect their IT without having to employee a large team of security specialists.
“Organisations’ budgets are stretched and so they simply don’t have the resources for employing large teams of individuals who look after complex security systems which turn out an awful lot of security information,” he said.
“Any vendor that tries to put a degree of intelligence behind what it’s accessing, rather than just offering all the information, is going to really help because of resourcing – people just don’t have time to read through log information anymore . Very few customers I meet with these days talk about having analysts looking through the same degree of security logs as they might have done 10, 15 years ago.”
Lannin said that of the vendors Ignition has brought to the UK so far, internet and email vendor Menlo Security is the one that has caught his eye the most.
Menlo’s isolation platform3 opens websites in a secure cloud-based container, displaying only a replica of the website on the end-point device, which keeps potentially harmful material away from the machine itself. Speaking at the event, Menlo’s EMEA CTO Jason Steer said that the vendor addresses a problem that has existed since the internet’s inception.
“Your web browser is still using 1995 architecture and that architecture is the reason why ransomware continues to be a problem,” he said.
“Every click a user makes on a web browser, on average the browser makes 31 background requests to advertising, tracking and social media.
“Your web browser allows it . In any other protocol that you come across on the internet, would you accept unsigned, unauthenticated, active code and execute it on the end-point without anything other than an anti-virus scan ? No, it is fundamentally wrong .
It’s completely out of kilter with the threats that we face today.”
Lannin explained that Sapphire started speaking to Menlo last year, with a view to adding the vendor to its portfolio in 2017.
“We’re about to start working with Menlo for the end-point side of things,” he said. “That’s going to be a new addition to our portfolio in 2017 and we really like what they’re doing.
“The idea of putting that virtual air gap between what’s out there on the internet and what the user actually sees is a really interesting way of offering security.
“It’s a new technology and we’re excited to read about what’s in their road map and keen to see that come to fruition over the next few months . They’ve had a fairly active time since I engaged with them at InfoSec last year, and the technology has evolved an awful lot since then in a very positive manner, hence the intention to get them included in our portfolio.”
Perhaps the most disruptive vendor in Ignition’s portfolio is network and security vendor Cato Networks, founded by Shlomo Kramer, the man behind Check Point.
Cato offers a cloud-based enterprise network4 which it says eradicates the need for a number of network and security solutions that have typically been sold as individual appliances and layered up, including network firewall hardware. Introducing Cato, Remnant warned partners that the technology will “potentially disrupt a lot of channel business”, which Lannin said could alienate partners.
“There was a room full of resellers that have been selling security technology to their customers for in some cases 20 years and now Cato Networks are coming in and talking about ripping out that technology; ripping out that investment in security infrastructure, in favour of moving to the Cato cloud where security is embedded.
“I don’t follow that – it’s great if you’re a greenfield site and you don’t have that security already, but for a reseller community where they’re talking about actively stripping out those elements that you’ve worked so hard to get into your customers, I don’t think that’s a great pitch.”
Cardtronics is the largest independent provider of ATMs (Cash Services) to businesses throughout the World. In the UK we have gone from strength to strength and are now considered the first choice for many of the UKs major organisations when they are considering ATM installation.
In 2014 we grew from 500 to 1300 staff and currently employ around 1000 employees. Our UK network of 16,000 machines we were responsible for over 459 million ATM transactions, that s about 14 per second!!
You may not recognise our name but chances are you will have used our ATMs!!
To ensure we continue to provide a first class service to our Customers and Clients, we are recruiting for 2 ATM Officers to join our depot based in Harlow. Reporting directly to the Shift Manager you will be responsible for operating to the highest security standards performing all elements of the Cash in Transit Service. What Is The Role?
As an ATM Officer you will c ontribute to the delivery of agreed vault service levels in line with Company standards and processes, through the safe and secure movement of cash and valuables between locations to enable service delivery, vault colleagues and that any business risk is mitigated. What Will I Be Doing?
- Complete all training as required to ensure you are fully capable in order that individual performance levels are maximised.
- Utilise vehicle security features, personal protective equipment and adhere to company security processes in order to mitigate risk, control and protect company cash, assets and equipment (incl. phone & keys) and people.
- Execute company processes and complete all associated documentation in order to ensure the secure receipt, transportation and deployment of company cash into the ATM in line with operational targets.
- Proactively identify and recommend appropriate changes in order to make business improvements.
- Drive and park company vehicles responsibility and in line with the highway code, company policy and procedures in order to ensure compliance to all H&S, legal (e.g. road safety and driving legislation), regulatory (SIA) ensuring full reporting of defects, maintain cleanliness and completion of relevant documentation as required.
- Ensure the full and effective use of, and input to GTAS system in order to provide data to internal stakeholders so that effective business analysis and decisions can be made.
- Maintain effective working relationships with internal and external service providers in order to ensure an efficient service is delivered to the depot so that the depot can operate effectively.
What Will I Need to Succeed?
We are looking for candidates who can demonstrate that they are trustworthy, responsible and have a methodical approach to work. Candidates who have previous experience with the Police, Military or security background would be an advantage, however full training will be provided if you have no previous experience and are new to the Security industry. In addition, we are also looking for: –
- A current and full UK driving licence (ideally no more than a maximum of 6 penalty points)
- A valid SIA CIT licence is desirable, however this can be obtained through Cardtronics
- Flexible approach to working patterns
- Strong interpersonal skills
- Previous experience within a driving role
- Ability to work as part of a team or lone working
- Security awareness
- Ability to follow instructions and work to deadlines
- Must be able to provide a 10 year employment/education/unemployment history
What Do I Get In Return?
- 26,208 per annum, increasing to 27,456 per annum after successful probationary period plus access to great benefits like Pension, Westfield Healthcare and an Employee Assistance Programme
- 48 hrs working week
- 22 days holiday, not including Bank Holidays, this rises to 25 after 5 years service.
Why Should I Apply?
Cardtronics is a $1 billion turnover global organisation and we are the best in our field, since our founding in 1999 we have grown in the world s largest provider of independent ATM machines throughout North America and UK/Europe. You will be joining at an incredibly exciting time for our business; we are consolidating our positon with new sales and acquisitions across the UK and into Europe.
You will be part of a fantastic team, supported and trained extensively on our systems which will increase your knowledge of an exciting market place.
CIT ATM Officer – Harlow