Was the sabotage on the Deutsche Bahn network just the beginning of a series? An expert sees above all a danger on the part of the secret services.
Germany is discussing the security of its critical infrastructure. How vulnerable are energy suppliers, transportation networks, communication networks or healthcare? “The general political climate will decide how likely more attacks on Germany are,” says Mischa Hansel of the University of Hamburg’s Institute for Peace Research and Security Policy. When and where the attacks are imminent it is difficult to predict.
To carry out sabotage actions, a lot of effort is usually required, explains the cybersecurity expert. “To trigger major outages, it usually takes people with different skills, detailed systems knowledge, and even a lot of time to find security gaps and run tests,” he says. These conditions are generally met only by state actors or groups very close to the states.
“Unfortunately, we have to assume that capable intelligence services have some access to critical IT infrastructure. Russia is definitely one of them,” explains Hansel. The question is therefore no longer whether access is possible, but whether it is also desired. “Which goals make sense from the attacker’s point of view” is the question.
“At the beginning of the war in Ukraine, Russia certainly had no interest in dragging NATO countries into the conflict,” but the expert believes that the situation has changed. “Uncertainty and unrest in the West could now become Putin’s survival strategy because the war of aggression is increasingly stalling and the number of critics in his own country is on the rise.”
The sabotage, which paralyzed all traffic in northern Germany last weekend, was a “physical attack” that “could be remedied relatively quickly”. But the attention was maximum. “Politically motivated attacks on critical infrastructure also have a psychological effect,” says Hansel.
If the Elbe Tunnel was no longer viable due to a cyber attack or if the logistics of the Port of Hamburg were blocked, this would initially have immediate consequences such as traffic jams and delayed supply chains. “But if something like this happens more frequently and is clearly recognizable as sabotage, these pinpricks naturally have a much greater and general effect,” says the researcher. “The question is what is a success for the attacker: a kilometer-long traffic jam and blocked containers or the message that we are vulnerable.”
However, the most severe attacks would be more severe in hospitals such as University Hospital Hamburg-Eppendorf (UKE): the loss of the largest care provider with nearly 15,000 employees and half a million patients per year could be life threatening. . “The healthcare sector offers a fundamental and often urgent service,” says Hansel, who recalls a hacker attack at the Düsseldorf University Hospital which resulted in the death of one person.
In view of global political tensions and the huge potential target of attack, politicians are called. “Defending oneself from danger is still a matter for the federal states, but it must be understood more as a national and European task”, asks Hansel. “There is a lot of talk about cybersecurity, but in the end what matters are the actual resources we can use in an emergency – and we don’t have enough of those,” he criticizes. Recently, politicians and security experts had made similar demands.
If parallel attacks on IT systems occur in multiple places, there are not enough experts available at the Federal Criminal Police Office (BKA), the Federal Office for Information Security (BSI) or the Bundeswehr. Hansel also believes that critical infrastructure operators need to be audited more rigorously, with actual testing and not just checklists.
The Hamburg researcher says that now even politics is required to communicate: “The population now wants answers to urgent questions,” says Hansel. “We are not helpless or helpless at all, but something really needs to be done. Because the vulnerability is real.”