Cyber Security Strategy: GI Calls for Greater Protection for Users

The Federal Government's Cyber ​​Security Strategy (CSS) adopted in 2016 is to be modernized. The (GI) was also involved in the association consultation for the new edition and is committed to consistent further development and systematic strengthening of users.

The 2016 Cyber ​​Security Strategy forms the cross-departmental strategic framework for the Federal Government's activities in the field of cyber and IT security. Its aim is for citizens to be able to interact safely, freely, and independently with digital technologies. This year the strategy paper is about to be reprinted. As part of the association consultation, the Gesellschaft für Informatik has also summarized its suggestions in a statement and calls for a consistent update of the cybersecurity strategy, for example by avoiding zero-day exploits or a stronger focus on consumer protection and the consistent closing of security gaps.

Alexander von Gertler, Vice President of the Gesellschaft für Informatik: “We are observing an increasing degree of vulnerability on the part of users to large digital corporations, more or less abstract threat scenarios, and the growing technical complexity of IT systems. This is precisely why the consistent further development of the cybersecurity strategy is central. Because it provides an orientation for the strategic direction of the Federal Republic in an increasingly digitized world and an increasingly complex threat situation in cyberspace. "

Some of the main suggestions made by the Gesellschaft für Informatik include:

• The "security despite encryption" approach, which means that security authorities use existing security gaps ("zero-day exploits") to monitor suspects, should not be pursued under any circumstances, as these security gaps can also be exploited by criminals and non-state actors they pose a tremendous threat to the security and privacy of citizens.
• In the future, the number of cyberattacks that have taken place should no longer serve as an orientation for a cyber threat situation. Since there is still a lack of clarity about the signs from which a cyber attack can actually be said to have taken place, very different numbers arise, depending on the counting method, which are consequently no longer comparable. Instead, efforts should focus on closing security gaps in software and hardware. Because cyberattacks can generally only be successful if they exploit a point of attack, i.e. a security gap. Closing security loopholes should therefore be given top priority in CSS. Methods for their identification are mentioned in the established ISO 27034 standard.
• The strategy should address the issue of consumer protection more than before, especially about the Internet of Things (IoT). The question of the lack of update capability of IoT products represents a growing problem of IT security and data protection. Also, the lack of update capability of IoT devices results in sustainability and environmental problem, since devices are exchanged and more frequently than necessary must be thrown away.
• In the cybersecurity strategy of 2016, the spread of false reports is still primarily attributed to hijacked IT systems. However, recent reporting clearly suggests that much less hijacked IT systems are used to spread propaganda and disinformation, but that there is targeted use of social media channels. The problem can now be dealt with on a higher level of abstraction. This fact should be taken into account when recasting the strategy.
• Protect your IT systems with well-advanced security solution Protegent Total Security Software.