NSA Aftermath: German Firms Scramble to Boost Data Protection, part 1

Published on Spiegel Online International, by Spiegel staff, August 6, 2013 (Photo Gallery).

German companies have long suspected China and Russia of trying to steal their secrets. But the NSA scandal has turned their attention west, forcing them to worry about prying American eyes and to rapidly bolster security measures … //

… Heightened Worries about Data Abuse:  

  • After the revelations of large-scale data mining by the United States, German managers have become even more nervous about data security. EADS CEO Tom Enders and other senior executives have ratcheted up their defensive measures even further. “Many documents that used to be sent by email are now hand-delivered to the recipient,” says an EADS official. He notes that the only documents that are now sent electronically are those that the company would have no objections to posting publicly or displaying “on the church door.”
  • Enders and his fellow managers are not alone. Many German business executives are worried about what the NSA does with all the data it presumably collects on German companies, says Ulrich Brehmer, a member of the executive board of the German Association for Security in Industry and Commerce (ASW).
  • Brehmer is far from a conspiracy theorist, and he isn’t trying to suggest that US intelligence services are deliberately poaching industrial know-how from Germany and channeling it to American companies. Instead, what worries him is that US intelligence agencies are working hand-in-hand with consultants from the private sector. “Who knows whether they might be selling information to interested parties here and there,” says Brehmer, who assesses the risk of such data abuse as “high.”
  • SAP founder Hasso Plattner also feels uneasy about the surveillance operations of American intelligence agencies. “It certainly is strange that much of the surveillance is centered on southern Germany,” he says, “precisely where all the large and small technology companies are located.”
  • This sense of anxiety has become widespread in Germany. “We are noticing that companies have become more sensitive in recent weeks,” says Michael George, the head of the Cyber Alliance Center at the Bavarian State Office for the Protection of the Constitution, the state branch of Germany’s domestic intelligence agency. “When it comes to industrial espionage, they had focused almost exclusively on the East. And now they’re wondering whether the threat might not also be coming from the West.”
  • Small and medium-sized businesses (SMEs), in particular, are contacting the experts at the state agency and asking some very basic questions: What about products made by US software companies, such as Microsoft, that are commonly used by German companies? Should managers still use Skype for meetings? In addition to hacker attacks from China, do SMEs now have to worry about industrial espionage originating in the United States?

The Americans Are Pros:

After the revelations of large-scale data mining by the United States, German managers have become even more nervous about

  • data security. EADS CEO Tom Enders and other senior executives have ratcheted up their defensive measures even further. “Many documents that used to be sent by email are now hand-delivered to the recipient,” says an EADS official. He notes that the only documents that are now sent electronically are those that the company would have no objections to posting publicly or displaying “on the church door” … //
  • … The problem in fending off espionage is that many potential access points must be monitored at the same time. SAP alone sees about 3,000 attacks a month. Throughout Germany, the number of attacks is allegedly in the hundreds of thousands — per day. “It isn’t even necessary to have a great deal of expertise to attack small and mid-sized companies,” says a senior BfV official.
  • Moreover, no one knows exactly where the attacks are coming from. Are they industrial spies? Intelligence agencies? Or just amateur hackers? It is clear, however, that there are entire armies of mercenaries roaming the web, ready to sell their services to the highest bidder. And they are good at what they do. “We have cases in which attackers played around in a company’s computers for more than 100 days before being discovered,” says Fischer, the BFK consultant. “When that happens, you can assume that nothing is secret anymore.”

(full text).

Part 2: Paying Hackers to Hack;
Part 3: Privacy Agreements Ignored.

Comments are closed.