Host and moderator: Kai Grunwitz – NTT Security
Hans-Wilhelm Dünn – Präsident des Cyber-Sicherheitsrat Deutschland e.V
Christian Koch (NTT Security)
Johannes Drooghaag – Founder and CEO of Spearhead Management http://johannesdrooghaag.com
Hans-Wilhelm Dünn: I think on the filter of critical infrastructures, the decision makers, they don’t understand that we have a large connected neighborhood and we have asymmetric setting. And the attackers, they don’t want to attack the nuclear power plant, they go to the engineers offices, yes, and then they attack the French nuclear power plant, about their way all the different perhaps suppliers, yes. And it’s all connected and it’s a complex system, yes. And for that you need a holistic approach, yes. You need a security approach, and it’s not only IT security, yes. It’s very complex
Christian Koch: It’s completely right, when you want to attack a company the easiest way is to attack the coffee machine because it is connected.
Johannes Drooghaag: Why go through the highly protected front door when the side window is open, that’s the part. And we see two very interesting developments at the moment. We see a lot of new technology by which we can question if they have security by design, and you make very good point by saying that the consumer is not really interested in that. They just see the specifications and they see the function and they see the fun. And the second thing that we see is that we have a legacy of infrastructure, of critical infrastructure, 82%, I checked it yesterday, 82% of the current critical infrastructure is not built in this century! They don’t have anything when it comes to security and security by design but they are connected, because somewhere in that box is a PLC and we want to read data from the PLC so we have in 1999 hooked it up to a network, and then the network to a firewall, and then and then and then and then, and that’s scary!
Hans-Wilhelm Dünn: Yes and it’s dangerous. I I think we should stop the discussion about critical infrastructure sector because everything is connected! Everything yes, and that is dangerous because people say “I’m in critical infrastructure?” Nobody in the government knows what is the definition of critical infrastructure. What should I do? Oh you have IT security. That is a big problem, yes. Dangerous, very dangerous.
Powered by NTT Security
See the full session here: