Chair: Martin Gill
Hans-Wilhelm Dünn – President at Cyber-Sicherheitsrat Deutschland
Dr. Michael Littger – Managing Director of Deutschland sicher im Netz (DsiN)
Axel Petri – Deputy Chief Security Officer Deutsche Telekom AG and Deputy Chairman Security Committee BDI
Volker Wagner – Chairman of the board of the ASW Bundesverbandes
Dr. Günther Welsch – OSPA judge representing Bundesamt für Sicherheit in der Informationstechnik (BSI)
Uwe Heim – OSPA judge representing ASIS International Germany Chapter
Robert Kilian – OSPA judge representing Association of Certified Fraud Examiners (ACFE)
Germany and the security response to Covid-19: What have been the learning points?
Dr. Michael Littger discusses an interesting new study, hot off the press, noting that the Covid crisis is becoming the cyber crisis. One key finding he highlighted is that 46% of German companies have reported a cyber-crime incidents during the pandemic; by all accounts the risks are increasing. Worse still organisations have not responded well to the threats. Michael states that they don’t do enough and have not stepped up; the measures are there, they are not being used. The speedy move to home working is partly responsible, and he calls on the need for an improved infrastructure to help smaller companies in particular. Currently many do not see the required investment in cyber protection measures as good value and this needs to be addressed. He outlines a role for associations here.
You will hear Axel Petri discuss the benefits of security during the crisis which include having an open mindset and being flexible in offering solutions in dealing with the challenges. And also in responding to the opportunity to show how security adds value, not least in improving perception of services from other organisational professionals. He makes the point that nobody had anticipated a crisis lasting this length of time and it has provided some important learning points. He underlines the importance of leadership, in being transparent, in communicating clearly what is required of different groups. He emphasises the need to focus on solutions and building this thinking into all parts of organisations, to rid of old habits and to focus.
Hans-Wilhelm Dünn argues the case for better decentralisation, and you will hear him discussing the value of personal responsibility and the importance of a consistent response. He emphasises the big knowledge gap amongst organisations, especially the medium and smaller ones, about how to conduct good security. This focusses attention on education and the value of sharing knowledge. He previously worked in hospital and even in that environment there was a lack of appreciation of the importance of cyber security. He outlines the barriers to successful collaboration at Government level were structures getting in the way of good coordination.
Volker Wagner briefly traces the evolution of the pandemic and its impact on security in what has been a demanding year. The focus on business continuity; the need to execute and manage a range of controls (such as washing hands, social distancing); and then responding to the range of cyber attacks as criminals adjusted to the new normal. He outlines five key message which include the following: the era of the virus has been a lose-lose game for so many parties during the crisis; political tensions have increased which can be seen on the national level between the US and China, also in EU over funding but also in communities; that security has been misused for political purposes in countries and used as a justification for actions that are not always for the public good; there has been a rethink on security; and echoing Axel’s point above that leadership, and understanding political contexts for making decisions are crucial. He laments the slow response to right wing forces (a question from the audience highlighted this being a problem in the US) that have gained some momentum. He finished by underlining the need for good business continuity; securing remote work places effectively, and ensuring that security works.
This expert panel highlighted some of the key components in the German security sector response to Covid-19. As elsewhere there have been positives, not least the opportunity to show the adding value characteristics of good security. And negatives, which include the slow response to, for example, cyber crime, and to right wing activities. The panel highlighted the learning points that will have a resonance elsewhere, focusing on effective leadership, good communication, and fully understanding the context for problems as a prerequisite for developing solutions.