Germany warns of nation-state cyber espionage threat

Report from Germany's domestic intelligence and security service says Russia, China and Iran are targeting German companies and interests

Germany target of nation-state cyber espionage
fdecomite (Creative Commons BY or BY-SA)

German industry is under attack, and they may not be aware.

According to Bitkom (Germany's digital industry association) a full 53 percent of German companies have been victims of economic espionage. While the German domestic intelligence and security service, Bundesamt für Verfassungsschutz (BfV), warns of the ever increasing instances of nation-state cyber espionage.

BitKom's report, Business Protection in the Digital World (pdf-German), shows over 55 billion euros are lost each year due to espionage, sabotage or data theft within German industry. The survey queried 1,069 managers and security officers across a breadth of industries. 

BitKom's president, Achim Berg, noted, "Companies need to do much more for their digital security. The study shows that the risk for companies in all industries and of all sizes is real."

He was joined in this admonishment by Dr. Hans-Georg Maaßen, president of the BfV, who said, "The study highlights that we must direct our special attention to the defense of espionage attacks on the German economy in times of digitization and Industry 4.0. In terms of a holistic and sustainable economic protection including not only IT-related measures but risk-minimizing plans in the areas of organization, personnel and awareness. It is also important the intensive cooperation between business and government and the authorities themselves—as in the 'Initiative economic protection.'"

Cyber espionage by Russia, China and Iran

The BfV's annual Report on the Protection of the Constitution provides foundational support of Dr. Maaßen. The report highlights the activities of Russia, China and Iran as being the primary players in the world of cyber espionage targeting German interests. Russia is primarily focused on pushing its political and geopolitical narrative. China, however, is focused on industry, research, technology and the armed forces. The Chinese use social networks (Facebook/LinkedIn) to recruit on a large scale. Their MO is textbook:

Ostensible researchers, recruiters and headhunters contact
persons with promising profiles and try to lure them with attractive
opportunities. Finally, they invite these persons to China where they are
approached by the intelligence services.

The Chinese are targeting trusted insiders for the desired information.

The Iranian effort has been focused on critical infrastructure, with cyber attacks not only being used for information collection but also for sabotage purposes. That said, the Iranians continue to spot and recruit human sources with access to desired technologies.

How German companies have been hurt by cyber attacks

Economic and industrial crime within Germany seems omnipresent. Examples contained in the BitKom report evidencing the depth to which German companies have been victimized include:

  • Theft of sensitive digital data — 17 percent (every sixth company) had sensitive digital data stolen over the past two years.
  • Emails — 41 percent of companies noted their email systems had been compromised
  • Financial information — 36 percent found financial information had been purloined by attackers. 
  • Intellectual property — 11 percent had their research and development, patents targeted
  • Personnel — 10 percent of companies saw the loss of employee-centric information. 
  • Analog events — 20 percent of companies reported instances of phone call and meetings being listened to by unauthorized personnel, while others reported the theft of documents, papers, samples and components. Four percent of companies reported their production systems had been compromised and crippled or sabotaged in an analog manner (i.e., not a digital attack). 
  • Digital events — 18 percent of companies reported they were subjected to social engineering, with every eighth company (12 percent) having seen their systems digitally sabotaged. 
  • The most common theft remains the theft of devices, with a full on 30 percent of companies seeing laptops, tablets and smartphones stolen in the past two years, 
  • A full 62 percent of Bitkom's respondents noted how the trusted insider (be they current or former employees) being responsible for espionage, sabotage and data theft. With more than one-third of companies (37 percent) noting their perpetrators being home grown from Germany.  
  • Industry reports the instance of foreign intelligence services to have been a low 3 percent, with 7 percent categorized as "attacker unknown. Of those attacks that could be attributed to foreign entities, the distribution was not surprising: 
    • Eastern Europe — 23 percent
    • China — 20 percent
    • Russia — 18 percent
    • U.S. — 15 percent
    • Europe — 12 percent
    • Japan —  9 percent

Sadly, both BitCom and the BfV report that less than one-third of companies turned to the government for assistance in sorting out the attack they experienced. Dr. Maaßen said, "Only when companies report attacks to security agencies can realistic picture of the situation and defensive strategies be developed. "

The number one reason for not reporting a cyber attack? "Fear of reputational damage." And those who do report often times omit information because they fear negative consequences (35 percent) or the cost is too high (29 percent). 

Public-private partnerships have never been as important to the protection of industry and nation as they are today. Industry is often many generations more advanced in technology than their government partners and thus brings unique knowledge to the table. The government, however, can contribute resources that the private sector cannot legally bring to the table. It is in the interest of every country to have industry and nation operating in a collaborative manner, not just in Germany, as the alternative is to lose intellectual property, research and development and economic stability. 

New! Download the State of Cybercrime 2017 report