Post a Comment Print Share on Facebook

How safe are power plants, sewage treatment plants and pipelines from cyber attacks?

The University Hospital Düsseldorf is one of the best hospitals in North Rhine-Westphalia.

- 16 reads.

How safe are power plants, sewage treatment plants and pipelines from cyber attacks?

The University Hospital Düsseldorf is one of the best hospitals in North Rhine-Westphalia. It offers the so-called maximum supply. No matter what problem a patient has, he is considered to be in good hands here. Especially when things have to be done quickly: the university clinic is important for emergency care in the Rhineland. But in September 2020, the clinic had to stop providing emergency care for almost two weeks. At that time, a patient died because the ambulance had to take her to a clinic in Wuppertal instead of to the large hospital in Düsseldorf. In the end, she was missing 30 minutes that decided between life and death.

The patient's death was not due to technical error or sloppiness. The university clinic had become the target of a hacker attack. Patient administration, which was hit particularly hard by the attack, was down for weeks: hackers had attacked the hospital's computers.

In the past few months there have been several spectacular attacks on what is known as critical infrastructure: in Munich, the power went out after an arson attack on power lines, in Herne and Berlin communication cables from the railways were severed. The most spectacular underwater attack destroyed the Nord Stream 1 and 2 gas pipelines in the Baltic Sea.

Above all, hackers from countries like Russia or China target the operators of the critical infrastructure, but also technology companies and their employees. However, not all experts who were interviewed by WELT dare to say this openly for fear of lawsuits. In the state government, cyber attacks are even considered the greatest risk when it comes to possible power outages in the coming winter, according to informed circles in Düsseldorf.

After the incidents at the university clinic in the state capital, rumors made the rounds: one was that the clinic had been blackmailed, and that “the Russians” had attacked another. When asked by WELT who the perpetrators were and what they ultimately wanted, the hospital replied succinctly: "The investigations are being carried out by the Cologne public prosecutor and are not yet complete."

People at the Emschergenossenschaft in Essen are more open than anywhere else. "We are attacked thousands of times every day," admits Heiko Althoff, head of IT at the cooperative, which deals with issues of water supply and management in the Ruhr area. And that is the same in almost every larger company. The attackers were mixed. “There are young hackers there who just want to see if they can get through to us.” Alhoff also names professionals from Russia and China who wanted to get sensitive data as the perpetrators of the attacks. "And then of course there are the criminals, who are becoming more and more sophisticated." For example, there were fake invoices to the cooperative where even the order number was correct, only the account number had been changed. If this had not been discovered, a lot of money would have flowed to the scammers.

"As a critical infrastructure company," says the CEO of the Emschergenossenschaft, Uli Paetzel, "we have to be regularly certified by the Federal Office for Information Security." This was last the case in October. "So we're up to speed," emphasizes Patzel. With its sewage network, the cooperative ensures that the sewage from the cities in the Ruhr area does not flow untreated into the Rhine.

But that's not their only job: more than 842 square kilometers of the area, an area twice the size of Cologne, are below the groundwater level. The Essen-based company is also responsible for ensuring that pumps run around the clock. They ensure that entire cities do not sink under water, so a failure would have dramatic consequences.

The company goes to great lengths to ensure that the IT programs used to control the pumping stations, sewers and sewage treatment plants are as secure as possible. In this way, employees are made aware of the dangers and trained accordingly. The PCs on the cooperative's desks are part of a secure network that is constantly monitored. All systems are also connected to a virtual master control system that is heavily secured. And if necessary, all pumps can also be operated with muscle power.

On request, nobody is willing to say exactly how network line operators such as Amprion and E.on, the energy supplier RWE and the operators of large gas lines such as Thyssengas and Open Grid Europe (OGE) are arming themselves against attacks. The only thing that is clear is that everyone recognizes the danger. "The topic of IT security is right at the top of the agenda," says an RWE spokesman. OGE and Thyssengas similarly assert that cybersecurity is “a central aspect of our business”, namely the safe and reliable transport of gas. E.on, in turn, reports that a cyber security team is closely monitoring the situation, and prevention and detection measures are constantly being updated.

In Bochum, the Horst Görtz Institute for IT Security is one of the top addresses in Europe when it comes to cyber security. "Most large companies go to great lengths to protect themselves," says spokesman Tim Güneysu, a computer scientist. Our own departments for securing the computers and networks with qualified employees and complex software solutions ensure a high level of protection.

The institute was founded in 2002 at the Ruhr University and now has 200 scientific employees and 1000 students, making it the largest training center for IT security in Europe. It was initiated, among other things, by the foundation of the entrepreneur Horst Görtz, after which it was named.

According to Güneysu, the situation is often different for smaller companies than for corporations. "They often do not have the resources that are necessary to secure their own IT." In addition, they often underestimate their attractiveness: "Many believe that they are not in the sights of hackers, but unfortunately that is a mistake." A single one Vulnerability would be enough for hackers to break into the system and perhaps steal valuable data about product design.

Cyber ​​security events are held regularly at the Horst Görtz Institute. IT experts will meet representatives from politics and business there. It is not just about specific security examples for companies, but also about researching IT security as a location factor. Numerous companies in the industry have set up or settled in Bochum in recent years. So there is no lack of knowledge and know-how in NRW. It just needs to be introduced and implemented in a more targeted manner.

In NRW every third company is affected

Every third company in NRW has already been the victim of a cyber attack. Almost three quarters of the companies affected attempted to steal data using phishing emails. In a quarter, external parties wanted to exploit the trust of employees in order to obtain sensitive data. This is the result of the 9th business customer study commissioned by Commerzbank AG. For this, 2500 companies nationwide with an annual turnover of up to 15 million euros were surveyed by the opinion research institute Ipsos.

Keywords:
ChinaEuropaKraftwerkeRusslandOGENRWKrimiKölnNordrheinWestfalenEssenOstseeGelsenkirchenWuppertalBochumRheinlandPipelinesCyberkriminalitätCybercrimeCyberTerrorismusHackerangriffCommerzbank AGUniversitätsklinikenUniklinik DüsseldorfThyssengas
Avatar
Your Name
Post a Comment
Characters Left:
Your comment has been forwarded to the administrator for approval.×
Warning! Will constitute a criminal offense, illegal, threatening, offensive, insulting and swearing, derogatory, defamatory, vulgar, pornographic, indecent, personality rights, damaging or similar nature in the nature of all kinds of financial content, legal, criminal and administrative responsibility for the content of the sender member / members are belong.