12 July 2019
If you want to know what the story is with IT security in whatever country you happen to be in, the best person to ask is Sandro Gaycken. This technical philosopher and security researcher is regarded as a leading expert in his field: He advises the German government and NATO, as well as police authorities and companies, on issues of IT security, cybercrime and cyberwar. After all, the war in cyberspace has long since ceased to be science fiction, as the founder and director of the Digital Society Institute explains in his book, "Cyberwar".
Name:
Sandro Gaycken
Age:
45
Occupation:
Scientist and entrepreneur
Website:
www.esmt.org
Cyberattacks cause a huge stir whenever they go public and are usually followed by major announcements of state-sponsored countermeasures. Is cybersecurity getting the attention and resources it needs?
Yes, it’s certainly getting the attention. But the means adopted are often not the right ones. They’re either insufficient or impossible to implement.
What’s the situation in Germany concerning the protection of critical infrastructures such as hospitals and energy suppliers?
Bad. Like every other actor, a lot’s been done here in recent years, but a fundamentally poor product landscape and the lack of qualified personnel often automatically mean that any protection provided is mediocre at best. Medium-sized operators of critical infrastructure often have particular problems.
The German government recently decided to set up an agency for innovation in cybersecurity, and the German army has set up its own unit. How well is Germany positioned in terms of cybersecurity compared to other countries?
When it comes to all the government agencies, it’s important, of course, that they have the right people. But when most of the positions are poorly filled, the problem only gets more acute. Here, the state is still short of good ideas and lacking the flexibility to be a bit more open and agile. Experiments such as the Cyber Innovation Hub may be helpful shining examples but, when they run up against intractable basic problems such as procurement regulations or recruitment modalities, they fail.
Do the government agencies have the IT specialists they need?
No, definitely not. Nobody does, least of all the state. It can’t pay enough and doesn't often offer interesting areas of work.
To what extent do the defenders generally face a much greater challenge than the attackers, and how can this issue be dealt with?
The defenders have in the meantime at least managed to deter worse attackers. If you don't make mistakes, you can now protect yourself reasonably well. However, in terms of technology, the attackers are still light years ahead of the defenders. There are also various tactical asymmetries between offence and defence, which usually work out in favour of the attackers. An attacker, for example, often has the luxury of thousands of attempts to break into a system. A defender, on the other hand, isn’t allowed to fail even once.
"In terms of technology, the attackers are still light years ahead of the defenders."
How would you explain to a layman how an unhackable computer works?
An unhackable computer uses a security-by-architecture approach that is way more thoroughgoing than, say, security-by-design. Security is the highest priority in development and determines the architecture of everything from hardware and operating systems to applications. This makes it possible to consistently avoid weaknesses, whereas tough security measures can be embedded in a way that the hackers can’t get at them. Hensoldt Cyber is currently building such a system according to a project run by DARPA (the research agency of the U.S. Department of Defence, ed.), the aim of which was to build unhackable military drones, which it did with great success.
Which digital product has yet to be invented?
A robot to take the dog out for a wee.
And which products can you do without?
Pretty much everything except a laptop and a smartphone.
Pretty much everything except a laptop and a smartphone.
Except for music, my home is dumb.
Which technical application will always remain a mystery for you?
In terms of their function, none, but how certain technologies become trendy is something I find mysterious enough.
When were you last offline for 24 hours?
Erm ... 1987? No idea.
A holiday without Wi-Fi: Is that a dream or a nightmare?
A nightmare. Silly question.
In the #explore “Profile” format we give a regular voice to exciting and inspiring people from the digital scene - to researchers, bloggers, start-up founders, entrepreneurs, hackers and visionaries.