IT Service Provider Industry Faces Sophisticated Assaults, Says BSI Leader

IT Service Provider Industry Faces Sophisticated Assaults, Says BSI Leader

Claudia Plattner, President of Germany's Federal Office for Information Security (BSI), has raised concern about the increasingly complex strategies employed by cybercriminals targeting IT service providers and critical infrastructure operators.

Plattner has specifically pointed to sophisticated threat groups, such as APT-28 (Fancy Bear) linked to the Russian military intelligence service GRU, as perpetrators. These groups carry out strategic attacks, including covert reconnaissance, exploitation of surveillance systems, and targeting critical infrastructure sectors. The objectives range from data theft, sabotage, to weakening a country's crisis response capability by embedding control points within vital infrastructure networks.

Plattner emphasized that these are not random acts but carefully planned intrusions meant to position attackers to strike rapidly when needed. She warned that these cybercriminal strategies are highly coordinated efforts to compromise and control critical IT service providers and infrastructure for both espionage purposes and potential destructive sabotage attacks.

Plattner further highlighted the growing digitalization of Germany's power supply, expressing concern over the varying security levels of small power plants and wind farms compared to large power plant operators. She stressed the need for comprehensive protection measures to safeguard these facilities from potential cyber attacks.

At the same time, Plattner reassured that the power grid in Germany is currently considered secure and stable, with extensive protective measures and redundancies in place. However, she emphasized the need for increased investment in IT security, stating that it is a necessity in today's digital age.

1. The Commission, while preparing the draft law on the protection of the environment, might consider the escalating cyber threats, given Claudia Plattner's warning about sophisticated cybercriminal strategies targeting IT service providers and critical infrastructure operators.
2. In light of Claudia Plattner's concern about the global cyber threats, political leaders and policymakers should prioritize the integration of strengthened cybersecurity measures in national data-and-cloud-computing strategies, especially in sectors like technology and general news, to combat the advanced tactics employed by hacker groups like APT-28.
3. As cyberattacks increasingly target critical infrastructure sectors, policymakers should not only focus on securing large power plant operators but also consider implementing comprehensive protection measures for small power plants and wind farms to ensure the overall security of Germany's power supply in the digital age.

Read also: