An interview with Mr. Philipp v. Saldern, President of Cyber-Security Council Germany.
Mr. Saldern is serving as the president of the Cyber-Security Council Germany Association since February 2016. Since 2010, he holds several board and management positions at RUAG Defence. Before that, he held various sales management positions at EADS, and he was on active service at Bundeswehr (the German army) for 12 years.
Mr. Saldern, It is a pleasure having this opportunity to interview you on the topic of cyber security, and on its relevance to the Germany Israel relations.
How would you describe the current cyber-threat situation in Germany and the specific challenges that come with it?
“With every day, the cyber-threat situation becomes more challenging as malware diversifies steadily, attack vectors become more sophisticated and cyber-criminals more professional. The recent global ransomware epidemic WannaCry, for instance, gave proof of this development, and experts predict further waves of cyber-attacks of this dimension in future. Also, both, WannaCry and NotPetya underlined that developments in the cyberspace are unbound from national borders. Any country, any company and any individual constitutes a potential target for any form of hacks and malware. However, Germany is an interesting target for cyber-criminals due to its political and economic power on the international, and even more on the European level. Accordingly, a reliable cyber-security architecture is required which spurs IT security knowhow and technology, making Germany an important player in this area.”
“In Germany, ‘cyber’ currently gains particular attention in the run-up to the federal elections on 24th September. Intelligence services warn of cyber-attacks on the IT network of the German parliament (Bundestag), mail accounts of members of parliament and election campaign headquarters. Besides, there are ongoing discussions on the feasibility and legitimacy of cyber retaliations (hackbacks) in case of sate of defense, carried out by the Bundeswehr Cyber Command (KdoCIR) or other federal authorities with cyber competencies. Another focus of German cyber-discourse is the protection of the economy. A recent survey revealed that between 2015 and 2017, more than every second company has been affected by data theft, industry espionage or sabotage. Simultaneously, more than half of these companies were small and medium enterprises. While many large-scale companies have increased investments in IT protection significantly throughout the last years, SME have fallen behind due to lack of awareness or resources. In Germany, however, SME are the essential players of the national economy, so that the protection of these hidden champions has to be addressed. Meanwhile, operators of critical infrastructures are dealing with the implementation of the IT security law’s provisions, effective since July 2015. Within two bylaws adopted in May 2016 and June 2017, operators exceeding certain threshold values are obliged to take measures for the protection of their IT systems. A cross-sector cyber-issue is the ongoing fight for talents. The IT and even more cyber-security skills shortage affects the general level of cyber-security in Germany. Here, short-term as well as long-term measures and solution approaches such as interconnection of IT experts, exchange and cooperation among companies and politics plus the adjustment of scholastic and academic curricula are necessary.”
“To meet these challenges, we must not forget that cyber-security is a pan-state task which requires the participation of all actors and levels: politics, business, science and society. On the state level, the cyber-security landscape is mainly shaped by the Federal Ministry of the Interior (BMI) and lately also by the Federal Ministry of Defence (BMVg) and their subordinated authorities like the Federal Office for Information Security (BSI), the Federal Office for the Protection of the Constitution (BfV), the Federal Intelligence Service (BND), the Central Authority for Security Information Technology (ZITIS) or the Bundeswehr Cyber Command (KdoCIR). There are also cyber authorities on the federal state level such as the Cyber Alliance Center Bavaria (CAZ Bayern) or the Hessian Competence Center Cyber-Crime, Cyber-Security and Cyber-Intelligence (Hessen 3C), among others. Besides political bodies, there exist several initiatives which aim at a secure digitization and the advancement of the digital transformation: the Cyber-Security Strategy for Germany 2016 of the BMI, the Digital Agenda 2025 of the Federal Ministry for Economic Affairs and Energy (BMWi) or the Directive on Security of Network And Entertainment Systems (NIS Directive) of the European Commission.”
Can you explain the agenda of the Cyber-Security Council Germany and also describe the cooperation with Israel?
“In August 2012, the Cyber-Security Council Germany was founded by renowned personalities from politics and business. It is a politically neutral association with more than 150 members, representing more than two million employees of large-scale companies, SME and political bodies, authorities and decision-maker. Of course, membership is not limited to German companies or bodies as such a statute would undermine our position of demanding and fostering transnational exchange and cooperation in the field of cyber-security. Therefore, we maintain close ties with organizations in the UK, USA, Estonia, France and of course Israel. In Tel Aviv, we opened our first international chapter with Checkmarx in April 2017, and also this year just in June, we expanded our cooperation with the Israeli cyber-community by the signing of a Memorandum of Understanding (MoU) with Israel Advanced Technology Industries (IATI). Israel is a true hotspot for cyber security technology, innovation and knowhow. Also, it is a prime example for gainful cooperation between state, economy and science as demonstrated in the Israeli Cyber Innovation Area CyberSpark. We thus believe that the chapter enabling and the MoU reinforcing the bridging of the German and Israeli cyber-community is mutually profitable.”
“For the future, I think that these ties between Germany and Israel in the field of cyber-security can even intensify. All it takes is trustful cooperation as it can be accomplished by common projects and undertakings like joint IT training sessions or even research and development projects between German and Israeli companies. And in general, cooperation should always encompass the perspective of further partners to join. With cyber threats constituting a transnational matter, interconnection and exchange among several states expand knowledge and cyber capacities, leading to more reliable cyber-security architectures.”
How can non German cyber security companies succeed in doing business in Germany?
“With Germany being the global export world champion, I would say that German companies are looking for business relations to other German companies in the first place. Of course, such cooperation brings along advantages like legal certainty and the mutual interest in a strong economic site. But in times of globalization, merely focusing on solutions and technologies from the same country is counterproductive. This premise is also valid in the cyber-security sector, not only for IT companies, but for enterprises of all branches like health, energy or the automotive sector. Simultaneously, I already pointed out that Israel is well-known for advanced IT security knowhow and technology, so that Israeli products and solutions are in demand. Israeli IT solutions, for instance, enjoy high reputation on the German market. However, one must always be aware of existing regulations. In the EU, for instance, the General Data Protection Regulation (GDPR) – to be implemented by all companies situated or offering goods or services in the EU by May 2018 – requires high data privacy standards. Regarding collaboration between Germany and Israel specifically, there is much potential for a further intensification of business relations in any sectors. For both sides, I advise to always keep in mind persisting regulations, the legal framework, and of course the business culture itself.”
Can you share with the readers your view on the challenges and opportunities that come with cyber-security?
“I think that cyber-security carries a lot of potential and opportunities. Of course, on the one side, the cyber threat situation will not ease, but intensify. On the other side, however, much-noticed cyber-attacks raise awareness and spur not only innovation, but cooperation. Generally, cyber-security must be perceived as a dynamic task, requiring steady participation of political authorities, companies and representatives from science and society. If this perception succeeds, then I am optimistic that we can advance towards a secure digital future and exploit the potential of digitisation. This would also include an appropriate handing of cyber-diplomacy. Now, there is legal uncertainty on the international level and definition gaps regarding essential cyber-terms persist. Interferences of foreign intelligence services or hacker collectives in national elections via cyber-space or diplomatic crises caused by cyber-attacks are thus likely to appear more often on the interstate level. Such scenarios are pretty worrying, so that more attention on cyber-diplomacy is urgently needed.”
Mr. Saldern, it was a pleasure having you for this interview. As we are almost at the Jewish New Year, Rosh Hashana, I wish you and the people of Germany and Israel a Shana Tova, and may this year be a more “cyber secured” year.
Declaimer — Checkmarx is an Israeli company operating in the application security field. It was elected to serve as the Israel Chapter of the Cyber Security Council Germany, with the intention to bring the cyber security communities of Germany and Israel closer. This is a not for profit initiative and is open to all cyber security professionals and companies from Israel.