Science and Technology, Department of Business Processes

Dr. Vincent Lenders from armasuisse Science and Technology is head of the research department C4I as well as the Cyber Defence Campus. In this interview, he talks about the current threat situation in cyber space and how armasuisse is helping to protect Switzerland from attacks.

Dr. Lenders, what is currently the greatest threat with regard to cyber?
The cyber threat situation is characterised by several possible threats. These vary with regard to the purpose of an attack, the participants behind the attacks and the circle of those affected. The dividing lines between the various different threats are often not clearly defined, as attackers pursue different purposes simultaneously and can also combine the type and goals of the attack. Basically, we distinguish between five different types of cyber attack: Cyber criminality, cyber espionage, cyber sabotage and terrorism, disinformation and propaganda as well as cyber in conflicts. In addition to the targeted and deliberate cyber attacks, unintentional actions or natural and technology-related events can also lead to damage in cyber space or in the physical environment.

Who is behind cyber attacks? Other countries, criminals, etc.? Do we know?
We distinguish between countries, terrorists, criminals, hactivists and script kiddies*. It is sometimes possible to recognise who is behind an attack, based on the methods of attack used. However, with many attacks, the perpetrators remain undiscovered because the digital clues are insufficient for forensic analysis. What is often underestimated by many organisations are the threats posed by their own employees. According to a recently published American study, more than 30% of the security incidents could be traced to own employees. For example, a few years ago an employee of the federal government copied large quantities of confidential data in order to sell it abroad.

Have the attacks changed over the last few years or decades?
Successful attacks in Switzerland and abroad, some with serious consequences, have shown that not only the frequency and complexity of cyber attacks is growing, but that these are also increasingly aimed at countries and corporations.

Around how many cyber attacks occur on a daily basis in Switzerland? Is it possible to make a statement on this?
It’s difficult to give precise figures. The Reporting and Analysis Centre for Information Assurance MELANI collects notifications of incidents in Switzerland and reports on around 200 notifications every week.** However, these figures are inaccurate because many incidents are not reported and the success rate of these reported attacks often remains unconfirmed. However, I can say this, to give you an idea: A server in the Internet is typically attacked several times per minute. If the server has configured a known vulnerability or a weak password, it is usual for the server to be infected after just a few minutes.

That doesn’t sound exactly encouraging. To what extent is armasuisse helping to protect Switzerland from cyber attacks?
With the competence sector Science and Technology, armasuisse has a similar task to that of the DARPA in the USA: It is making decisive investments in ground breaking technologies for national security. With the Cyber Defence Campus, armasuisse is working within an innovation ecosystem which comprises academic, corporate and governmental partners. This cooperation is enabling new defence concepts and security solutions to be created, which serve not only the Swiss Armed Forces, but the whole of Switzerland.

          «These days, it still often takes several months for companies

                       to realise that they have been attacked».

                                              Dr. Vincent Lenders

And what is armasuisse doing for the cyber security of the Swiss Armed Forces?
As the responsible procurement department for the Swiss Armed Forces, armasuisse has to ensure that both new IT systems as well as armaments are protected against modern cyber threats. Due to the digitalisation of the armed forces, cyber threats are not only an issue for classical computer systems, but also for members of the army, planes, vehicles and real estate, for example. The newly founded Cyber Defence Campus supports the DDPS in anticipating cyber risks, building competences, developing and evaluating cyber technologies and recruiting and training new talent.

Who is at the greatest risk of a cyber attack? The public sector, private individuals or companies?
All sectors are affected equally, but private individuals and SMEs are particularly at risk, as they often have either no resources or insufficient resources to protect themselves. Larger organisations and the public sector can rely on security teams and technologies to ensure their security. However, SMEs and private persons usually do not have the required resources for this purpose.

Is there a recipe for 100% protection against attacks?
No, unfortunately there is no 100% security. You have to reckon with the fact that you will become a victim of cyber attack sooner or later.

What would be your best tip for protection?
It is important to recognise as early on as possible that you are the victim of an attack. These days, it still often takes several months for companies to realise that they have been attacked. It is therefore important to have a security concept which attempts to detect attacks in your own network as quickly as possible. What is important is that the faster you react, the lower the level of damage.

What will be the greatest threat for the security of Switzerland in future in terms of cyber?
The biggest challenge is weighing up the opportunities and risks of digital technologies correctly. Let’s take as examples contact tracing, e-voting or artificial intelligence. These technologies provide our society with opportunities but simultaneously involve considerable cyber risks. We need to find a good balance when using this type of technology.

* The term script kiddy describes computer users who, despite little basic knowledge, attempt to penetrate foreign computer systems or cause other damage.

** The statement has been corrected on 13/10/2020 based on information received.