City administration, Bundeswehr, Telekom How well is critical infrastructure in Bonn and the region protected against attacks?

Bonn/Region · After the alleged sabotage attacks on the Nordstream 1 and 2 Baltic Sea pipelines and on Deutsche Bahn, the question arises whether critical infrastructure in Germany is sufficiently protected. What is the situation for stakeholders in Bonn and the surrounding region?

There are disruptions to the telecommunications network every day. These are often triggered by excavators or other machinery.

There are disruptions to the telecommunications network every day. These are often triggered by excavators or other machinery.

Foto: dpa/Sina Schuldt

A&E is closed, operations are postponed, patients are being relocated: What sounds like a nightmare scenario happened in 2020 at the University Hospital in Düsseldorf. A hacker attack crippled the hospital. At its worst, this could cost lives. At the same time, it can be difficult for ordinary people to get information. Because media houses are also affected: Since last Friday, for example, the systems of the "Heilbronner Stimme" have been encrypted following a cyber attack. The printed newspaper could not be published for several days. And the Bonn/Rhein-Sieg Chamber of Industry and Commerce also recently felt the effects of cybercrime. For almost two months, the chamber could not receive any emails. Every day, hackers are attacking the critical infrastructure (CRITIS) in Germany. In view of increasing attacks, this raises the question: how is the security situation in Bonn and the region?

Critical Infrastructure: Electricity, Gas and Water Supply

At Stadtwerke Bonn (SWB), they feel armedagainstanyattacksfromoutside. "Sinceourlines and cablesare, with a few exceptions, buried in the ground, theyareinaccessible and thusprotectedunless a professional excavationiscarried out," saysspokeswoman Veronika John. An illegal excavationwith the aim of cutting the power supplycould not gounnoticedgiven the high trafficdensity in Bonn. All above-ground installations areequippedwithmonitors, alarms and videosurveillance, according to theirimportance, shesaid. Byfederallaw, watersupply, whichishandledby the subsidiary Bonn-Netz, issupervisedby the Federal Office for Information Security (BSI).

The electricity and natural gas grids in Bonn and the surrounding area, on the other hand, are controlled by the Federal Network Agency. The number of cyber attacks on the municipal utilities is "in the thousands", but these are automatically detected and warded off by the firewall. There have been no known targeted attacks on the infrastructure, for example on the electricity grid.

Critical infrastructure: City of Bonn must make its own security arrangements

When asked, the city administration in Bonn also says that cyber attacks are a daily occurrence. However, no major damage has been done so far. "The threat to the city's IT lies in the disruption or damage of the infrastructure, in the theft of data or in the misuse of the systems for other criminal purposes," says spokesperson Andrea Schulte.

Attack on critical infrastructure: police have their own task forces

The Bonn police rely on their own task groups from various areas and a " highly specialised commissariat" for cyber-crime. Ten years ago, there was a hacker attack on their own website. Since the "massive" reinforcement of the district's own IT security, there have been no more similar incidents, according to press spokesperson Dominik Gaida. The Rhein-Sieg district is now revising its emergency plans in view of the growing threat of energy shortages. The Office of Civil Protection is concentrating on securing the emergency power supply so that rescue stations and emergency control centres can operate in the event of a disaster. This also includes redundancies for communication such as satellite telephones and analogue radio. To this end, the district is working together with the town halls of the 19 associated towns and municipalities. If necessary, the population will be warned via sirens, the warning app Nina and the radio. If this is no longer possible, loudspeaker trucks will drive through the streets. In addition, several contact points are now being established in each municipality. These so-called "lighthouses" have lights and radios that can be used to send emergency calls to the control centre. The district administration will soon inform the population about these locations. The Rhine-Sieg police have also set up a coordination group to organise the emergency power supply for the police stations and fuel supplies. Important facilities such as hospitals, nursing homes and the two prisons in Siegburg and Rheinbach must each provide their own emergency power.

Attack on critical infrastructure: Telecoms experience network disruptions every day

Telecommunications are also part of the critical infrastructure. Europe's largest telecommunications company, Deutsche Telekom, is based in Bonn. It experiences network disruptions every day: "Our infrastructure is attacked daily by excavators, pile drivers, drills and milling machines," explains Christian Fischer from Corporate Communications. Only in rare cases, however, does the company experience intentional disruptions, such as in preparation for break-ins. Telekom continuously monitors its fibre optic cables, mobile radio stations and network technology. "Using special software and automated measuring procedures, we can usually locate faults quickly and initiate a targeted cure," says Fischer. The cables as well as the network technology are protected against damage by sabotage and vandalism by various measures - the company, of course, does not disclose details about these means.

In view of the war on European soil, there is heightened concern about cyber attacks. At the moment, however, Telekom is not recording any major attacks on its network: "The absolute number of cyber attacks remains unremarkable compared to previous years," says Fischer. What is striking, however, is that "the underlying motives for some of the attacks carried out in Germany" seem to have changed. In the past, an overload attack was often followed by an attempt at blackmail - but this is often not the case today.

Cyber security: Bundeswehr has special requirements

According to BWI, the Bundeswehr's IT systemhouse, the topic of cyber securityis also relevant, and not just because of the currentsituation. "The Bundeswehr has been a customer with special securityrequirements not onlysince the war in Ukraine and the currentcases of sabotage," says Jochen Reinhardt, spokesman for the Campus Auermühlesite in Bonn. For example, BWIoperates a redundant fibre-optic network in Germany exclusively for the Bundeswehr as well as a Security Operations Centre for monitoring IT. The securityunitisnowbeing further expanded. Nevertheless: "Despite all organisational, technical and personnelprecautions, therecan be nohundredpercentsecurity.

Another federal IT service provider is the Federal Information Technology Centre (ITZBund) based in Bonn. It falls under the portfolio of the Federal Ministry of Finance and supports the German federal administration. A computer centre is operated in Bonn. Would an attack on this centre have an impact on the people of Bonn? "A direct impact on citizens is not primarily expected due to the redundancy mechanisms and other cyber defence measures," says Thorsten Meyer, spokesperson for the ITZBund. These measures include a tiered IT security infrastructure with the help of several security levels from different manufacturers. In addition, the service provider operates data centres not only in Bonn, but at various locations in Germany, so that geo-redundancy is created.

Federal Information Technology Centre: fencing, reinforced doors and secured windows

The ITZBund provides more detailed information on the protection of its hardware: It is located in the inner core of a data centre building and is protected by several security zones. These, in turn, are shielded from the outside world by "various technical, structural and organisational measures". "These include fencing, reinforced buildings and interior walls, reinforced doors, secured windows, access locks, cameras, intrusion detection systems and access control systems," Meyer explains. The critical infrastructure also includes the health sector. The University Hospital Bonn (UKB) says it is secured via various technologies. The security power supply is currently operated autonomously, which means there is no danger of a cyber attack. The water supply is also not connected to the UKB network: The municipal utilities supply the drinking water, the pressure of which is increased via pumps for the UKB. These pumps are also self-sufficient.

Attacks on critical infrastructure: what an IT security expert says

Nevertheless, the pressure on critical infrastructure is great. "Organised crime in the form of ransomware gangs trying to use blackmail is getting worse," comments Manuel Atug from the board of the Cyber Security Cluster Bonn (CSCB). "For this reason, all CRITIS operators should urgently implement the basic security measures, such as those described in the BSI IT-Grundschutz." If a ransomware gang had identified a CRITIS operator in Bonn as a target, the "in extreme cases, provision of the critical service could even be brought to a complete standstill." That would be fatal for the city of Bonn, the university clinic or mobile telecommunication, Atug said. Backups and security updates are therefore essential.