Germany’s first cyber disaster – what steps can municipalities take to best secure their sometimes outdated IT infrastructure?

Germany’s first official cyber disaster shows that protection from cyber attacks should be a top priority, especially for critical infrastructure.

The district of Anhalt-Bitterfeld is the first municipality in Germany to officially experience a cyber disaster. Officials announced that a hacker attack two weeks ago had knocked out its ability to perform nearly all administrative activities for the next two weeks. Law enforcement agencies are investigating the attack.

“In effect, we are completely paralyzed – and this situation will continue next week,” said a spokesperson for the district.

The July 6 hacker attack brought large parts of public administration to a halt in Anhalt-Bitterfeld, a district of 150,000 inhabitants. According to official statements, criminals previously attacked the computer system, and multiple servers were infected from an unidentified source. As a result, an unspecified number of files were apparently encrypted – with severe consequences. For example, the district spokesperson explained that no social welfare and maintenance benefits could be paid to citizens. Youth aid was also affected. To prevent further loss of data, all critical systems were taken offline. 

The district’s assessment of the situation on Friday states that “this attack had a direct impact on all aspects of our district services, including requests from our citizens which cannot be processed at this time.”

Germany’s first cyber disaster

An official disaster declaration enables district officials to respond faster in an emergency and request the help they need. The last time Anhalt-Bitterfeld declared a disaster was in 2013, when it was hit by flooding. The support the district is currently receiving includes help from experts with federal and state agencies. Together they are working to identify the source of the infection and to combat the virus. A fast response is especially crucial when an attack targets critical infrastructure, such as municipal systems. Restoring services for citizens directly depends on the ability to get the IT working again.

Outdated municipal IT infrastructure

The threat of hacker attacks on municipalities is nothing new. To the contrary: recent months have brought an increasing number of attacks – on businesses and especially on public facilities.

And security professionals point out that Germany’s municipal IT infrastructure has relatively weak protection from cyber attacks, making it especially susceptible to hackers. For example, municipalities often use outdated software and hardware even though the information they contain includes citizens‘ personal data. And extensive IT departments like those found at companies or the federal level are a rarity.

Given these constraints, what steps can be taken to effectively protect legacy IT infrastructure from these kinds of attacks?

Our CyberCompare experts recommend three fundamental actions:

1. Ensure efficient patch and upgrade management: when updates are available, they should be installed as quickly as possible, especially if they are security-related. Operations work should make such updates a priority. Systems that cannot be updated – either because they aren’t designed for it or updates are no longer provided for them – should be prioritized for modernization.

2. Segment insecure legacy systems: systems can’t always be updated or modernized when it’s necessary to do so. Since such systems are especially susceptible to attacks, they should be (physically) separated from the remaining infrastructure. That way, if an attack does take place the resulting damage will only affect a limited section of the system landscape.

3. Monitor IT infrastructure with a SIEM (security incident and event management) solution that uses correlation to analyze security audit logs for anomalies. Armed with this information, system administrators can quickly identify and contain infiltration by attackers or the spread of malware.

While outdated systems pose security threats, making big changes (such as modernizing major systems) is also a high-risk endeavor. It’s not unusual for large IT transformations to fail – so modernization efforts should take place in small steps and a Plan B is always essential.  

CyberCompare can support you in taking these steps:

  • Based on our experience in the Bosch Group, we can help you lay out a road map for protecting your system from hacker attacks – quickly and effectively.
  • Our comparison platform also equips us to recommend a provider who meets your needs and to find alternative or supplemental solutions for existing systems.
  • Of course, the providers we recommend must meet the highest security standards that minimize the threat of external attacks.

Just e-mail us (mail us) or give us a call (+49 711 811-91494) we’ll be happy to provide you with more information on our diagnosis. Alternatively, you can use our diagnostic tool for an initial check of your cyber risk profile.