Photo of the university in the colours of the Ukrainian flag

‘The Hollywood image of hackers is misleading’

Cyberattacks on energy providers or government infrastructure could paralyse these service providers and thereby endanger the public; this has been in the public consciousness since the start of the war in Ukraine. The German Federal Office for Information Security currently advises an increased level of threat. Dr Peter Bernard Ladkin, long-time professor of computer science at Bielefeld University’s Faculty of Technology, cautiously sees grounds for optimism: large-scale cyberattacks on critical infrastructures have not in fact been registered. He considers the greater danger to be traditional kinetic attacks on physical infrastructure.

Is critical infrastructure in Germany currently more at risk than before the war in Ukraine?

We might have expected increasing, and increasingly sophisticated, cyberattacks on critical infrastructure after Germany supplied Ukraine with weapons. In fact, we are not seeing it. At the beginning of the war, known groups did increase attacks worldwide. However, this subsided. The Killnet group, which has ties to Russia, has been active in the USA — paralysing airport websites — but this does not affect critical US infrastructure.

Picture of the Person: Professor Dr Peter Bernhard Ladkin in front of a shelf with books.
Professor Dr Peter Bernard Ladkin researched and taught as a computer science professor at Bielefeld University and is an advisor on cyber security.

Which components of critical infrastructure are attacked most frequently?

All of them are attacked, most of the time (the question is: which attacks succeed, and what damage they do). Probably digital communications and the industries that depend on them are most at risk. Much of our infrastructure—from energy supply to the health system—depends nowadays on digital systems, and thus becomes a target for cyberattacks. There is some infrastructure that avoids it: for example, a high-frequency transmission tower on the Hautes Fagnes in Belgium connects the stock exchanges in London and Frankfurt. Its primary purpose is to enable particularly fast financial transactions, but it is not susceptible to cyberthreats except at the endpoints. The health sector is constantly exposed to a flood of ransomware. Such malware programmes deny access to data and systems, and are used to extort ransom for access. But to completely cripple an infrastructure component requires significant resources: sufficiently many competent, trained computer scientists and a lot of time. It ends up being quite a bureaucratic process. I think it unlikely that any state has already trained enough hackers on the required scale to wage effective cyberwar. The future, however, could be different.

Bild der Person: Prof. Dr. Peter Ladkin, Technische Fakultät, ehemalige Arbeitsgruppe Rechnernetze und verteilte Systeme

‘If attackers want to remain anonymous, cyberattacks can be advantageous. If attackers don’t need to hide, bombs and rockets are more destructive.’

Dr. Peter Bernard Ladkin

So, physical attacks are much more dangerous?

Yes, because such attacks are much easier to carry out. The German railway company Deutsche Bahn (DB) depends on digital systems for its entire communication infrastructure. DB is working flat out to make it cybersecure. But, as we saw at the beginning of October, sabotage of the physical infrastructure, of cables, led to massive problems. There is also concern about nuclear power plants, currently the one in Zaporizhzhia, Ukraine, which has recently been bombed/shelled several times. And think of the physical attacks on the Nord Stream 1 and 2 gas pipelines. Physical attacks are simpler and do not require complex organization. The idea of cyberwar is nothing new. But the Hollywood image of hackers is misleading, because cyberwar needs more, and more ingenious, human resources than physical attacks, and it will likely have less impact.

How well can attacks be traced?

After a cyberattack, specialists secure the data and try to find out exactly what happened. The search begins for patterns and so-called “digital signatures” that we have already seen in other cyberattacks. It can take several months before we are relatively sure whence an attack came. It’s a complex process. Two decades ago, there was an attack on my research group’s servers at Bielefeld University. Someone gained entry into our system in order to propagate malware. We traced it to a Romanian hacker who had intercepted passwords. He was known for such activity. But such events are history; it is not so simple nowadays. If attackers want to remain anonymous, cyberattacks can be advantageous. If attackers don’t need to hide, bombs and rockets are more destructive.

What is critical infrastructure?

Critical infrastructure is everything that is necessary to maintain the basic functions of a state and society. The Federal Office for Information Security (BSI) includes the following sectors: energy, water, food, information technology and telecommunications, transport and traffic, health, finance and insurance, media and culture, and state and administration. In 2021, the municipal waste supply was added to the list.

How can critical infrastructure be better protected against cyberattacks?

The very best defence is to disconnect systems completely from the Internet and any external sources of data. However, not being connected to a network has operational disadvantages, because a quick technical response in a crisis is an advantage, and this is often easier with network connections. Managers have to juggle these conflicting needs. This is best performed in a standardized wayusing national and international standards. There is a need for training and education in the operation and use of digital systems in companies, and not just in cybersecurity. More attention does need to be paid to the possibility of cyberattack. Many private companies address this need: the market is growing. But software developers also need to make improvements. Software has to become more reliable—it has to do exactly what we want it to do and not what we don’t want it to do. Some of us have worked on methods to increase software reliability over the decades, and these methods need to be applied more effectively. Since the war in Ukraine started, the cybersecurity meetings I attend have been working on the same things we have always been dealing with. Things have not changed that much. No one is panicking and asking, ‘what do we do now?’

The Person

Dr Peter Bernard Ladkin was Professor of Computer Networks and Distributed Systems at Bielefeld University’s Faculty of Technology and head of a research group in the Cluster of Excellence CITEC that dealt with security issues in human–machine interaction. Since 2016, the computer scientist has been working in the cybersecurity advisory group for the management of the German electrotechnical standards organization DKE. Ladkin is founder and director of the technology transfer company Causalis Limited.

About the series

In this series, academics at the university explain how they assess the war in Ukraine from their own disciplinary perspectives. Previously published interviews: