Fine-tuning Germany’s cybersecurity strategy
Recently, Eileen Walther, Northwave’s Country Manager for Germany and specialized in information security, was elected the new Vice President of the Cyber Security Council Germany (Cyber-Sicherheitsrat Deutschland). Before joining Northwave, she was head of the Dutch High Tech Crime Team and strategic advisor at the German Federal Criminal Police Office (BKA – Bundeskriminalambt).
The Cyber Security Council Germany was founded in August 2012. The Berlin-based association is politically neutral and advises companies, authorities and political decision-makers about cybersecurity.
In this interview with Help Net Security, Walther talks about Germany’s cybersecurity future, working on information security strategy, and more.
How do your previous work experiences help you in your current position (VP of the Cyber Security Council Germany)?
Both in the position of VP of the Cyber Security Council Germany e.V., as well as my job as Country Manager of Northwave Deutschland, I benefit greatly from my experiences managing the Dutch Police High Tech Crime unit and working with German Federal Law Enforcement. Not just because of the ongoing exposure to the evolving industry of cybercrime but even more from working with the passionate people in those teams. The community of cybercrime fighters is very tight and depends on personal trust, whether in public service or within service providers like Northwave.
Technology is constantly evolving. How do you go about anticipating the infosec needs of a country?
The best way to manage this constant change is to understand that this is exactly the challenge. It is not about the technological evolution. It is about really and truly understanding that you will operate in a highly dynamic situation if you want to protect your interests.
The cybersecurity of a country depends on the ability of every single organization to do this. It requires a risk-based approach in which the technological efforts as well as the human contribution to security are constantly monitored, tested and adapted. For the leadership of any organization, this is the only way to gain control over this complex matter.
But how do you do this continuously, with scarce resources and expertise? Within the Cyber Security Council Germany e.V., I am going to be talking about this. I hope to share my knowledge on how you can operationalize your information security in an intelligent way. I also won’t hesitate to raise my voice and put efforts in movements that should enforce our cybersecurity abilities on a national level.
What are the main challenges when it comes to improving a country’s cybersecurity strategy?
On a national level, there are two challenges on the top of my mind. I would give great weight to improving the real time threat intelligence sharing between law enforcement, the intelligence community and businesses. Last but not least, I believe educating children in twenty-first century skills and specifically cybersecurity is key.
I trust the next generation to be able to do a better job than we all did in protecting the confidentiality, integrity and availability of information and thus in protecting our democracy. Therefore, we should empower movements that support these future cyber heroes.
When you look at the current threat landscape, what are you most worried about? How do you expect current threats to evolve? What do you expect will be a massive problem a few years down the line?
Without wanting to sound grim, we are dealing with a monster with many heads. The ransomware industry is growing and professionalizing. After encrypting and stealing data as leverage for extortion, we now see new forms of twisting the arm of the victim emerge. Threats to the supply chain and even to the personal life of the leadership of organizations.
Ransomware is the most visible threat. I’m at least as worried about what we don’t see. Undiscovered Advanced Persistent Threats by state or state sponsored actors. Multiple nations use cyber capabilities to create advantages economically and geopolitically, as became more visible since the war in Ukraine. The stakes are too high to remain as naive and passive as we are now.
What is your vision for Germany’s information security future? Nationally, and as part of the European Union?
For quite some time now, Germany has been the second largest cybercrime target in the world, after the United States. In Northwave’s incident response practice, we see that the leadership of large organizations only decide to structurally organize their security and implement state-of-the-art measures, after they have been hit by a serious attack.
Germany’s strong economy is an attractive target and one could even state that the country’s conservative approach to protect privacy resulted in mass data leakage. For the exact same reasons, I am positive about what comes next. There are huge interests, financial means and capabilities to totally flip this position. I am proud to lead Northwave’s commitment to help German companies to intelligently improve and operate their cybersecurity.
Moreover, on a national level, I believe that Germany should keep on joining forces with other EU member states that are leading in cybersecurity, such as the Netherlands, and dare to establish itself as an international pioneer. I will continue to devote my energy to this cause, also as the Vice President of Cyber Security Council Germany e.V.