The lessons from the cyber disaster in Anhalt-Bitterfeld

SECURITY INSIGHTS | 18 August 2021

In July, there was a serious cyber attack on the Anhalt-Bitterfeld district’s servers. As a result, the administration was unable to pay out social benefits to the district’s approx. 157,000 citizens – the vehicle registration office was also impacted. In the wake of the attack, the administration revealed that it even had to suspend most of its work for almost two weeks.

In the aftermath of the attack, the nation’s first cyber disaster was declared – according to the district spokesman, in order to be able to respond more quickly and receive administrative assistance from other agencies. The Federal Office for Information Security (BSI) was called in and provided on-site support. In the meantime, neither parental nor other social benefits could be paid out. The administration can now be reached by email again, but it is still only able to work to a limited extent. Some areas have been temporarily outsourced to other municipalities.

Critical infrastructure facilities are attractive targets for attack

The incident vividly illustrates how digital attacks can cause very specific damage in the real world. Critical infrastructure, which also includes municipal administration, ensures the supply of essential goods to the public and thus our societal well-being. This makes critical infrastructure an attractive target for financially or politically motivated attackers, cyberterrorists, and hacktivists.

The danger of attacks on critical infrastructure is increasing, and smaller municipalities in Germany, in particular, are often not adequately protected. Evidence of this perilous trend is provided by the figures in the current BSI report “Die Lage der IT-Sicherheit in Deutschland 2020” (The state of IT security in Germany 2020 – available in German only), according to which there were a total of 252 reports in the area of critical infrastructure in 2019, compared to the previous year’s much lower figure of 145.

Number of DDoS attacks on the rise

The Myra Security Operations Center (SOC) has also recorded a significant increase in attacks on critical infrastructure – particularly in the form of DDoS attacks. This lines up with the statistics of the German Federal Criminal Police Office, according to which a significant increase in criminal cyber activity in the form of DDoS attacks has generally been observed since the beginning of 2021. Incidents like the one in Anhalt-Bitterfeld could recur at any time and assume much greater proportions.

The protection of critical infrastructure is essential

Consistent protection of critical infrastructure against cyber attacks is essential for our society. To achieve maximum IT security, existing protective measures must be continuously reviewed and updated to reflect the ever-changing threat situation. This is where specialized service providers can help with their experience and technological expertise. Particularly in the public sector, the highest level of trust and reliability is essential.

When outsourcing IT security in the public sector and in the area of critical infrastructure in general, certain criteria such as recognized certifications (e.g., ISO 27001 based on IT-Grundschutz (IT baseline protection)) must be observed. In addition, the provider should be qualified by the BSI for critical infrastructure and offer 24/7 full-service support from its own SOC. Only in this way can municipalities and other critical infrastructure facilities ensure in the long term that their digital processes are protected in the best possible way and that the public is reliably served.

Learn more about Myra’s customized solutions for the public sector

Related articles