Author: Thomas van Zütphen Photos: Haus E, Chemnitz;  Bigstock.com
A cyber defense research solution made in Saxony
Information security and data protection are essential cogs in the apparatus of government. Anything that individuals and companies might do at a government office – from reporting a change of address or incorporating a business to addressing technology transfer issues and applying for patents – could attract the attention of more than just government officials at the local, state or federal level. Sometimes, hackers are watching, too.
Take Saxony, a federal state in Germany. It detected and deflected over 1,400 direct attacks on its government network last year – a 63 percent increase compared to 2015. Malware was found 75,723 times in the 26 million e-mails Saxony’s government received, almost three times as many as in the year before. “Hackers target our networks, too; there’s nothing we can do about it,” said Karl-Otto Feger, Saxony’s Chief Information Security Officer. “What we can do, though, is to stop cyber spies from finding anything.”
Saxony’s government IT systems aren’t only exposed to threats from the Internet. The intranet has vulnerabilities of its own, too. Attacks are typically launched from malware-infected computers. But danger may also come from intruders who creep into the network unnoticed, or from employees who – often mistakenly – disregard security policies. Conventional precautions such as central firewalls and antivirus software can do little, if anything, to plug these security holes.
Realizing this, Saxony initiated a research project dubbed “HoneySens” in 2014 in order to spot hackers and malware more quickly. The resulting software system, which was developed together with TU Dresden, has sensors simulating network vulnerabilities that appeal to attackers. These “honeypots” first record all suspicious network activities or data packets in selected branches of the government network, and then forward the information to a central server for analysis and alerting. “Collecting and analyzing valuable information lets us harden our IT system, with its 28 sub-networks and roughly 40,000 PC workstations, against unauthorized access from outside,” explained Saxon Chief Information Security Officer Feger.
Saxony was looking for an industry partner to scale up the development project to a full-blown, permanent system that the entire state government could use. It needed a partner to take the prototype operational in the government network and hone the software system into a separate, but marketable product. Saxony decided to partner with T-Systems subsidiary Multimedia Solutions GmbH (MMS) for several reasons. In addition to T-Systems’ extensive experience running and refining its own global honeypot environment, “our contract with T-Systems will give other users affordable access to the software and will create a permanently free open-source version of the software, in addition to the operational version that is covered by the contract,” explained Marcel Wallbaum, the MMS project manager.
However, as Feger openly admits, “MMS’s location in Dresden did play a role in our decision, too. Selecting a Saxon company not only gives us easy access to MMS until the product launches in late 2017, but it also ensures that our state will benefit from our industry partner’s postlaunch marketing activities.”