In its current safety notice for the economy, the Office for the Protection of the Constitution warns companies in the KRITIS area, such as for digital, electricity and gas networks, against disclosing too much information on the Internet. This makes sabotage too easy for cyber attackers.
Acts of sabotage by foreign states or by extremists can have far-reaching effects and lead to serious damage. This is particularly true with regard to critical infrastructures (KRITIS) and KRITIS-related companies, which are essential for a functioning community. Protection against sabotage is therefore one of the core tasks of the constitutional protection authorities.
Oversupply of information is exploited
In the course of their risk analysis, they regularly gain insights into gateways that are useful in preparing and supporting attacks or that make them possible in the first place. It can be assumed that foreign intelligence services, among others, will specifically scout them out and use them to prepare further measures. Numerous activities have already been identified in the past which may involve spying by foreign intelligence services.
Useful safety tips
The Office for the Protection of the Constitution gives many practical tips that companies should pay attention to, such as: “Publications that are freely available on the Internet often offer very detailed information. This applies, for example, to presentations that were originally aimed at authorities and market participants, but also to maps that show the locations of systems or the course of routes”. With this reference one plays directly on the manual attack of a cable of the German Federal Railways. Its destruction had massively paralyzed train traffic. The cable data and route plans were previously freely available on the Internet.
Beware of job offers
The Office for the Protection of the Constitution sees another practical warning in overly detailed IT job advertisements. If there is a very explicit search for special knowledge, then the stranger provides valuable information about the systems used in the KRITIS area. If there are matching system vulnerabilities, this opens up an attack vector.
Overall, the recommendations for all companies that use IT are very good security advice.
More at Constitutional Protection.de