Ammar Alkassar

Cybersecurity for digital organizations

An interview with Ammar Alkassar, CEO of Rohde & Schwarz Cybersecurity

Attacks against the data networks of energy companies and waterworks, hospitals and transport companies can put our digital society in serious jeopardy. But modern cyberattacks can no longer be fended off with security updates and common virus protection software. Critical infrastructures require effective IT security solutions that offer reliable protection.

Mr. Alkassar, cyberattacks appear to have become an everyday occurrence, haven't they? How great is the threat to our society?

The threats are immense! Just take a look at the events this year. A few weeks ago, the WannaCry malware hit the IT systems of hospitals in England, causing serious problems in providing care to patients. Just six weeks after WannaCry, the Petya malware once again threatened security and order. Companies and public authorities were most affected, as well as Ukraine’s railway and even the computer at the site of the 1986 meltdown of the Chernobyl nuclear power plant. These kinds of attacks have long since become routine in the health care sector. According to recent studies, two thirds of German hospitals have already fallen victim to a cyberattack.

What makes cyberattacks such as WannaCry and Petya so dangerous?

What’s new about these attacks is how they camouflage themselves. They turn up as ransomware attacks that use extortion to block data. Petya, however, deleted entire portions of the affected hard disks, instead of simply blocking them. For these kinds of "sabotage attacks", critical infrastructures, such as hospitals or waterworks, are a desirable target. They hit the state in its core function and rob citizens of their sense of security. These attacks against the infrastructures on which energy providers, transport companies, emergency services and the financial sector are so dependent can have major consequences. They are a serious threat to public safety.

Despite improved cybersecurity, attacks still happen again and again. Why?

No matter whether it's extortion or malicious sabotage, it's becoming increasingly difficult to defend against such attacks with available technology. The companies and public authorities that had installed the latest security updates were still somewhat secure in the case of WannaCry. With Petya, however, the German Federal Office for Information Security (BSI) came to the sobering conclusion that even systems with the latest antivirus updates installed were affected. This is because Petya also spread by using a zero-day exploit, or the targeting of security gaps before they can be identified and closed. Conventional antivirus software cannot protect against this kind of attack, which is why these attacks are so hazardous.

How can companies and public authorities effectively protect themselves against these kinds of attacks?

They need security solutions that not only respond to attacks, but that also proactively keep them out of the IT system. Such solutions are comparable to an ESP system in a car, which also takes an active approach to avoiding accidents. For public authorities, these kinds of proactive security systems are now standard, and they are becoming more and more common for critical infrastructures.

Can you give a few examples of these security solutions?

Take your browser, for example: Around 70 percent of malware enters your network through your browser. To limit opportunities for attackers, strict separation is crucial. This means working only with a virtualized browser that is hermetically sealed off from other applications in order to make corporate data inaccessible to ransomware attackers. Viruses, trojans and their friends remain enclosed in the virtual environment. They cannot spread on your computer or local network. Regardless of the type of attack, any attack on the Windows host system will fail. If malicious code corrupts the browser, the virtual browser environment simply restarts and is immediately ready again in its uninfected state.

More and more people are working on mobile devices. Personal smartphones are used for business processes, what is referred to as "bring your own device". What about cybersecurity here?

Mobile devices are posing an ever greater risk. Their built-in security mechanisms are inadequate. "Bring your own device" makes it very easy for hackers to access sensitive data. Smartphones and tablets are best guarded against attacks through a strategy of separation. In other words, the smartphone is partitioned into two special security zones: one for private use and one for work. Applications and data are kept strictly separated within each security domain to effectively protect the mobile device. The work domains are kept under the complete control of a central management system. Apps installed by the user cannot access sensitive data. Simple container solutions are inadequate for eliminating operating system vulnerabilities – only solutions with a hardened security kernel can do this.

What else can firewalls do to safeguard against new kinds of cyberattacks?

That depends on the technical state of the firewall. Conventional firewall technologies still use so-called blacklisting. In other words, data packets with known attack patterns are blocked; all other data is allowed to pass. However, these mechanisms are fully ineffective in the face of new, unknown attack methods. Only next generation firewalls that actively inspect data packets are effective here. Only when the packets are identified as "friendly" are they allowed to pass through. All others, including unknown data packets, are rejected. This method is referred to as whitelisting.

Where do you recommend deploying these next generation firewalls?

Particularly on intranets as well as for SCADA and IoT networks. These networks are used in the energy sector and by transport companies, for example. These production and control networks are extremely vulnerable, because they are often obsolete and were not developed with IT security in mind. For hackers and saboteurs, they offer new backdoors as digitization continues to progress. Whitelisting does, however, allow individual applications, protocols and content to be defined on the individual application level with respect to which data traffic is permitted and forbidden. Only clearly defined traffic is allowed so that the networks can also always be protected against unknown risks.

What other hazards do you see?

Traditional firewalls only protect the company network as a whole. In complex industrial networks, however, these perimeter firewalls are no longer adequate. There needs to be firewalls that work inside the network and segment it into multiple zones. In the event of an attack, fire zones ensure that damage does not spill over into the entire network. In addition, a firewall should also support, recognize and decode important protocols, such as SCADA, Modbus TCP or DNP3. The hardware also has to be solid. It should be suitable for locations such as production halls, wind parks or workshops. Under extreme conditions, heavy-duty hardware protects the firewall, which in turn protects the network.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.