As head of the ICT Security and Cyber Defense Department in the Austrian Armed Forces’ Counterintelligence Office, Colonel Walter Unger is an absolute expert when it comes to cybercrime. In this interview, he told us why the Austrian Armed Forces are so well protected and what authorities and companies can do to be well protected.

Mr. Unger, how well are we protected against cybercrime in Austria?
With such a question, it must first be clarified what actually falls under cybercrime. We are talking about all criminal activities that are punishable under the Criminal Code. This includes hacker attacks, of course, but also extortion, espionage and sabotage. The latest crime statistics recorded an increase from 18,000 to 28,000 offenses within one year. However, it must of course be assumed that many cases are not even reported. The number of unreported cases is therefore significantly higher. What does it look like when it’s less about private individuals and more about the authorities ...
Occasionally we read that large authorities and companies are also targeted by professional groups. But here, too, the number of unreported cases is unknown. The most interesting question is how many attacks are carried out against so-called critical infrastructure. Although it is now also possible in Austria to investigate this, this is only just beginning. In Germany, there has been an obligation to report such cases for some time, which has also led to an increase here. Overall, I would say that Austria is just as threatened as other countries.

@Private
Colonel of the General Staff Service Walter J. Unger heads the Cyber Defense division in the Ministry of Defense.

How do authorities and companies still manage to protect themselves? What can they learn from the armed forces, which are certainly very well protected?
First you have to analyze what you really need to protect. It makes no sense to protect something that has no value. As a rule, I only have to take good care of my wallet if it contains things of value. The army, for example, has more than 30,000 end devices, which of course I can’t protect equally well. But I don’t have to. In the second step, I filter out how dangerous it would be if these things were hacked. The protective measures are then derived from this.

These protective measures have certainly changed a lot in the armed forces. What did the beginnings look like?
In the early 1990s, our main aim was to prevent our expensive programs from being stolen. So there was no way for users to export or import anything unless they had the appropriate rights. This is still the case today. This has eliminated a major vulnerability. In addition, every workstation in the armed forces has an individual key. The data on the computers is encrypted and is also encrypted during transmission.

Has there ever been a serious attack in the armed forces?
Fortunately, there have not yet been any Trojans or other serious incidents in the Armed Forces. In this context, it is perhaps interesting to note that we have had an accreditation process at the Armed Forces for 14 years, which accompanies every ICT project if it is intended for a classified application. My team therefore draws up the relevant requirements that specify what security needs to be implemented. This is planned and tested. Accreditation is carried out again at regular intervals. This ensures that the software and hardware we introduce meets the latest international security standards. This is particularly important for deliveries from other countries. If there are signs of intrusion, I send out my forensic experts.

@Philipp Katzenberger on Unsplash
Increasingly frequent, increasingly sophisticated: the number of cyber attacks on Austrian authorities, companies and private individuals has been rising for years.

That sounds pretty complex ...
Of course, there are a lot of measures that are also complex and expensive, but it would be a disaster if the armed forces were paralyzed by a blackmail Trojan. Fortunately, these are peaceful times, so the military does not need to be deployed for its main task at the moment. Nevertheless, we have many soldiers abroad, so we need secure communication at all times, and there is also always something to do in the air. Of course, the constant generation of knowledge in this area is also crucial. We call them situation reports.

What role does the Austrian Armed Forces play in protecting Austria from attacks?
Since we published the first Austrian cyber security strategy in 2013, the military has had the task of ensuring military national defense in cyberspace. I wrote that down quite casually at the time, without really being aware of what it meant. The origins of this strategy go back to the very first study on cyberwar and cyberterrorism, which I was involved in around 20 years ago. Various initiatives emerged from this study, but there was hardly any knowledge about it in Austria at the time. It only really got going with Stuxnetbefore that, nobody really wanted to believe that there really was a threat.

Since 2013, the military has therefore been responsible if Austria is attacked from outside using cyber means. What does that mean in concrete terms?
The main work must be done in peacetime. Companies, authorities and critical infrastructure are the main targets of attacks, which is why these targets need to be particularly well protected. The Network and Information System Security Act, which has been in force since December 2019, helps us to do this. This is a European initiative that obliges companies that are part of the critical infrastructure to achieve a certain security standard. This is being reviewed by the Ministry of the Interior.

@Linde International
The book “Sicher im Netz” is aimed specifically at the average citizen in simple terms and without incomprehensible technical terms. Using real-life examples, it first introduces the reader to a trap set by hackers and fraudsters, then explains how the fraudster proceeds, followed by simple defense strategies. The authors use stories to illustrate complex issues in an understandable and comprehensible way.

Can you tell us about a dicey attack on an Austrian authority?
At the beginning of 2020, the Ministry of Foreign Affairs was attacked in a highly professional manner. The hack was carried out via the Christmas greetings that the Foreign Ministry sends out every year. This campaign was copied by the attackers. A few employees opened the manipulated video and loaded a malicious program onto their computers, which opened access for the hacker. Fortunately, the attack was quickly detected. Thanks to the rapid, joint reaction of the cyber defense of the BMI, BMLV and BMEIA, major damage was prevented.

What happens if you can’t get to the perpetrator, but he doesn’t stop attacking?
If all else fails, it may be necessary to take offensive measures. In other words, to stop other servers from working. This is called hackback. In Austria, only the military is currently allowed to do this in the event of attacks on Austria’s sovereignty. This is only a conceivable option in the event of war.

What experiences were decisive for you to include them in your book “Sicher im Netz”?
For a long time, I wrote information sheets for the military – covering the basics of cyber security. We now have our own page on the intranet on which we address the most important topics and which is very popular. This guidebook was born out of this tradition and the many questions I am often asked, or when people tell me things that have happened to them personally. That is why one third of the book consists of examples, i.e. descriptions of real incidents. A large part of the book is dedicated to protecting children and young people. For example, the topics of cyberbullying and hate online. It also deals with where to turn in such cases.

Click here for our other reports in the “Books & Media” section.

RELATED ARTICLESMORE FROM AUTHOR