Lucerne cyber coordinator is just a beginning

Authorities and companies can only defend themselves against increasing Internet crime if they join forces. The fact that the Canton of Lucerne is looking for a cyber coordinator makes sense – but it should only be the beginning.

—

The attack lasted twelve days and the defense a few minutes. In between, hackers quietly and anonymously gathered a list of the names of 130,000 companies. These are companies that applied for a Covid loan via the Easygov platform last year and have not yet repaid it. The State Secretariat for Economic Affairs (Seco), which operates the platform, recently announced that neither the respective loan amount nor other confidential data had been tapped. The damage should therefore be limited. It is unclear whether the hackers were unable or unwilling to go any further.

The fact that the attack was possible via the public area of ​​the website, which does not require a login, should give cause for concern. As if a jewel robber did not come through the secured entrance to the shop, but through the back entrance. To open the door, the robber – to stick with the picture – was enough to knock continuously: a hacking program asked the platform up to 544,000 times a day whether there was a company applying for a loan under a certain company number would have. The Seco promises: “The cyber attack that has taken place will be comprehensively investigated and all necessary measures will be taken so that the platform will also be secure in the public sector in the future.”

The attack on the Easygov platform is not an isolated incident. And authorities are by no means always targeted. Cyber ​​criminals have carried out at least 4,799 successful attacks on Swiss companies in the past five years. 56 percent of them were there in the last twelve months, as the “observer” writes. The National Cybersecurity Center, which is now advising Seco, registered 832 reports between October 11th and 17th; 315 to malware, 292 to fraud and 109 to phishing.

So the cyber war is already raging violently. Also in Central Switzerland. And the cybercriminals are – unlike in analogue life – more than one step ahead. It is as if the jewel robber can fall back on the most modern burglary tools, while the shopkeeper has not even installed surveillance cameras. Simply upgrading the store is not a solution. Because, unlike their analog counterparts, cybercriminals can strike from anywhere and in several places at the same time. So it needs good protection against all kinds of possible attacks in as many places as possible.

The prerequisite for this are coordination offices, as the Canton of Lucerne wants to create one. Because the necessary specialist knowledge is already available at selected locations. On the part of authorities primarily with the police, public prosecutor’s office and IT services, in business with companies specializing in data security, from which private individuals can often benefit. This specialist knowledge is still too strongly protected instead of passed on. More sharing is needed.

An example: A company’s data is blocked and only released again against payment. The company contacts the coordination office. The latter knows of a very similar case and recommends not to pay, as the data can also be unlocked in this way. Or: A municipality wants to offer some of its population services online. She asks the coordination office beforehand. These are placed by a federal specialist who helps to find and configure the right platform.

The examples show that the canton of Lucerne is on the right track with the cyber coordinator. But they also show that specialists will quickly reach their limits if they conscientiously perform their tasks in all areas. An expansion will therefore be essential. With regard to the neglected data protection agency, it is doubtful whether this will have any political chances. Three points are important: a good start for the new specialist in Lucerne, a move by other cantons – and that private individuals, companies and authorities recognize the seriousness of the situation.