Extensive surveillance by foreign intelligence services as well as the ever-increasing amount of cyber crime are endangering digital development. “For a society where humans and machines are using the Internet more and more each day, security is the Achilles heel,” Thomas Kremer, Board member for Data Privacy, Legal Affairs and Compliance at Deutsche Telekom, emphasizes this sentiment on European Data Protection Day. “For more cyber security, everyone involved must significantly increase their level of cooperation,” Kremer continues. “We need more transparency, clear responsibilities and additional expertise to enable better protection of data and infrastructure.” Working towards this, Deutsche Telekom has defined ten concrete measures:
1. The findings revealed by Edward Snowden must be published in full and made accessible for all. This is the only way to identify possible weaknesses in the network and solve them immediately.
2. Within the EU, member countries should refrain from spying on the telecommunication and Internet traffic of other members. Further efforts should also be made to set up an anti-espionage agreement with the USA.
3. Security authorities should clarify exactly which information they retrieve from telecommunications and Internet users. This includes the number and type of retrievals carried out and information about the connections being monitored.
4. Companies must create transparency with regard to security standards and any attacks that take place. Effective cooperation is the only way to make protection against cyber attacks as comprehensive as possible. Telekom has published its technical security standards online at www.telekom.com/sicherheit and provides transparency regarding cyber attacks at www.sicherheitstacho.eu.
5. Research and education on topics related to cyber security must be increased. Deutsche Telekom is setting up a chair of Data Protection and Data Security at the University of Applied Sciences (HfTL) in Leipzig. Deutsche Telekom also provides learning resources for schools on the topics of security and data protection via the platform Teachtoday.de.
6. Analysis and forensics for network security must be developed further. To this end, Cyber Emergency Response Teams (CERT) must be expanded within the companies and integrated more closely. As well as strengthening their teams, Deutsche Telekom encourages specialist training: in 2014, a new qualification program entitled “Cyber Security Professional” was created in cooperation with the Cologne Chamber of Industry and Commerce. In the next few years, Telekom will enable several hundred employees to become qualified IT security experts.
7. Looking to the future, content should be end-to-end encrypted on the transmission route. This is where manufacturers, network operators and service providers have an equal responsibility to develop simple solutions for the customer. At standardization panels, Deutsche Telekom advocates uniform encryption techniques.
8. There should be no dependency on the individual manufacturers of critical network components. Telekom is introducing a geo-redundant dual vendor strategy for these elements. For critical components, Telekom uses products from at least two manufacturers from different geographical regions.
9. Manufacturers of hardware and software as well as network and service providers must rectify any known weaknesses immediately. Deutsche Telekom’s suppliers will be obliged to do so. For particularly critical components, the security of the products should be proven by an independent test center. The German IT Security Act and the relevant EU directives should address this.
10. Data must not be diverted through other judicial areas during transport via the Internet. The Telekom network already makes the shortest possible routes a reality. Deutsche Telekom wants to push this approach even further, promoting a voluntary commitment for all Internet providers. This would make it significantly more difficult to access data transported within Europe without authorization.
Source: Deutsche Telekom