ISSE 2010: Stuxnet worm marks a security watershed, says German minister

The Stuxnet worm marks a watershed in IT security management, says Thomas de Maizière, German minister of the interior.

The Stuxnet worm marks a watershed in IT security management, says Thomas de Maizière, German minister of the interior.

"We have seen a significant increase in espionage and sabotage activities," de Maizière told the opening session of the ISSE 2010 security conference in Berlin.

Stuxnet marks the first attack on control systems, which are increasingly connected and a more likely target of attack with the increased use of standardised operating systems, he said.

"I am not sure if this was a criminal attack or not, but we can stay ahead only if industry, research and government sectors are in continual dialogue," said De Maizière,

Governments must give information security a higher priority, and have a role to play, but the behaviour of each individual is also a very important factor.

"The first responsibility is an individual one," he said.

For this reason, said De Maizière, an important role for government is to provide education so that individuals have the knowledge they need to find their way in cyberspace.

After education, governments must work to support greater transparency and create appropriate legislation, but only where there are real gaps in current laws that cannot be filled by better self regulation of individuals using IT systems.

"Businesses must use the internet to tell people quickly and simply what information they collect, how they use that information and with whom it is shared," said De Maizière.

The challenge for the future is retaining control over personal information, which the German government is supporting with the introduction of a new electronic identity card in November.

The e-ID has been designed to enable internet users to provide only specifically required information such as age and place of residence to service providers.

All data transactions are protected, information is transferred only by a user's explicit consent, and service providers know the data is certified by the e-ID card, said De Maizière.

"The government has provided a robust foundation for the e-ID card, it is now up to service providers to adopt it and citizens to use it," he said.

"Governments can provide such foundations and set technical standards to encourage security by design, but we all have our own responsibilities," De Maizière said.

Read more on IT risk management