Snooping Fears: German Firms Race to Shield Secrets

By

The ruins of a former Cold War NSA listening post on the outskirts of Berlin. Zoom
DPA

The ruins of a former Cold War NSA listening post on the outskirts of Berlin.

Edward Snowden's revelations about data surveillance have left German firms feeling acutely vulnerable to industrial espionage. In the medium-sized business sector, which contains a host of world leaders in high-tech fields, the race is on to shield vital know-how.

Markus Stäudinger is a cautious person -- especially when he's sitting in front of his computer. He's an IT security expert at Gustav Eirich, a southern German engineering company that makes industrial mixing equipment, and he has been encrypting his emails for years. "While I was typing I always had in the back of my mind that it could still be deciphered," says Stäudinger, 48. He has tried to entrench that mindset in his company.

Stäudinger has spent years trying to enhance the security of Eirich's data and communications. He kept telling colleagues to be careful when dealing with sensitive information. He installed extra security features on notebooks and smartphones before they were taken off company premises. Some of the firm's 750 employees probably shook their heads at all this paranoia. But now, after the NSA revelations of whistleblower Edward Snowden, they all know that Stäudinger was right. "We were always aware that the intelligence services and business work closely together in the US," said the IT expert. "When we heard about what's been going on, it didn't hit us completely out of the blue."

Other companies were taken by surprise, though. Be it Prism, Tempora or XKeyscore, reports about mass electronic surveillance and tapped Internet hubs and trans-Atlantic data lines have alarmed German companies. Many firms are now worried that the intelligence services aren't just trying to pinpoint terrorists but to get at German industrial secrets as well. They fear that their lead over US, British and French competitors could be at risk. And they've suddenly realized that they've got to do something to protect themselves against the organized theft of data.

"The reports of the activities of intelligence services are a wake-up call for many companies. It sent alarm bells ringing," said Rainer Glatz, director of product and know-how protection at the VDMA German engineering association. In the past, warnings of hacker attacks and IT espionage often fell on deaf ears. But now Germany's small and medium-sized business sector, or Mittelstand, often described as the backbone of the German economy, has woken up to the risk. "There is growing sensitivity," said Glatz. "In many firms, the management boards are now thinking about how they can shield themselves better."

Spying Causes Billions of Euros in Damage

Action is urgently needed. At most, only one in four Mittelstand firms has an IT security strategy, said Christian Schaaf, founder of the Munich-based consultancy Corporate Trust. Many have limited themselves to a simple firewall and a few anti-virus programs. But that's not enough to keep out professional hackers, let alone the likes of the NSA. "Many companies are starting to realize that they have to cast a safety net over their data," said Schaaf.

There's plenty to spy on in the Mittelstand, with its thousands of high-tech businesses, ranging from newly developed products to production processes and process control systems, as well as customer lists and price offers in contract tenders. Germany's domestic intelligence agency, the Office for the Protection of the Constitution, estimates that industrial espionage causes damage totalling between €30 billion and €60 billion ($40 billion to $80 billion) per year. No one knows the exact figure because companies in Germany and across Europe tend to keep quiet when they find out they have been spied on. There are a number of reasons for this: They're afraid of copycat espionage, they don't want to reveal to potential new attackers where their weak points are and what they're doing to protect themselves. And they're afraid that they may lose customers if their data leaks become public.

Engineering company Gustav Eirich would be worth spying on. The 150-year-old, family-owned business from Hardheim in the Odenwald region of southern Germany is among the world leaders in its field. Eirich's machines can mix chemicals and all sorts of materials faster, more thoroughly and more efficiently than those of its international competitors. This is thanks to a host of inventions and innovations that the company has had patented. "Our know-how is our big competitive advantage," said security chief Stäudinger. And Eirich is doing all it possibly can to protect that lead.

Possible Boost For German Data Security Firms

The company refrains from storing information in foreign data processing centers. Video conferences, data transmission and emails -- Eirich handles all that via its own cloud server. Skype is forbidden, and the use of Facebook is discouraged. All staff members are given clear instructions to avoid any unintentional releases of sensitive data. As a rule, the company encrypts all emails it sends outside the firm, if the clients go along with that, and they use German software to do the encrypting. "With US programs the intelligence agency will definitely have the general key," said Stäudinger. "That's why we try to use domestic products whenever we can." In Germany, security authorities usually don't get access to the algorhythms of firms that offer encryption.

Germany's comparatively strict rules on data privacy protection represent a possible competitive advantage for German suppliers of IT security. Data processing centers based in Germany have been enjoying a strong increase in demand of late, said Gatz, VDMA's IT security expert. Providers of private clouds such as Demando, a subsdiary of the Kaiserslautern municipal utility company, offer their customers their own server cabinets and can even make exclusive glass fiber lines available to them so that they don't have to send sensitive data through the Internet.

However, even such lines can be tapped into, and almost every encryption code can be cracked. "You can never guarantee 100 percent security," said Stäudinger. "We know there's a residual risk. But we set the hurdles as high as possible." Maybe that will make potential attackers seek easier targets: among companies with less distrustful security chiefs.

Article...
  • For reasons of data protection and privacy, your IP address will only be stored if you are a registered user of Facebook and you are currently logged in to the service. For more detailed information, please click on the "i" symbol.
  • Post to other social networks

Comments
Discuss this issue with other readers!
6 total posts
Show all comments
    Page 1    
1. The vulnerability is more than a feeling
greanknight 07/24/2013
Snowden's revelations should make firms aware that their vulnerability to industrial and commercial espionage is not just a feeling but a reality. And Snowden's revelations didn't make firms more vulnerable to industrial espionage; instead it made them aware of what has been going on. I would say, "Edward Snowden's revelations about data surveillance made German firms acutely aware how vulnerable they have been to industrial espionage."
2. optional
spon-facebook-10000252410 07/24/2013
Just what kind of trade secrets would Google, Facebook, or Microsoft want to steal from Germany? I can't think of any. Silicon Valley is way far ahead...
3. optional
delia 07/25/2013
Yes, Silicon Valley is "way far ahead" -- and now we know why. I would hope the race is now on to see which tech firm can create the best soft- and hardware for foiling the NSA programs, as I don't expect the US Congress to get very far in bringing the NSA under control. America's war on whistleblowers and other programs that we don't know about will simply make sure that the NSA can carry on with business as usual, despite the band-aid approach which Congress will eventually settle for.
4. Spying
plutocrat 07/27/2013
Germany as the rest of EU holds more patents and knowledge than US. Beside that vast majority of scientists working in US are not of US origin or US nationals. There is about 90.000 German scientists plus all other. US has extremely bad educational system but have money to attract foreign scientists by offering then unprecedented commercial rewards, which they cannot achieve in EU due to legal regulations. Americans are good in this what they are doing now - stealing, spying, having double standards, bullying everyone including their friends. Sadly world would be better place without US as it is now.
5. NSA-CGHQ are a symptom of the advent of a NEW ERA post WW II…
titus_norberto 07/29/2013
At the end of WW II USA was the “last man standing”, I mean the ONLY industrialized nation with its infrastructure INTACT. The UK managed (were allowed…) to take a slice of the CAKE via FINANCES even though it ended broken and without empire…. Now, 2013, USA has lost practically ALL that competitive advantage to China (consumer goods and even high-tech), Russia (weapons and natural resources), and even Germany (high tech), despite her diminutive size in comparison to the continent-sized nations in terms of land and population (which is an amazing achievement), so they teamed with the UK and Israel in order to MAINTAIN that competitive advantage at all costs per fas et nefas…. Therefore, yes, I do agree with the fact that “terrorism” is an excellent excuse to whitewash many dirty things including COMMERCIAL ESPIONAGE…
Show all comments
    Page 1    
Keep track of the news

Stay informed with our free news services:

All news from SPIEGEL International
Twitter | RSS
All news from Germany section
RSS

© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH



Photo Gallery
Photo Gallery: Timeline of the NSA Spying Scandal


European Partners
Presseurop

Politiken

Corriere della Sera

Renzi Ups the Pace

50 Italians Fighting with ISIS


Facebook
Twitter