Atlantic Council

From René Obermann, International Herald Tribune:  Last year, Deutsche Telekom (I am the chief executive) started to disclose information about cyberattacks. To institutionalize this approach, we organized — together with the Munich Security Conference — a Cyber Security Summit with major German industries. The positive reception encouraged us to set up a follow-up summit in 2013.

A “neighborhood watch” is key to success in cyberdefense. We need to establish “single points of contact” for rapid alerts and information exchange across all industries. A good role model for this is the Community Emergency Response Team (CERT) in the information technology sector. To create additional awareness, we are developing a “real time situation monitor” with an actual overview on imminent cyberthreats. Sharing information while an attack is happening will allow us to update our security measures in real time.

Transparency about cyberattacks has only just begun and we need to accelerate our efforts. Attackers use the advantages of combined forces. They bundle the power of hundreds of thousands of computer systems in botnets in order to carry out large-scale attacks.

Why don’t we take the same approach when it comes to cybersecurity? Voluntary information sharing is one element of such a collaborative effort; another could be to share the resources already in place, including expert know-how, to make our defensive efforts more powerful and efficient.

Industry, for the most part, is willing to do what it takes to secure cyberspace. Other stakeholders have to do their homework as well. A concern of industry is that rules and regulations have not kept pace with the technological developments — both in offense and defense. . . .

All stakeholders in the Internet ecosystem should join this “collective cybersecurity alliance.” Hardware and software suppliers have the same responsibility for cybersecurity as infrastructure providers, and must act on it. Once a vulnerable product has been supplied, it is almost impossible to achieve an appropriate level of security. The I.T. industry has to rethink this. Cybersecurity will become more of a consideration for consumers. . . .

In the long run, we simply cannot afford to lag behind the bad guys. To be sure, we will not erase cyberattacks, much as we are unable to erase crime. But we must at least aim to control and contain it, lest we find ourselves on the losing end of a battle that threatens our prosperity, public safety and ultimately national security.

René Obermann is the chief executive officer of Deutsche Telekom.