Luxembourg facing 1,000 cyber attacks a year

GovSatCom EU defence and security conference took place in Luxembourg on 24 February  Delano

GovSatCom EU defence and security conference took place in Luxembourg on 24 February  Delano

Pascal Steichen, founder and CEO of securitymadein.lu revealed during a panel discussion at the GovSatCom EU defence and security conference on 24 February that Luxembourg has been experiencing “an increase in cyber-attacks over recent years, levelling out at about 1,000 a year.”

Steichen, who was shared a panel with UK & Europe regional director for Lockheed Martin Space, Nik Smith, and chief strategy officer of RHEA Group Pascal Rogiest, discussed cyber threats and space security.

The functioning of government and military today more than ever depends upon space systems and their reliable function. As outlined by defence minister François Bausch in his opening speech “this means we are becoming more vulnerable to potential threats.”

And because of this, cyber and space has become the new frontier for warfare. “We see attacks going on that we cannot detail here,” revealed Rogiest.

China and Russia openly talk about this and have designed capabilities to deny and disrupt space systems.

Delano reached out to a cybersecurity research student in Luxembourg who detailed how “due to the digitalisation process undertaken thanks to the covid crisis there has been an approximate increase of 300% of cyberattacks.”

The research student, previously employed by KPMG, recounted a case with a client where hackers had gained access to their folders and locked them out. “Most hackers will blackmail for access, demanding [payment in] crypto because it’s untraceable.”

This dramatic rise in corporate cyber attacks is in the main due to the fact people are working from home and using VPNs which are easy to hack, giving access to critical company data, information, and software.

“Most vulnerability often comes from human error and software,” says Steichen.

Resilience to cyber attacks is a regulatory requirement for critical entities in the Luxembourg financial sector. They must be able to ensure their own resilience as well as that of the financial sector as a whole, following the joint adoption by the Central Bank of Luxembourg (BCL) and the CSSF of the European framework, Tiber, aimed at testing the response capacity of banking institutions to simulated cyber attacks.

The CSSF expects regulated entities to put in place both detective and preventive cyber security measures as well as mitigation and continuity measures for their critical activities. In case of a cyber attack, a financial institution is obliged to report it to the CSSF, which then ensures that the entity concerned effectively manages the incident and that an action plan is put in place to prevent the same incident from happening again.

Rogiest said he would like to see the nation states of Europe adopt a similar communication network to that employed by Luxembourg banks, allowing them to respond to cyber attacks at a moment’s notice.

While Lockheed Martin’s representative stated that today, to help industry, we need “collective standards for nation states to adhere to” articulating the critical nature of space for deterrence purposes.