Why is cybersecurity weak in India

Over 50 vulnerabilities uncovered - the Bundeswehr's cyber security put to the test

Your name does not come easily, the Vulnerability Disclosure Policy of the Bundeswehr (VDPBw). In simple terms, the term is an invitation to hackers to actively inform the Bundeswehr of weaknesses in their IT systems, under legally permissible framework conditions.

The Bundeswehr officially called on October 22, 2020, and over 20 IT security researchers have already taken part in the search for security gaps and submitted numerous vulnerability reports. This is announced by the Cyber ​​and Information Space Command (KdoCIR) in a current report and at the same time draws an interim conclusion. "In general, the security level for the Bundeswehr IT has already been increased noticeably," summarizes Major General Jürgen Setzer, the Bundeswehr's Chief Information Security Officer.
 
In addition to configuration errors in the websites, "cross-site scripting" vulnerabilities were reported. Cross-site scripting (XSS) is one of the most frequently used attack methods on the web, in which the attackers embed your malicious code in actually trustworthy websites. In addition, the IT security researchers reported some cases of SQL injections, which could allow attackers to read information from databases without permission by means of a Structured Query Language (SQL) query. According to Major General Jürgen Setzer, some of the around 50 identified weaknesses have already been fixed, others are still being worked on.

In the run-up to the VDPBw, there was lively criticism of the cyber project. After all, thanks to the VDPBw, every hacker can hack the Bundeswehr systems without the risk of penalties. But here too the Chief Information Security Officer finds clear words.
 
"The Bundeswehr does not hold a 'Capture the Flag' event here where everyone can try it out," said the major general. The VDPBw precisely specifies the legal framework for professional vulnerability reporting by third parties. This expressly refers to all IT systems connected via the Internet, i.e. the websites of the Bundeswehr and its departments.
 
Finally, the KdoCIR reports that the Vulnerability Disclosure Policy is of course not the only measure in the fight against cyber attacks. In addition to this new addition, the command relies on security inspections, auditing and penetration testing, among other things.

Back to the list of posts