Actions Must Follow an Increased Awareness of Security

Joachim von Gottberg
Joachim von Gottberg

Mr. von Gottberg, who needs this initiative?

Gottberg: Everyone. Security vulnerabilities can affect all of us. The Internet is becoming more and more important to society. Just think of online banking and online commerce. But it’s a very open and rather anonymous system, which makes it vulnerable to attacks. And the attacks can cause enormous harm to both companies and individuals. Some of the content available on the Internet goes far beyond societal taboos and can harm children and young people. Our initiative has come up with some ideas to counter such dangers.

How can your initiative foster a greater awareness of security issues?

Gottberg: Interestingly, the catch is not a lack of security awareness, but of how to deal with a concrete situation. In this regard, users in Germany are more careless than those in other countries. Only six percent of German users have installed optimal protection on their computers, but 19 percent of users internationally have done so. Everyone works the same way. If nothing has happened for a long time, you become lazy. You become cautious only after you have become a victim.

At DsiN, we want to undertake specific actions and public service work to remind users of these risks on a regular basis. At the same time, the partners involved in DsiN do everything they can to redefine security risks on a regular basis and to develop optimal countermeasures for new risks as quickly as possible. Last year, for example, we sent a security truck to several large cities in Germany. Users could bring their computers to the truck and have them inspected according to security standards. As a result of this campaign, more than 300,000 people had their computers inspected and then updated with optimal protection. Users can download the appropriate security software free of charge. We hope thousands of users will secure their computers better. With this campaign, we saw that it’s not enough to make and provide what’s technically possible. More than anything else, we have to convince people to use what’s available. And that only happens with public awareness.

Have you already had measurable success?

Gottberg: Like many similar initiatives, DsiN is not a nonbinding debating club. All partners are much more involved in at least one of the eight promised actions that they have committed to solve within a specific period:

  1. Media competence for children and young people
  2. One security check available to everyone
  3. A learning package for secure online commerce
  4. An IT security package for midsize companies
  5. Security tips for software developers and students
  6. Setup of online application centers and free public key infrastructure (PKI) certificates for up to 10,000 small and midsize companies
  7. Development of a security barometer for threats on the Internet that require immediate action on the part of individual Internet users
  8. Setup of a complaint registry on illegal and damaging Internet content.

We hope to go live with the security barometer by the end of 2006, but we have already fulfilled all other promised actions in 2005. The reaction of individual users to the promises has varied, which is simply the nature of the beast. For example, training software developers is very important, but users don’t really notice how they benefit from it – their programs crash less often in the future.

What actions is the initiative undertaking in 2006?

Gottberg: First of all, we’ll hold our first evaluation summit on April 25 and summarize the situation. Were our promised actions sensible? How were they accepted? What gaps still have to be closed? The initiative was first created to continue for a year, but the very positive reaction to it is making us think about how it can become permanent. We will develop additional promised actions, but we don’t know what they will be or how many there will be until after we analyze the current situation.

What was your special promise?

Gottberg: The first one on the list affected me personally as a representative of the German Children’s Aid Society: children should be sensitized to security risks. That’s why the Children’s Aid Society set up an Internet portal for children. An animated figure, something like an Internet detective, shows areas of the Internet that are risky for children. It’s a lot of fun, and it also teaches children how to surf the Internet safely. For example, it teaches them not to give out any personal data and to behave cautiously in chat rooms. The message here is similar to the message we want to get out in general: Be skeptical! When the security truck was on the road, children could check out the Internet. They were enthusiastic. In December 2005, we began to distribute a case with teaching material on media to accompany the portal. Since then, it has been distributed to all schools in Rhineland-Palatinate, the first German state to achieve complete distribution. Little by little, we will distribute the case to the remaining states.

How will DsiN measure its progress?

Gottberg: With our own name, actually. The slogan “Germany: Safe on the Internet” is already our long-term goal, but it cannot be completely reached, of course. Complex systems are never free of disruptions. We’re not talking about absolute security, but about optimal security. That’s how we want to measure our progress.

How does collaboration among the various participating organizations in DsiN work?

Gottberg: Ultimately, everyone benefits from collaboration. Perhaps that’s why it works so well. We have successfully dealt with various issues – from the fight against viruses to protecting children. Basically, all those involved in Internet security issues are our natural allies. So far, I have been unable to find any competing initiatives outside of DsiN. Everyone who has something good to offer can become part of our initiative. At the beginning, some participants were a bit leery. In particular, the smaller corporate partners were afraid that the stronger partners would dominate the project, but that fear has been set aside.

What economic benefits do the participating companies expect from the initiative?

Gottberg: First of all, every failure of a server because of viruses costs a lot of money, and no one knows whom it will affect next. That’s why it’s in the interest of companies that use the Internet for business to do everything they can to encourage security.

Wouldn’t an international initiative for Internet security be more effective?

Gottberg: First things first. DsiN has only been operating for a year. We’ve accomplished a lot and have gained a lot of experience. When we continue to work well in Germany and produce verifiable success, I can imagine that other countries will develop similar initiatives that will work with each other.

Will we still have to talk about Internet security in 10 years?

Gottberg: Yes. In all likelihood, the attacks then will be completely different, but attackers will always find a wide and comprehensive communications system of interest.