Universities in Germany are increasingly becoming the target of cyberattacks. As large, intensively networked institutions with complex IT infrastructures and a high number of students and employees in research, teaching, technology and administration, they are particularly at risk. In view of the dangers, there is now an urgent need for action. The Executive Board of the German Rectors´ Conference (HRK) is therefore calling on the future federal government to make a determined effort to strengthen the cybersecurity of universities as a critical infrastructure with the appropriate funding. The HRK has compiled the measures to be taken in the recommendations of its Standing Committee on Digitalisation.
Hacker attacks in the past have shown how great the damage can be in a serious scenario: students and employees are left unable to access learning platforms or databases, sensitive research results, personnel or patient data can be leaked, project management is disrupted and the payment of salaries is jeopardised. Security authorities also rate the threat level as extremely high.
HRK President Prof Dr Walter Rosenthal said: “With targeted federal funding, the cybersecurity of universities can be improved very quickly, concretely and decisively. Taking action now will pay off immediately. Due to the international dimension of cybersecurity and the need for cross-state cooperation, the federal government shares responsibility for averting dangers.” The joint responsibility of universities, federal states and the federal government remains unaffected by this, he added. However, the federal government must combine, complete and consolidate the efforts of the universities and federal states, said Rosenthal. The HRK is open to innovative solutions and appropriate funding modalities, including approaches that involve multiple ministries.
The HRK committee´s recommendations to the federal government focus on risk prevention, improving early warning systems and intensifying relevant research. When defending against threats, it must be taken into account that universities also have access to data from research partnerships and that cyberattacks therefore potentially jeopardise the competitiveness of the German economy, the paper states. With regard to early warning systems, the flow of information between and with the intelligence services should be improved without interfering with university autonomy. Furthermore, the HRK expressly recognises the federal government's previous research funding for cybersecurity, but recommends additional projects for new protection and defence technologies.
