in-the-media
Why the German Military's Use of WebEx Is Fine, Actually
Contact
Programmes
Published by
Risky.biz
March 07, 2024
A senior Russian media figure has published a recording of German Ministry of Defence (Bundeswehr) officials discussing the implications of providing Ukraine with medium-range cruise missiles.
The story here is not that German security is poor, but that Russia is publishing raw intelligence to sow discord in the country.
Dr Sven Herpig, director of cyber security policy at German digital policy think tank SNV, told Seriously Risky Business, he thought using hardened Webex correctly would likely have prevented interception.
'Correct use' would have included enforcing encrypted connections, using regular hardened laptops or smartphones and connecting from an embassy network. (Dr Herpig previously worked for both the German information security office and its foreign office). It is possible to set up Webex meetings that enforce end-to-end encryption with verified participants.
Taking these steps is still not an absolute guarantee, but mitigates against all the scenarios outlined previously.
Dr Herpig noted that in this case that insecure dial-ins hadn't been disabled, no one noticed the 'call not secure' sign, and said that unfortunately "there is no patch for human stupidity".
Author
Dr. Sven Herpig
Lead Cybersecurity Policy and Resilience