The language of sysadmins is actually simple. How does politics come to believe that “shutting down” attacking servers is not a “counterstrike”?
Enjoy life, sysadmins, because today is your day! Today users come by, bring cakes and flowers and Fassbrause for all the help, handouts and hotline meetings that the year has brought with it. Maybe even the weird guys from the home offices come who mistake their Fritzbox for a firewall, but regularly forget to turn on the microphone in teams, Zoom or Big Blue Button, instead open a support ticket and then promptly can no longer be reached. Maybe they just send a self-made admin heart emoji.
Historically, Sysadmin Day is said to have been declared by a sysadmin named Ted Kekatos on July 29, 23 years ago. According to Wikipedia, Kekatos was inspired by a Hewlett-Packard ad in which employees at a company gave flowers and fruit baskets to their sysadmin for installing a new printer. From today’s perspective, it is difficult to understand why a company advertises that its printer is extremely difficult to install.
They still exist, the good things
But they still exist, the good things: Just think of the news from December 2021 that this very company Hewlett-Packard had a barn door-sized security hole in more than 100 MuFu printers, which invited the greatest mischief. In cooperation with the company F-Secure and many, many sysadmins, the gap was finally closed.
The F in Secure stands for Finland, populated by quirky music groups and people with dry humor. One of them is Mikko Hyppönen from F-Secure. A few days ago he gave a noteworthy keynote at a hacker camp in the Netherlands. In a nutshell, Mikko compared the power grid and the Internet: If the power grid fails, modern societies are at the end of their rope within a few days. If the Internet goes down, there are numerous problems, for example with payments and transfers, but society could continue to produce and exist. If you follow Mikko’s train of thought, with increasing dependency on the data network, the time will come when an internet failure will resemble a power failure in its consequences and can flatten an entire country.
Cybersecurity for everyone
AGKRITIS pointed out this point in an open letter on Germany’s cyber security strategy a year ago. The independent working group includes security consultants, KRITIS examiners such as Manuel “HonkHase” Atug, but also many people who have got to know life and suffering as an admin in the course of their careers. In an open letter, before the federal elections, they called for a strategy that is based on the cyber security of all sectors and is not unilaterally geared to the needs of the security authorities.
Now the elections are over, a traffic light has been installed and shortly before Admin Appreciation Day and thus before the summer break, the Federal Ministry of the Interior presented its new cyber security strategy. The AG KRITIS found the result insufficient and spoke of “cyber security neglect”.
Hot jobs
Are you currently looking for jobs in the field of tech and IT? Current offers can be found at jobs.voonze.de
old wine
Old wine in new bottles is just as unpalatable for AG KRITIS under the new federal government as it was under the previous government. In particular, the proposal to set up sector-specific CERTs (Computer Emergency Response Team) in the individual KRITIS areas was rejected by the KRITIS working group: “We do not think sector-specific CERTS make sense. In this context, we think it would be more expedient to strengthen the country CERTS and expand, expand the MIRT (editor’s note: Mobile Incident Response Team) and the CERT-Bund and create a cyber aid organization.”
Admins in large companies who have to work with different CERTs when the warning lights go on and the network security AI complains will certainly support this view of things. It is just as certain that the day of honor cake will get stuck in your throat when you hear how the new Federal Minister of the Interior raved somewhat awkwardly about the hackback, which is not an active counter-attack, but the simple shutdown of a disruptive server:
Parking is something else
“A hackback is an aggressive counter-attack, which means that we would actively fight and counter another server – possibly a foreign one – with state funds, nobody wants that,” said Nancy Faeser (SPD). “What the State Secretary Richter addressed is that an attack can be so strong that at some point we are forced to access the server and shut it down, but shutting it down is something other than aggressively hitting it and launching attacks yourself, nobody wants that .”
Yes, if it were that easy, we wouldn’t need any more admins in the end, just a couple of stalls. So enjoy life, dear admins, and enjoy the day as long as there are still cakes and cookies or a fruit basket and this small gesture is not turned off.
