Hungarian experts to pick up the ‘cyber gauntlet’

A Voluntary Cyber Defence Collaboration is being set up to support a potential Hungarian cyber army

Upon the initiative of the professional platform and event called National Day of IT Security (ITBN) a collaboration of volunteers is being set up the members of which are information technology professionals safeguarding the security of important or critical computer system within their care. The objective of the platform is to react to cyber threats and attacks, hacker risks the critical and important information technology infrastructure of the country is exposed to in a coordinated and competent manner and to provide assistance to the government in their efforts of organising the protection of the cyber space of the nation, even in collaboration with an eventually set up Hungarian cyber army. The name of the civil initiative is Voluntary Cyber Defence Collaboration or KIBEV in shorthand.

In the past years information technology attacks against the critical infrastructure of nations and large businesses have multiplied worldwide. One after the other of the industrial electricity service providing, traffic control and other essential systems and the business and entertainment services thought to be absolutely safe so far turn out to be vulnerable to cyber attacks.

Key Pentagon suppliers, the IMF or Senators of the U.S. Congress were hit by hacker attacks in past weeks. According to the RISI database registering the attacks against critical infrastructure the number of cyber incidents hitting electricity service providers has grown by 30% in the period between 2009 and 2010, and information or controlling power obtained from each of the nations is abused in a new type ‘cyber extortion’, representing the single greatest risk in the cyber space according to certain research studies. British Minister of State for the Armed Forces, Nick Harvey stated end of May this year that ‘action in cyberspace will form part of the future battlefield … cyber-weapons are integral part of the country's armoury’. The words of the British politician are supported by the view voiced by American Secretary of State Hillary Clinton: ‘Cyber attacks are one of the new threats,…’.

Last year the computer virus Stuxnet, most probably developed by the U.S. and Israel to paralyse the Iranian nuclear programme opened up a new chapter in the history of threats affecting information technology and service provider systems (such as water and electricity supply, traffic control and the banking sector), to which the countries of the world reacted by taking clear measures. Iran and China built up a cyber army consisting mainly of hackers and trained to accomplish spying and sabotage missions. A similar model is followed by North Korea, it was leaked just a few days ago that she employs a hacker commando of 3000 members trained to obtain industrial and military secrets illegally and to make unauthorised access to the information technology systems of critical infrastructures in the target countries.

‘Each of such cyber attacks can be accomplished by relatively low costs and the involvement of only a few people. This is exactly the greatest risk of such actions.’ – cyber warfare research scientist Csaba Krasznay maintains. ‘Significant political and research efforts are needed in order to make cyber warfare accepted and effective in Hungary. It may be promoted by the fact that each of the leading world powers stressed the importance of cyber defence without exception.’

Recognising the threat the United States of America mobilised her 1000 head army called US Cyber Command, providing the defence to the U.S. cyber space, in full numbers by the end of 2010.  Pursuant to the decision made by the European Parliament the European Union will set up such an operative organisation from 2012 on which will deal with the supervision of large European information technology systems in Tallinn, Estonia, where the Cyber Defence Centre of Excellence, coordinating and studying the defence efforts of NATO member states is currently based. The same place a voluntary cyber army was set up to protect the information technology systems of Estonia herself, which country survived a cyber attack paralysing almost the entire nation back in 2007. England started a cyber weapon development programme and Germany announced at the end of this June that she has created a cyber defence centre in Bonn.

According to Arthur Keleti, chief organiser of ITBN and the brain behind the KIBEV: ‘There is a substantial exposure to cyber attacks of the European countries, including Hungary. Though the proper defence of the government backbone network is a serious factor limiting risks, protection of critical infrastructure is mainly in the hands of private companies which can or can not act for the information technology defence thereof at their own liberty and insight.’

The government has made attempts to specify the range of important infrastructure and to define a rules of procedure for their operation in case of emergency, but no real steps were taken so far in terms of information technology defence strategy. At the same time the attention of professionals operating critical information technology systems is turned to the defence of the systems in their charge as only appropriate communication amongst each other, knowledge sharing and disciplined, coordinated defence in case of emergency provide solutions against the new types of risk in the cyber space.

Voluntary Cyber Defence Collaboration (KIBEV) was established to unite operators of these systems to achieve actual goals. Operators are free to apply on a voluntary basis to be a member of the collaboration and following their admission they can be efficient members of the group who can carry out defence or – for that matter – attack operations in a coordinated manner.

Péter Jakab, Managing Director of MKB Bank Private Limited Company, Chairman of the Bank Security Working Committee of the Hungarian Banking Association pointed out in relation to the establishment of KIBEV: I think the most important in relation to the risks to be tackled by KIBEV is that it should be clear to everyone: these are not only theoretical possibilities, they are very much real threats. Actual incidents and all too real damages would basically only depend whether there is any interest or determination to conduct and accomplish an attack. Experience says that if these two factors are present independently, ’bad intentions’ would organise and obtain the sometimes not too substantial resources necessary for a successful cyber attack.

The PTA National Cybersecurity Center (PTA CERT Hungary) welcomes and supports  the KIBEV initiative. KIBEV would serve well as a support and help to protective and preventive operations PTA CERT Hungary has been doing since 2004.

The idea of preparation of a cyber strategy was raised in several fields of the public administration and more than one government agencies are currently busy with the issues of information technology defence. However, you can not predict at this point as to exactly when and which organisation or organisations will assume the job of protecting the Hungarian cyber space. Csaba Hende, Minister of Defence told the audience in a presentation held at the Szombathely University at the end of April: ‘As to the Hungarian Army, we also intend to keep pace with the times and according to our plans a cyber defence strategy will be set up during this year.’

‘The most efficient way of defence would be if the state considered the setting up of a voluntary cyber army.’ – Arthur Keleti says. ‘We can not establish such a body as a private initiative, but the competence and expertise of the professionals gathered under the umbrella of KIBEV can be offered to the leaders of the country. We are ready to cooperate with everybody who has done anything so far in order to defend the information technology systems of critical infrastructure in the nation. Time is up with the dramatic increase of the number of cyber attacks! A more serious cyber attack against Hungary may happen any time.’

Additional information on KIBEV can be accessed at www.itbn.hu/kibev (please select English version on the top of the page)

For admission as a member of the Voluntary Cyber Defence Collaboration please apply at the e-mail address This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

For detailed information on the ITBN please visit www.itbn.hu.

Statements and additional information:

Arthur Keleti, ITBN chief organiser, launcher of the KIBEV initiative

Telephone: +36 70 452 1107

Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it

On ITBN

Seven years ago representatives of the Hungarian information technology profession cooperated to create an independent forum representing the interests of all market operators and users. ITBN has by now surpassed the original concept: it now lasts for two days and is an exhibition and conference providing the first opportunity for presenting new products and innovation attracting nearly 2000 visitors; the current approaches held by the legal and business organisations determining the sector and by trade and supervisory bodies having an influence on the field are presented. All market operators and professionals who count are present at this event: beside those dealing with IT-security at the highest level auditors, security managers, manufacturers, organisation decision makers, consultants, distributors, business and company leaders as well as IT procurement officials attend regularly the event. Each year at the end of September a 100 security brands, 50 presentations, workshops and 50 exhibitors welcome the nearly 2000 interested parties at the largest information technology security defence event of Central and Eastern Europe at the ITBN.

Press background material

The purpose of the KIBEV:

• To achieve that the government specified the national body in charge of information technology defence of critical infrastructure and the cyber space of the nation, with which the KIBEV intends to commence professional cooperation efforts instantly.
• Provided Hungary decides to set up a cyber army on a voluntary or draft basis, the goal of the KIBEV would be to support such an organisation effectively.
• It is a not at all hidden objective of the KIBEV to achieve that the government felt responsibility for the defence of the national cyber space and the KIBEV will adapt its objectives and strategy to this.
• The KIBEV offers the professional knowledge and competence as well as the willingness to act of its members in order to serve the defence of the national cyber space.
• The KIBEV finds that raising the awareness of Hungarian citizens on cyber security both directly and through the activity of Hungarian non governmental organisations was of utmost importance. It will promote any such initiative and contribute to their implementation as its resources allow.
• The KIBEV wants to remain independent and therefore it welcomes system operators and security professionals or auditors from the client side who are ready to act for security. It will maintain direct and ongoing relations with market operators (manufacturers, integrators, consultants).
• The goal of the KIBEV is to achieve that a broad consensus be formed in Hungary on the determination of the range of critical infrastructure.
• The goal of the KIBEV is to effectively call the attention to the threats the cyber space is exposed to with special regard to those which may cause any trouble or disruption in the operation of the country.
• Through a communication network amongst the members the KIBEV intends to achieve that operators of critical infrastructure and important information technology systems maintained constant and effective connections with each other.
• The goal of the KIBEV is to maintain good and effective relations with the military, secret service and professional intelligence of Hungary, as a key tool of cyber defence is the promotion and assistance of cooperation and communication between these organisations.
• The KIBEV feels that it was its task to cooperate with all organisations and groups which have taken any substantial actions in protecting critical infrastructure information technology systems. We would like to cooperate with the professionals of the disaster relief operation, experts of encrypted and encoded communication and their supervision, radio intelligence and other special services, Hungarian representations at foreign military forces (such as NATO), the representation of Organisation for Security and Cooperation in Europe (OSCE) and additional organisations, who find that our initiative was important.
• The KIBEV finds that it was important to continuously maintain and develop cooperation with the national players defined in the respective laws and regulations (for instance PTA-CERT), and organisations representing market operators (for instance Alliance of Information Technology Business Organisations) and professionals (for instance ISACA).
• The goal of the KIBEV is to maintain active and good relations with similar organisations abroad and with cyber defence initiatives of other countries, to give way for information and knowledge exchange.
• Members of the KIBEV would like to support research projects related to cyber defence and cooperate with domestic educational and training institutions, institutes of higher education.

Basics of the KIBEV:

• We feel that it was our patriotic obligation to offer our knowledge acquired in the field of information technology security to serve our homeland, in order to allow Hungary use it for the purposes of defending the cyber space and critical infrastructure of the nation.
• We do not support and cooperate with organisations, persons conducting, and promoting or advertising malevolent information technology activities. We disapprove the malevolent activity of hackers and hold that such conduct was harmful for society as a whole.
• We accept as an axiom without demonstration that the cyber threat jeopardising the nation and its information technology infrastructure was real and something has to be done against it.
• Application for membership is voluntary but admission is not automatic. Admission of members is decided upon by a closed membership board dedicated by the KIBEV, with due observation of the Code of Ethics to be laid down later. We expect responsible members into our inner circle who operate systems the breakdown of which could be felt on the operation of the country.
• It is our firm intention to ensure that members provided useful contents to each other and we talk about actualities and clear professional actions in our communication.
• We find that it was important to boost substantial discussions between the members on professional basis and that we could build on the lessons learnt from them.

A few indicants of cyber attacks and data from the recent past hitting critical infrastructure and important business systems:

• According to the most recent estimate made by General Keith Alexander, commander of the American cyber army, US Cyber Command, some 250 000 attempts to break up the computer systems of the Pentagon are made daily.
• In March 2011 hackers broke the computer system of the company named Epsilon, dealing with marketing data mining. The system which was accessed sends out 40 billion electronic messages yearly. Intruders obtained the personal data of several clients.
• Hackers stole a total of 100 million bank card and personal data at the end of April 2011 from the Sony Playstation system, causing billions of dollars in damages to the firm. The Sony online service was out of order for a number of weeks.
• Hackers obtained personal data o 200 000 clients from the Citibank (Citigroup) system in May 2011 simply by getting access through a website.
• Not much mater in June 3.6 million data were stolen from the system of the game manufacturer Sega.
• In June 2011 the web page of the IMF was broken.
• In 2009 a hacker took over control of the water works in Harrisburg, Pennsylvania by accessing the laptop of an employee. This was the fourth attack against the system within a year. The attacker left this message: ‘A will penetrate your system like you do in Iraq’.
• At the end of 2009 the Itaipu hydropower plant, providing 20% of Brazil’s power and the entire electricity supply of Paraguay, was suddenly stopped. It happened 48 hours after a television report disclosing that the reason of outages and blackouts at two previous occasions in 2005 and 2007 was hackers’ attacks and 24 hours after the Brazilian government denying vehemently in public that hackers would have anything to do with the issue.
• According to reliable but secret sources a cyber attack hitting one of the American electricity companies in 2009 paralysed the entire electric power supply system.
• Several successful cyber attacks were made against electricity networks or critical infrastructure between 2001 and 2008 which entailed substantial damages in material terms. In 2001 400 000 Californian households were left without power for two days because of an attack hitting a server. In 2003 the Ohio Nuclear Power Station was paralysed by a worm, in 2005 a hacker penetrating the American dam system misled the measuring instruments and the system discharged several million litres of water