{"id":277472,"date":"2019-11-05T06:33:47","date_gmt":"2019-11-05T14:33:47","guid":{"rendered":"https:\/\/www.esri.com\/about\/newsroom\/?post_type=blog&#038;p=277472"},"modified":"2022-06-01T09:24:02","modified_gmt":"2022-06-01T16:24:02","slug":"german-cybersecurity-experts-use-gis","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis","title":{"rendered":"Cybersecurity: The Geospatial Edge"},"author":5252,"featured_media":0,"parent":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"sync_status":"","episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","castos_file_data":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","_links_to":"","_links_to_target":""},"categories":[931],"tags":[389442,389432,389412,389422],"industry":[],"esri-blog-category":[478532],"esri_blog_department":[478242],"class_list":["post-277472","blog","type-blog","status-publish","format-standard","hentry","category-spatial-analysis","tag-crimea","tag-germany","tag-hackers","tag-hybrid-warfare","esri-blog-category-analytics","esri_blog_department-public-safety"],"acf":{"video_source":"","video_start":"","video_stop":"","short_description":"German armed forces use GIS to visualize cybersecurity threats and communicate patterns of hacker activities to help thwart malicious attacks.","pdf":{"host_remotely":false,"file":"","file_url":""},"flexible_content":[{"acf_fc_layout":"content","content":"<h3><em><b>German Cybersecurity Experts Use GIS to Uncover Patterns of Attacks<\/b><\/em><\/h3>"},{"acf_fc_layout":"sidebar","layout":"standard","image_reference":null,"image_reference_figure":"","spotlight_image":null,"section_title":"","spotlight_name":"","position":"Right","content":"Key Takeaways\r\n<ul>\r\n \t<li>German cybersecurity experts use GIS to see geographic patterns of hacker attacks.<\/li>\r\n \t<li>A map helps communicate information to generals for clear visualization and awareness.<\/li>\r\n \t<li>Tracking malware and ransomware empower intelligence experts to understand connections among hacker groups.<\/li>\r\n<\/ul>","snippet":""},{"acf_fc_layout":"content","content":"When Russia annexed the Crimea region of Ukraine in February and March 2014, it shocked the world and was a surprise even to many experienced analysts and organizations monitoring Russian activity. But a few experts saw indications and telltale signs beforehand.\r\n\r\nVolker Kozok, a lieutenant colonel and cybersecurity expert in Germany's armed forces, was one of those few. He tracks digital security threats and devises countermeasures. The job gives Kozok a front-row view into the current age of hybrid warfare.\r\n\r\nToday's military conflicts rarely play out only on physical battlefields. They are just as likely to include cyber attacks; assaults on critical infrastructure; and various forms of <a href=\"https:\/\/globalsecurityreview.com\/hybrid-and-non-linear-warfare-systematically-erases-the-divide-between-war-peace\/\">weaponized information<\/a>, intended to sow seeds of confusion and insecurity in a population.\r\n\r\nIn the case of the Russian invasion of Ukraine, what Kozok and his colleagues noticed in January 2014 was a clandestine opening salvo from Russia. They observed that Russia was installing what looked like an undersea cable across the Strait of Kerch, a narrow waterway between the Black Sea and the Sea of Azov. As they monitored progress on the 46-kilometer cable, it became apparent that its end point was the peninsula of Crimea.\r\n\r\nThe cable's existence strongly suggested Russia was making a move to connect Ukraine's critical infrastructure with Russia's. In particular, it looked like Russia's cable would carry high-speed internet communications that could bypass Ukrainian service providers."},{"acf_fc_layout":"image","image":283522,"image_position":"center","orientation":"horizontal","hyperlink":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/10\/Ukraine_Sea_Cable.jpg"},{"acf_fc_layout":"content","content":"<h3><strong>The Team Plots the Progress of Hybrid War<\/strong><\/h3>\r\nKozok's team members bolstered that inference through the sophisticated use of geographic information system (GIS) technology. They could examine the cable's construction in the context of location on a map that showed the world's undersea cables and the nodes that connect the internet. From this, the team could deduce that Russia was aiming to control online communications. In the annals of warfare, it was a defining moment.\r\n\r\n\"It was the first time a country had organized a military attack while also being very smart about planning for connectivity using a sea cable,\" Kozok explained. \"Someone had to drive to Crimea as a tourist [before the invasion] and figure out the cable's entry point. They had to make those plans without actually controlling the country.\"\r\n\r\nRussia continued to employ hybrid war techniques in Ukraine. Russian hackers launched a cyber attack against Ukraine's power grid in 2015, cutting off electricity to 250,000 people. Almost exactly a year later, hackers caused another blackout.\r\n\r\nIt is now abundantly clear that cyber attacks present a danger to more than computer systems. Cybersecurity must now include the critical infrastructure\u2014including utilities\u2014that undergirds communities."},{"acf_fc_layout":"image","image":277432,"image_position":"center","orientation":"horizontal","hyperlink":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/10\/Infrastructure_Attack.jpg"},{"acf_fc_layout":"content","content":"<h3><strong>The War Comes to Germany<\/strong><\/h3>\r\n\"The cyber warfare in Russia and Ukraine is one of the main interests in Germany, because we saw a lot of similar hacking,\" Kozok said. \"We see hacks against NATO and against German governmental and commercial systems. Our intelligence community has developed a wide-ranging response to this undeclared cyber war.\"\r\n\r\nAs hybrid warfare has evolved, experts like Kozok have developed a \"hybrid intelligence\" approach. In the past two years, Germany's armed forces refined its capabilities by using GIS to organize large amounts of intelligence data in the context of location.\r\n\r\n\"First, you have to bring together the raw data you have in different IT forms,\" Kozok said. \"Then you have to combine it with the information from other sources. You need the cyber intelligence expert working in close cooperation with the geoexpert to find the best solution and visualization.\""},{"acf_fc_layout":"quote","image":277392,"text":"You need the cyber intelligence expert working in close cooperation with the geoexpert to find the best solution and visualization.","author_name":"LTC Volker Kozok","author_profession_organization":"Germany's armed forces"},{"acf_fc_layout":"content","content":"<h3><strong>Location Intelligence Meets Cyber Intelligence<\/strong><\/h3>\r\nData analysis takes many forms. It can be as basic as visualizing a terrorist attack against the backdrop of a city's underground infrastructure, or as complex as plotting the spread of propaganda by using artificial intelligence to sift through social media feeds.\r\n\r\nThe hybrid approach has proved especially useful in handling a barrage of cyber attacks against German interests in recent years. Many attacks appear to originate from Winnti, a group of hackers headquartered in China. By adding a location component to related data, officials can more easily assess the problem and take action.\r\n\r\n\"If I show a general some source code, he won't understand what I'm doing,\" Kozok said. \"But if I can show him on a map that a Winnti tool has been attacking certain parts of Europe, he might see that it's mostly in the European Union, or perhaps it's an attack on NATO, which means the military is probably involved. With another map layer, I can show him how many of the attacks are against chemical companies.\"\r\n\r\nKozok has found that <a href=\"https:\/\/www.esri.com\/en-us\/location-intelligence\">location intelligence<\/a> provides a common parlance to understand cyber intelligence. \"The generals understand that the world belongs on maps,\" he said. \"It's how we show them the connections linking every analysis we have.\"\r\n\r\n&nbsp;\r\n\r\nLearn more about how national and corporate security experts use GIS to <a href=\"https:\/\/www.esri.com\/en-us\/landing-page\/industry\/government\/2018\/cybersecurity\">manage cybersecurity activity<\/a>."},{"acf_fc_layout":"image","image":277442,"image_position":"center","orientation":"horizontal","hyperlink":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/10\/Analysis_Dashboard.jpg"},{"acf_fc_layout":"sidebar","layout":"standard","image_reference":null,"image_reference_figure":"","spotlight_image":null,"section_title":"","spotlight_name":"","position":"Center","content":"<h3><strong>Learning from Today's Attacks <\/strong><\/h3>\r\nCyber warfare, often state sponsored, is a pressing issue because of the impact a virtual attack can have on our hyperconnected world.\r\n\r\nIn recent years, Germany has dealt with a relentless barrage of cyber attacks, many of them from Winnti, a Chinese hacking group that uses malware of the same name. In one of the more notorious incidents, Winnti infiltrated the German pharmaceutical giant Bayer AG in April 2019, though the company reported that it contained the damage and prevented data theft.\r\n\r\nVolker Kozok, a cybersecurity expert with the German armed forces, thinks the hidden nature of these incidents makes them easy to downplay. \"People don't talk as much about the Winnti attack against Bayer that came from China, but something like that is potentially more dangerous to Germany, as a country, than the cyber attack against a German member of parliament in 2019,\" he said.\r\n\r\nPart of what makes cyber attacks so threatening is that they appear unconstrained by geography. They seem to come from nowhere and can happen anywhere. Yet there is a location component to cybersecurity. Although it's difficult to prevent something like the ransomware attacks that recently <a href=\"https:\/\/www.baltimoresun.com\/politics\/bs-md-ci-it-outage-20190507-story.html\">targeted<\/a> government servers in Baltimore, GIS can help experts both manage attacks as they occur and analyze them in the aftermath.\r\n\r\nTo <a href=\"https:\/\/www.esri.com\/library\/whitepapers\/pdfs\/geospatial-approach-to-cybersecurity.pdf\">map a cyber attack<\/a>, an expert might study GIS map layers of people using the network, the devices they use, the logical connections that comprise the network, and the geographic location of servers.\r\n\r\nGroundbreaking work in cyber intelligence from people like Kozok should be a model for cybersecurity experts. Aided by GIS, Kozok has learned an extraordinary amount of detail about the cyber attacks that roiled Germany. By mapping Winnti cyber attacks and observing subtle differences in their code, he draws conclusions regarding their origin.\r\n\r\nHe can tell in which country the developer likely learned to program. The data can also reveal whether the source is the original Winnti group or a looser affiliation of hackers, which would suggest that Winnti is peddling its code on the dark web. By mapping these variations, German armed forces gain insight on how to prevent future attacks.","snippet":""}],"references":null},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cybersecurity: The Geospatial Edge<\/title>\n<meta name=\"description\" content=\"The German armed forces track the origin of malware and ransomware attacks, and the geographic pattern of targets, to understand cybersecurity threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity: The Geospatial Edge\" \/>\n<meta property=\"og:description\" content=\"The German armed forces track the origin of malware and ransomware attacks, and the geographic pattern of targets, to understand cybersecurity threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis\" \/>\n<meta property=\"og:site_name\" content=\"Esri\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-01T16:24:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/10\/Computer_Hacker_826.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Esri\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis\",\n\t            \"url\": \"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis\",\n\t            \"name\": \"Cybersecurity: The Geospatial Edge\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#website\"\n\t            },\n\t            \"datePublished\": \"2019-11-05T14:33:47+00:00\",\n\t            \"dateModified\": \"2022-06-01T16:24:02+00:00\",\n\t            \"description\": \"The German armed forces track the origin of malware and ransomware attacks, and the geographic pattern of targets, to understand cybersecurity threats.\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/www.esri.com\/about\/newsroom\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Cybersecurity: The Geospatial Edge\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#website\",\n\t            \"url\": \"https:\/\/www.esri.com\/about\/newsroom\/\",\n\t            \"name\": \"Esri\",\n\t            \"description\": \"Esri Newsroom\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/www.esri.com\/about\/newsroom\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": {\n\t                        \"@type\": \"PropertyValueSpecification\",\n\t                        \"valueRequired\": true,\n\t                        \"valueName\": \"search_term_string\"\n\t                    }\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/e37287b6a059b6f890123e8ae01efe9f\",\n\t            \"name\": \"Ben Conklin\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/image\/\",\n\t                \"url\": \"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/02\/Conklin_Ben.jpg\",\n\t                \"contentUrl\": \"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/02\/Conklin_Ben.jpg\",\n\t                \"caption\": \"Ben Conklin\"\n\t            },\n\t            \"description\": \"Ben Conklin was the industry manager for Defense and Intelligence at Esri. Prior to joining Esri, Conklin was a platoon sergeant and terrain analyst in the US Marine Corps, where he was assigned to a variety of special duties and exposed to the forefront of technology. He stays in touch with the changing mission of Defense and works to advance the application of GIS to all manner of security and intelligence challenges. Before becoming defense industry manager, where he guides strategy and marketing, Conklin managed the defense solutions team at Esri where he worked on software development. Conklin holds a bachelor\u2019s degree from American Military University and a master\u2019s degree in Integrated Design, Business and Technology from the University of Southern California.\",\n\t            \"url\": \"https:\/\/www.esri.com\/about\/newsroom\/author\/ben_conklin\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cybersecurity: The Geospatial Edge","description":"The German armed forces track the origin of malware and ransomware attacks, and the geographic pattern of targets, to understand cybersecurity threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity: The Geospatial Edge","og_description":"The German armed forces track the origin of malware and ransomware attacks, and the geographic pattern of targets, to understand cybersecurity threats.","og_url":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis","og_site_name":"Esri","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2022-06-01T16:24:02+00:00","og_image":[{"url":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/10\/Computer_Hacker_826.jpg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_site":"@Esri","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis","url":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis","name":"Cybersecurity: The Geospatial Edge","isPartOf":{"@id":"https:\/\/www.esri.com\/about\/newsroom\/#website"},"datePublished":"2019-11-05T14:33:47+00:00","dateModified":"2022-06-01T16:24:02+00:00","description":"The German armed forces track the origin of malware and ransomware attacks, and the geographic pattern of targets, to understand cybersecurity threats.","breadcrumb":{"@id":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/about\/newsroom\/blog\/german-cybersecurity-experts-use-gis#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/about\/newsroom"},{"@type":"ListItem","position":2,"name":"Cybersecurity: The Geospatial Edge"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/about\/newsroom\/#website","url":"https:\/\/www.esri.com\/about\/newsroom\/","name":"Esri","description":"Esri Newsroom","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/about\/newsroom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/e37287b6a059b6f890123e8ae01efe9f","name":"Ben Conklin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/02\/Conklin_Ben.jpg","contentUrl":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2019\/02\/Conklin_Ben.jpg","caption":"Ben Conklin"},"description":"Ben Conklin was the industry manager for Defense and Intelligence at Esri. Prior to joining Esri, Conklin was a platoon sergeant and terrain analyst in the US Marine Corps, where he was assigned to a variety of special duties and exposed to the forefront of technology. He stays in touch with the changing mission of Defense and works to advance the application of GIS to all manner of security and intelligence challenges. Before becoming defense industry manager, where he guides strategy and marketing, Conklin managed the defense solutions team at Esri where he worked on software development. Conklin holds a bachelor\u2019s degree from American Military University and a master\u2019s degree in Integrated Design, Business and Technology from the University of Southern California.","url":"https:\/\/www.esri.com\/about\/newsroom\/author\/ben_conklin"}]}},"_links":{"self":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/blog\/277472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/users\/5252"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/blog\/277472\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/media?parent=277472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/categories?post=277472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/tags?post=277472"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/industry?post=277472"},{"taxonomy":"esri-blog-category","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/esri-blog-category?post=277472"},{"taxonomy":"esri_blog_department","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/esri_blog_department?post=277472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}