Critical infrastructure: hacking on behalf of BKW

To stay ahead in the fight against ever-emerging security vulnerabilities, BKW’s Group Security relies on collaboration with «ethical hackers».

by , Published on 16. February 2022 3 min Reading time

The best protection against hackers is to use them yourself. Sounds dangerous, but it is not. To stay ahead in the fight against ever-emerging security vulnerabilities, BKW’s Group Security relies on collaboration with «ethical hackers».

No sooner has one security hole been plugged than another one opens up. The competition between cybersecurity and cybercriminals is like the proverbial race between hare and hedgehog – unfair and simply unwinnable. To finally ensure a level playing field and eliminate potential security risks in advance, BKW’s Group Security has launched a bug bounty program with so-called ethical hackers.

«Classic security tests are only effective to a limited extent. Very effective and innovative, on the other hand, is the cooperation with ethical hackers, who work with us to massively increase system and application security.»

Manuel Häfliger, Head of Cyber Security and CISO at BKW

Bounty for security vulnerabilities

Ethical hackers, also known as «white hats», use the same methods as the criminal «black hats» in their search for critical vulnerabilities in corporate IT and OT (Operational Technology, Industrial Processing). However, instead of exploiting or publicizing a found vulnerability or hijacked account for a cyberattack or other criminal purposes, they immediately report each vulnerability to corporate security managers. Because they receive money for each newly discovered source of danger, this method is called «bug bounty».

«Nothing is more effective than being attacked in a controlled manner and continuously investing the lessons learned in cyber resilience. Working with ethical hackers is an important pillar in our security strategy.»

Manuel Häfliger, Head of Cyber Security and CISO at BKW

Five hackers to crack the system in eight days

To ensure a secure framework, BKW Group Security works with a renowned service provider, Bug Bounty Switzerland AG. Similar to an influencer agency, the service provider arranges a team of specialists, in this case for hacking, defines the legal framework and ensures meaningful reporting. For an initial «Reality Check», four important corporate solutions and a test period of two weeks were initially agreed on for BKW.

«BKW’s systems proved to be well protected. Initial vulnerabilities were quickly identified, but five hackers, CHF 20,000 in bounties and eight days of effort were required before the attack was successful – very good figures by Swiss standards.»

Florian Badertscher, CTO & Founder Bug Bounty Switzerland

Good is not good enough …

The search for vulnerabilities proved to be time-consuming due to BKW’s well-monitored and solid infrastructures – the attack team even had to be doubled to 10 specialists. Nevertheless, the contract hackers found a number of security vulnerabilities – including critical ones. Of course, all of them have now been eliminated and secured.

Always on guard

Overall, the «Reality Check» showed that BKW’s infrastructures and solution platforms have a very good level of protection – but are also not invulnerable. In order to identify and mitigate potential threats and critical security gaps as quickly as possible, the continuation of the program is now being evaluated. The plan is to expand to operational technology (OT), i.e. infrastructures, networks and production facilities that are used for energy generation, transmission and trading and are process-controlled. The integration and increasing networking of OT with IT infrastructures, as well as the many remote accesses, makes industrial companies not only smarter, but also more vulnerable. New protection concepts are needed, and bug bounty programs are an important building block in this.

Questions asked

Florian Bardertscher, what is the current trend among hackers – so in which areas is the danger currently greatest?

Hackers like all systems that have been brought online with a lot of speed and pressure without being ready for it – these are gold mines for them. There are plenty such systems out there at the moment, which also highlights a major problem: successful digitization cannot simply be forced, and many companies and organizations must first work through their legacy issues and become ready for it. That takes time, know-how and a lot of resources – until then, it’s good times for hackers, good or bad.

The Reality Check at BKW took place in a protected, non-public setting. But there is also a public program in which virtually everyone can hack along. Isn’t that dangerous?

Trust is a prerequisite for successful collaboration with hackers and must be built. Bug Bounty Switzerland can help to build the bridge and minimize risks. Ultimately, however, the risk is not greater with a public Bug Bounty program, on the contrary – attack attempts take place whether you want them to or not. The only question is whether successes will be reported responsibly or misused for malicious purposes. The brave step is to put a system on the Internet – not to have it tested by ethical hackers.

Stay up to date with our newsletter!

Looking for bug bounty news, hacker portraits, corporate success stories? Stay up to date with our newsletter!

We'll help you, let's chat about how!

Let's meet for a virtual coffee. Via calendly you can book yourself directly into our calendar. Try it out.

Schedule meeting