
What is the point of a company having a security system that itself is not secure? Or which will become insecure in the future because of politics? It only takes a quick entry in a search engine to lend weight to this seemingly paradoxical question. Or a reminder of what Edward Snowden published ten years ago regarding the practices of the Western intelligence services.
Not only have the Five Eyes – an espionage cooperation consisting of Australia, Great Britain, Canada, New Zealand, and the USA – been pleading for years for legislation giving them general access to all possible software products. In November 2022, it became known in the USA that certain routers from Chinese providers are delivered with built-in backdoors by default. These sometimes receive a visit from overseas right after connection. Incidentally, these products are also commonplace in Europe.
Ever since Snowden's revelations as well as EternalBlue, intelligence agencies have been known to be active hackers. The EternalBlue case in particular has revealed two problems:
- Federal security agencies use backdoors not only for law enforcement, but also for active snooping.
- The weapons of the good guys (depending on your point of view) eventually end up in the hands of the bad guys. After its release to the public, EternalBlue was used for or enabled several large-scale attacks (including WannaCry, NotPetya). With best regards from the NSA.
That a patch has been made available for EternalBlue is solely due to the fact that the Shadow Brokers hacker collective had made a big media fuss about their theft of the US intelligence service backdoor. The NSA was forced to disclose their exploit to Microsoft.
The US intelligence services’ strong urge for secret mass surveillance has a long tradition. As of yet, there might not be a general US law that prescribes the widespread installation of backdoors. However, the Communications Assistance for Law Enforcement Act (CALEA) has been forcing certain telecommunications service and product providers to build access capabilities into their systems since 1994. The intelligence community has been fighting for decades to extend such access to other services and industries. At regular intervals, new laws for that capability are introduced in Congress, often heavily codified or hidden in companion bills so as not to wake any sleeping dogs. It is therefore only a matter of time.
Moreover, technology companies in both China and the U.S. are often more than willing to collaborate with or recruit directly from the military and intelligence complex. This applies not least to some cybersecurity companies.
The Rhebo Office in the old cotton mill Leipzig
Uncompromised Data protection
With OT Security Made in Germany® Rhebo is giving a clear commitment to data protection and the long-term protection of our customers. Already since mid-2021, Rhebo has been holder of the trust seal Cybersecurity Made in Europe of the European Cyber Security Organisation (ECSO). We thus follow the strict data protection regulations of the GDPR and the European Union Agency for Cybersecurity (ENISA).
OT Security Made in Germany® extends this commitment:
- 100 % of development and testing is done in Germany.
- There are no built-in backdoors for security and government agencies.
- Third parties never gain access to the backend of our solution.
- We do not work with security agencies or the military at the development level.
In addition, for our German and European customers it means:
- fast response times to inquiries and
- prompt, comprehensive support.
As a European company, Rhebo also explicitly takes into account the requirements of European cybersecurity directives and national legislations that derive from them.
With Rhebo's solutions, European organizations can therefore rest assured that they are getting OT monitoring with anomaly detection that meets their requirements for data protection, performance, simplicity AND compliance.
OT Security Made in Germany® is a registered trademark Rhebo GmbH.