Assessing the sovereignty and security of the Austrian internet

Abstract

With many people depending on the internet in their daily work lives, the question on dependencies of these services arises. This is especially true when considering services provided by critical (IT) infrastructure or linked to governmental bodies. In this work, we provide a methodology and subsequent analysis results regarding the security and nature of dependencies of important Austrian sites on other nations and (potentially vulnerable) resources. Furthermore, we added a specific sub set to the analysis, focusing on governmental sites due to their increasing importance. The results of this analysis helps with the identification of critical resources outside the original services scope, especially considering the inclusion of services from outside the European Union and/or from unknown/unofficial sites. Furthermore, we also analyse the usage of security headers and the adoption of HTTPS, allowing an estimation of the state of security of vital services.