Status: 04/19/2023 2:06 p.m
Because administration, authorities and ministries are repeatedly attacked by hackers, the federal government wants to do more for cyber security. But that is not so easy.
In July 2021, cyber blackmailers paralyzed the administration of a municipality in Saxony-Anhalt. Apart from the telephones and old fax machines, nothing worked at first. Hackers have encrypted the administration’s computers and data in order to extort ransom.
ARD Capital Studio
“From one minute to the next, the district was no longer able to provide 99 percent of the services,” recalls Udo Pawelczyk from the Anhalt-Bitterfeld district. No one could register their car, apply for housing benefit or a new ID card. A disaster for Pawelczyk: “That’s why the disaster was finally declared.” For the first time, a municipality has done this because of a cyber attack.
Even years later, the district is still struggling with the consequences, with damage running into millions. Anhalt-Bitterfeld is no longer an isolated case. Companies, clinics and authorities are attacked every day. This costs a lot of money and can even endanger human life.
Earlier this month, hackers attacked police and ministries across Germany. This has alarmed the security authorities again. So there are plenty of topics to be discussed at the National Cybersecurity Conference until tomorrow. Representatives of the security authorities and experts for cyber security come together in Potsdam. They also talk about strategies on how best to defend against such attacks.
Digital pent-up demand
Germany has a lot of catching up to do in digital anyway – and the Russian war of aggression has increased the concerns of Federal Interior Minister Nancy Faeser. She wants to reorganize cyber security in Germany. Last summer she did unveiled their cybersecurity agenda. The federal government should thus be given more powers to defend against hacker attacks.
So far, this has been a matter for the federal states and, from the point of view of Markus Richter, State Secretary in the Federal Ministry of the Interior, they are differently well positioned. He calls for uniform standards: “Unfortunately, we have seen too often that it is left to chance which authority is responsible on site and how well it is set up.”
No competition between authorities
In the future, nothing should be left to chance. The ministry wants to make the Federal Office for Information Security (BSI) a central body for cyber defence. But that would require an amendment to the constitution. And that is only possible with votes from the opposition – and with the consent of the federal states. State Secretary Richter knows that too. He therefore emphasizes that it is not about taking something away from the countries, but about being able to work together better to make Germany digitally more secure.
In the fight against cybercriminals, it is important to react quickly and routinely. In addition, competition between the authorities should be avoided, because there is also a shortage of skilled workers in IT security.
However, the majority of the federal states are still not convinced of Faeser’s plans. There are doubts, especially in the union-governed countries. The interior ministry is still trying to persuade. For State Secretary Richter, this is a normal process: “It’s about competencies and constitutional issues. Not things that I can clarify with the stroke of a pen.”
The federal government rules out counterattacks
Not only the BSI should get more tasks, but also the security authorities. This also requires an amendment to the Basic Law. One point is particularly controversial: active cyber defence. The Federal Criminal Police Office should be able to fend off attacks digitally. With a judicial decision, servers can be actively shut down by attackers from abroad.
The federal government excludes counterattacks, so-called hackbacks, in its coalition agreement. State Secretary Richter emphasizes that it should only be about defending oneself in the event of an attack and not about “retaliating or simply hitting back”.
Do the basics first
Experts criticize this idea. Sven Herpig, cyber security expert at the New Responsibility Foundation, says that active cyber defense will hardly help. “It always sounds great, but in reality it will only make up a very small part of how we can make Germany safer,” says Herpig.
For Herpig, more powers for the security authorities would be the last step on the way to more cyber security. Before that, the basics would have to be created: Systems would have to be better secured, existing security requirements implemented and specialists trained and trained. Otherwise, Germany will always remain uncertain, Herpig is convinced.
There is still a long way to go towards more cybersecurity and the cybersecurity agenda is just one building block. This year, the cabinet is expected to initiate both amendments to the Basic Law. The entire agenda is to be implemented by 2030.