Brussels, Berlin Russian aggression against the Ukraine requires a strengthening of cyber defense in Europe: This warning from the EU Commission gives new impetus to the German controversy about cyber operations by security authorities and secret services.
Commission Vice-President Margrethe Vestager on Thursday called the Russian war of aggression a “wake-up call” for EU cyber defences, calling for “bringing together civilian and military tools” to “achieve greater effectiveness against cyber threats”. Behind this formulation are measures that are highly controversial, especially in Germany – digital counterattacks, for example, which can also include so-called hackbacks. In “hackbacks”, an attacked country attempts to penetrate the aggressor’s computer systems.
A strategy paper published by the Commission and the EU External Action Service explains the concept in more detail. It calls on member states to invest “in the full range of cyber defense capabilities, including active defense capabilities”. The EU must respond to cyber attacks with “all available means” – although the paper emphasizes that the Europeans want to “continue to comply fully with international law and international norms in cyberspace”.
Russia, as the past few months have shown, is not only waging the war in Ukraine with tanks, bombs and drones, it is also using offensive cyber weapons. Even before the Russian invaders fired the first shot on February 24, they used a complex cyber attack to paralyze the Ka-Sat satellite network, which is operated by the US company Viacom and was also used by the Ukrainian army.
Top jobs of the day
Find the best jobs now and
be notified by email.
“Armed forces are highly dependent on civilian critical infrastructure, be it for mobility, communications or energy,” the EU paper points out. EU leaders are convinced that the Russian leadership has also ordered hybrid attacks against critical infrastructure in Europe, such as the blasting of the Nord Stream 1 Baltic Sea pipeline.
The USA has long relied on “active cyber defence”
Last also had an analysis by the global strategy consultancy Macro Advisory Partners in Brussels, classified as “strictly confidential”, attracted attention, as a result, Russian hackers step up their attacks on European energy companies.
The US has long relied on “active cyber defence,” which includes counterattacks, says Tyson Barker, a technology expert at the German Council on Foreign Relations and a former US diplomat. “You shouldn’t tie yourself up,” he clarifies. In Germany, on the other hand, the use of cyber weapons by the state has long been the subject of heated debate.
“Hackbacks” in particular are rejected by the traffic light coalition in Berlin. Of the SPD-Digital politician Jens Zimmermann points out that numerous technical and legal questions about digital counterattacks are still unresolved.
“It is therefore logical that the coalition agreement rejects hackbacks as a means of cyber defence,” says Zimmermann. Instead, he advises thinking about means of active cyber defense below hackbacks in order to strengthen the cyber defense, to recognize and ward off attacks and attack patterns.
“Hackbacks” aim, for example, to paralyze foreign servers in the event of large-scale attacks, for example on power grids or other parts of important infrastructure. Green parliamentary group leader Konstantin von Notz also expressed his negative views. “I urgently warn against giving the floor to offensive capacities and finally entering into cyberwar with states like North Korea,” he says. In view of scarce resources, measures to increase IT security must first and foremost focus on “hardening” digital infrastructures and reducing vulnerability to attacks.
fibers wants more powers for the federal government in cyber defense
Of the CDUSecurity politician Roderich Kiesewetter, on the other hand, advocates cyber counterattacks. “Building up the capabilities required for threats from state cyber attacks is hardly possible at the required speed in the short term,” says the deputy chairman of the Bundestag’s intelligence committee. “It is therefore all the more correct to also include so-called hackbacks and active countermeasures, which have so far been legally excluded in Germany.”
It is not yet clear how Federal Interior Minister Nancy Faeser (SPD) will position herself on this issue after the EU proposals. In the spring, the minister rejected cyber counterattacks, pointing out that security risks could arise as a result. Nevertheless, one must think about additional measures to end ongoing attacks and prevent new ones, she said. Her ministry then drafted a new cyber security agenda, which Faeser recently presented.
The aim is to expand the powers at the federal level. By means of an amendment to the Basic Law, the Federal Office for Information Security (BSI) is to become the central office for the fight against cyber attacks on targets in Germany. Responsibility for domestic cyber security currently still lies with the federal states, so the BSI has only been able to provide administrative assistance so far, which the minister no longer considers appropriate in view of the growing threat.
CDU-Politician Kiesewetter also considers the strategic considerations of the EU Commission on cyber defense and cyber security to be sensible because the current threats do not arise from petty criminals, but take place within the framework of hybrid warfare by states or state-commissioned actors. “Critical infrastructures that can be destroyed or sabotaged by cyber attacks are particularly affected,” says the MP. “Here we have been completely inadequately positioned so far.”
Also SPDPolitician Zimmerman sees a need for action in view of the new threat situation against the background of the Russian war of aggression in Ukraine: “Therefore, the Commission’s warning to the Member States to strengthen cyber security with urgency and investments is fundamentally correct.”