The Federal Republic of Germany has just released a comprehensive cyber-security strategy [PDF] that will create two high-level government agencies devoted exclusively to cyber-war. Germany’s move to mobilize for cyber-war is one of the boldest Internet decisions made by a European power in years.
On the geopolitical front, cyber-warfare is here to stay. The People’s Republic of China is suspected of a series of devastating hacks of South Korean, Japanese, Canadian, and American computer networks. A mysterious worm called “Stuxnet,” reportedly created by the United States and Israel, has inflicted substantial damage on Iran’s nuclear program. Iran’s own hackers crippled the Voice of America last month.
A new cyber-warfare center called the Nationales Cyber-Abwehrzentrum (NCAZ, lit. “National Cyber-Defense Center”) will be opened shortly, with initial staff being transferred from the Federal Office for Information Security (BSI). Other staff for the NCAZ will be transferred from Germany’s Federal Office for the Protection of the Constitution and the Federal Office of Civil Protection and Disaster Assistance.
The second agency will be a national cyber-security council called the Nationaler Cyber-Sicherheitsrat. According to Kings of War’s Thomas Rid, the high-level council will launch shortly:
The new body is set to start working soon, on 1 April. The council will be part of Merkel’s chancellery and include high-level representatives from all sorts of ministries that could be relevant, like interior, defence, justice, economy, finance, etc, and even more if necessary. It will be headed by Cornelia Rogall-Grothe, the government’s IT czar of the rank of state secretary. Citizens and businesses, she said, need the web “like the air we breathe.”
Judging from the wording of the German cyber-warfare report, industrial espionage and potential military attacks are both turning out to be major concerns:
In view of technologically sophisticated malware the possibilities of responding to and retracing an attack are rather limited. Often attacks give no clue as to the identity and the background of the
attacker. Criminals, terrorists and spies use cyberspace as a place for their activities and do not stop at state borders. Military operations can also be behind such attacks.
The trend to develop information systems for industry on the basis of standard
components and connect them to cyberspace, which is motivated mainly by economic concerns, entails new vulnerabilities.
Experience with the Stuxnet virus shows that important industrial infrastructures are no longer exempted from targeted
Germany’s cyber-war strategy also calls for enhanced cooperation between the country’s military, NATO and the European Union in creating a framework for dealing with online attacks.
However, there are critics. Der Spiegel notes that the NCAZ is slated to open with only 10 employees on the payroll (Deutsch), while prominent German cyber-security expert Klaus Jansen called the NCAZ a ”sham” due to the agency’s small size. Green MP Konstantin von Notz has also criticized the cyber-warfare project because it calls the police and intelligence apparatuses to work together on relevant cases, which could potentially break German law.