According to a new concept, federal authorities are to be given hacking powers, with the Ukraine war cited as the reason
The Federal Office for Information Security (BSI) in Bonn is the German government’s top authority for digital information security issues in the state, economy and society. Details are set out in a BSI law that was last amended by the Bundestag a year ago. With around 800 new posts and so-called “honeypots” and “sinkholes,” it is now allowed to lure cyber attackers and send them back manipulated information. Now more competencies are to follow and the Constitution is to be amended for this purpose, according to a concept presented today by the Federal Minister of the Interior Nancy Faeser (Social Democratic Party), who formally supervises the agency.
Accordingly, the BSI is to be given powers to prevent threats. This would allow it to “act on IT infrastructures that are being used for an attack.” Servers from which attackers operate could then be shut down in a targeted manner. However, Faeser believes that this would not be an “aggressive counterattack”. But the German hacker authority ZITiS will also to be strengthened according to the concept and receive its own law.
In addition, the Federal Office for the Protection of the Constitution, which is the domestic secret service in Germany, is to be given more powers to “clarify technical facts in the event of cyberattacks by foreign powers” and to use automated tools to screen the Internet for “extremism” .
In addition, according to the concept, the BSI is to become a central office between the federal and state governments. Faeser cites the Federal Criminal Police Office (BKA) and Federal Office for the Protection of the Constitution as models. Currently, responsibility for cybersecurity lies with the states, to which the BSI can provide administrative assistance if requested. Faeser believes this is no longer in keeping with the times, and that the states are “overburdened” with this division of tasks in the long term. Her ministry has received “very positive signals” from the state governments regarding the planned amendment to the Constitution. The operators of critical infrastructure, including providers of energy, water and healthcare, are also to be more closely linked to the BSI Situation Center. An exchange of information on cyberattacks is then to take place via a new cooperation platform at the Bonn-based authority.
As justification for her initiative, the interior minister cites a “turning point in time that we are experiencing in view of the Russian war of aggression against Ukraine. This makes clear the importance of cybersecurity “for a modern, high-tech and digitized industrialized country like Germany”. This is at risk from “actions by cyber criminals, targeted disinformation or attacks on state structures.” All of this, she said, requires a “strategic repositioning” with considerable investment in cybersecurity. For that reason, the Federal Police is also being significantly expanded with more personnel and technology. The reason given for the new measures is that the current structure of the security authorities “can no longer cope with cybercrime to the same extent. This would generate “masses of data” that could no longer be analyzed forensically.
Other components of Faeser’s cyber agenda concern the digital communication of the federal authorities, which are to use a central video conferencing system in the future. To this end, the digital radio network is being expanded and facilities are also being built for broadband communications. Under the name “Broadway,” the European Union is currently building such a network for emergency services and police forces; the technology for it comes from the defense companies Airbus and Leonardo.
Finally, “hate and agitation on the net” are to be further combated. Faeser cites the protection of children and young people from sexualized violence as a “top priority”. To this end, the German government wants to draft a “national strategy” that includes law enforcement, prevention and victim protection. According to the concept, Germany is “promoting an EU-wide legal framework to prevent and combat sexual abuse of children”, like it was recently proposed by the Commission. This means “in particular prevention of the dissemination of child abuse depictions” on the Internet.
“The cybersecurity agenda of Federal Minister of the Interior Faeser is disastrous,” Caroline Krohn of the independent Sustainable Digitalization Working Group commented. There is not much left of the liberal, civil and fundamental rights ambitions of the coalition agreement, Krohn says. While new capabilities for the BSI are the right thing to do, the simultaneous strengthening of hacker authorities is in contradiction to this. The concept was apparently written by “ministerial and official decision-makers from the old world”.
Image: Faeser with the EU Commissioner Ylva Johansson in January (BMI).