Brussels, Berlin The Russian aggression against Ukraine requires cyber defense in Europe to be strengthened: This warning from the EU Commission gives new impetus to the German controversy about cyber operations by security authorities and secret services.
Commission Vice-President Margrethe Vestager on Thursday called the Russian war of aggression a “wake-up call” for EU cyber defences, calling for “bringing together civilian and military tools” to “achieve greater effectiveness against cyber threats”. Behind this formulation are measures that are highly controversial, especially in Germany – digital counterattacks, for example, which can also include so-called hackbacks. This emerges from a new strategy paper that the Commission and the EU’s foreign service have now published. In “hackbacks”, an attacked country attempts to penetrate the aggressor’s computer systems.
It calls on member states to invest “in the full range of cyber defense capabilities, including active defense capabilities”. The EU must respond to cyber attacks with “all available means” – although the paper emphasizes that the Europeans want to “continue to comply fully with international law and international norms in cyberspace”.
As the past few months have shown, Russia is not only waging the war in Ukraine with tanks, bombs and drones, it is also using offensive cyber weapons. Even before the Russian invaders fired the first shot on February 24, they used a complex cyber attack to paralyze the Ka-Sat satellite network, which is operated by the US company Viacom and was also used by the Ukrainian army.
Top jobs of the day
Find the best jobs now and
be notified by email.
“Armed forces are highly dependent on civilian critical infrastructure, be it for mobility, communications or energy,” the EU paper points out. EU leaders are convinced that the Russian leadership has also ordered hybrid attacks against critical infrastructure in Europe, such as the blasting of the Nord Stream 1 Baltic Sea pipeline.
The USA has long relied on “active cyber defence”
Recently, an analysis by the global strategy consultancy Macro Advisory Partners in Brussels, classified as “strictly confidential”, also attracted attention, according to which Russian hackers are stepping up their attacks on European energy companies.
The US has long relied on “active cyber defence,” which includes counterattacks, says Tyson Barker, a technology expert at the German Council on Foreign Relations and a former US diplomat. “You shouldn’t tie yourself up,” he clarifies. In Germany, on the other hand, the use of cyber weapons by the state has long been the subject of heated debate.
“Hackbacks” in particular are rejected by the traffic light coalition in Berlin. The SPD digital politician Jens Zimmermann points out that numerous technical and legal questions about digital counterattacks are still unresolved.
“It is therefore logical that the coalition agreement rejects hackbacks as a means of cyber defence,” says Zimmermann. Instead, he advises thinking about means of active cyber defense below hackbacks in order to strengthen the cyber defense, to recognize and ward off attacks and attack patterns.
>> Read also: Industry fears attacks on satellites: “Europe would be hit hard”
“Hackbacks” aim, for example, to paralyze foreign servers in the event of large-scale attacks, for example on power grids or other parts of important infrastructure. Green parliamentary group leader Konstantin von Notz also expressed his negative views. “I urgently warn against giving the floor to offensive capacities and finally entering into cyberwar with states like North Korea,” he says. In view of scarce resources, measures to increase IT security must first and foremost focus on “hardening” digital infrastructures and reducing vulnerability to attacks.
Faeser wants more powers for the federal government in cyber defense
The CDU security politician Roderich Kiesewetter advocates cyber counterattacks. “Building up the capabilities required for threats from state cyber attacks is hardly possible at the required speed in the short term,” says the deputy chairman of the Bundestag’s intelligence committee. “It is therefore all the more correct to also include so-called hackbacks and active countermeasures, which have so far been legally excluded in Germany.”
It is not yet clear how Federal Interior Minister Nancy Faeser (SPD) will position herself on this issue after the EU proposals. In the spring, the minister rejected cyber counterattacks, pointing out that security risks could arise as a result. Nevertheless, one must think about additional measures to end ongoing attacks and prevent new ones, she said. Her ministry then drafted a new cyber security agenda, which Faeser recently presented.
The aim is to expand the powers at the federal level. By means of an amendment to the Basic Law, the Federal Office for Information Security (BSI) is to become the central office for the fight against cyber attacks on targets in Germany. The responsibility for domestic cyber security currently still lies with the federal states, so the BSI has so far only been able to provide administrative assistance, which the minister no longer considers appropriate in view of the growing threat.
>> Read also: Russian cyber attacks on German companies are increasing by leaps and bounds
CDU politician Kiesewetter also believes that the EU Commission’s strategic considerations on cyber defense and cyber security make sense because the current threats do not come from petty criminals, but instead take place within the framework of hybrid warfare by states or state-commissioned actors. “Critical infrastructures that can be destroyed or sabotaged by cyber attacks are particularly affected,” says the MP. “Here we have been completely inadequately positioned so far.”
SPD politician Zimmerman also sees a need for action in view of the new risk situation against the background of the Russian war of aggression in Ukraine: “That is why the Commission’s warning to the member states to strengthen cyber security with urgency and investments is fundamentally correct.”
More: “Prepare for all crisis scenarios” – Minister of the Interior specifies plans for the protection of critical infrastructures.