Because the states would be restricted in their competences, the minister is aiming for an amendment to the Basic Law. That alone is difficult to achieve. In addition to the Bundestag, the Bundesrat would also have to agree with a two-thirds majority. However, resistance to the project is already forming in the traffic light coalition. The Greens and FDP object to the fact that Faeser apparently wants to enable cyber counterattacks, so-called hackbacks, for German security authorities.
“The discussion about hackbacks is misleading,” said Green Party Vice President Konstantin von Notz to the Handelsblatt. You can think about many things. “But anyone who understands what this instrument is about from a technical point of view knows how complicated and constitutionally problematic it would be if the state were to attack the integrity of IT systems on the Internet with the military or police.” The traffic light parties also have hackbacks on the Internet Coalition agreement “explicitly ruled out so that you don’t chase after chimeras, but finally do something for IT security”.
The FDP digital politician Maximilian Funke-Kaiser sees it the same way. Germany must “position itself more broadly” when it comes to cyber security. “But our coalition agreement is just as clear in this context. He excludes hackbacks for good reasons,” the member of the Bundestag told the Handelsblatt.
Top jobs of the day
Find the best jobs now and
be notified by email.
Union is open to talks about strengthening cyber defense
Hackback is about penetrating foreign servers in large-scale attacks – for example on power grids or other parts of important infrastructure – in order to paralyze them. With regard to the federal government’s role in cyber defence, Faeser spoke of “active measures” that went beyond the investigation of an attack. “We need ways to affect the systems that are being attacked and thereby end ongoing attacks or prevent new attacks,” the minister told the editorial network Germany.
Faeser is convinced that only the federal government can “effectively counteract” the complex and transnational threats posed by cyber attacks. “We have a lot of expertise with the National Cyber Defense Center and the skills of our security authorities, which we have all bundled there,” said the SPD politician. “But the central role of the federal government must be enshrined in the constitution.”
>> Also read here: Army supplies, cyber attacks, escape assistance – Ukrainian IT companies in the war against Putin
The Union was open to talks with the federal government about more federal competencies in cyber security. “I can well imagine that the federal and state governments will cooperate more closely in cyber defense in the same way as they do in countering terrorism. It can make sense to give the federal government the necessary powers for this, ”said Andrea Lindholz (CSU), Vice President of the parliamentary group, to the Handelsblatt. “Germany definitely needs an active cyber defense in order to be able to end ongoing attacks quickly.”
Lindholz referred to the “Emotet” malware. Hidden in an inconspicuous Word document, often disguised as a harmless-looking attachment to an email or as a link, the program was able to penetrate computer networks and open up the possibility of copying or blocking sensitive data. The perpetrators used it to blackmail companies and authorities. Many private computer users also fell into the “Emotet” trap. At the beginning of 2021, the Federal Criminal Police Office (BKA) managed to smash the infrastructure of the software.
Greens plead for “consistent closing of security gaps”
With the war in Ukraine, the cyber threat has increased again. According to the Federal Ministry of the Interior, there have been no cyber attacks from Russia on state institutions and critical infrastructure in Germany since the beginning of the war. “But we are touched insofar as there are strong attacks on Ukrainian systems that can be networked with systems from companies in this country,” said Minister Faeser.
If Faeser now wants to improve cyber defense, she needs the support of the federal states and the Union. However, it attaches its consent to an amendment to the Basic Law to conditions. The traffic light parties would have to end their years of blocking other “essential powers” for the security authorities, said the CSU politician Lindholz.
>> Also read here: “Tool for attacks against its own customers”: BSI warns of Kaspersky virus protection
As an example, the MP cited the so-called source telecommunications surveillance (source TKÜ) – i.e. the tapping and interception of telephone calls and SMS that are encrypted via Internet-based services such as WhatsApp and the online search of cell phones and computers with access to stored data.
“When we talk about active cyber defense, we also have to talk about such powers,” said Lindholz. “Anyone who calls for active cyber defense should not restrict our authorities to monitoring fixed network and SMS in justified cases of suspicion.” This position of the traffic light is unrealistic.
It is also unlikely that the Greens or FDP will move in the interests of the Union or the Interior Minister. “Protracted discussions about changes to the Basic Law on thin ice in constitutional law are not helping us with the current and serious threats to our critical infrastructure,” said von Notz, Vice President of the Greens.
Far away from state hacking, there are also “many” other measures to effectively protect the digital infrastructure in Germany. “We need clear standards, investments and a consistent closure of security gaps,” said von Notz. The last governments had “criminal neglected” all of this.
More: Why Russian hackers could endanger the German energy infrastructure