“I’m giving you a tool that helps to hack a well-known cloud.” The stage announcement met wild enthusiasm among the hackers of the Chaos Computer Club, who are gathering in Hamburg this week for their annual convention.
The 12,000 attendees addressed system vulnerabilities, hacking tools and protection mechanisms. A diverse group spanning young nerds and well-paid IT consultants, they shared a sense of confidence as the importance of IT expertise has grown.
Increasing threats from the internet, combined with the rapidly progressing digitization, are confronting the German government with new challenges. This year saw more cyber attacks than the country has ever seen from the blackmail software Locky to the shutdown of thousands of domestic routers belonging to Deutsche Telekom customers.
There are no straightforward answers to questions: Who and where will the next attacks come from? And which ministry should respond and how?
One thing is clear: The threat is growing, as are fears that there could be cyber-interference in Germany’s federal election next year.
“We’re seeing a new degree of endangerment.”
The numbers are surging: Germany’s top cyber agency blocked 44,000 emails infected with malware in governmental networks every month in the first half of this year, a four-fold increase on 2015.
“We’re seeing a new degree of endangerment,” said Arne Schönbohm, head of the agency called the Federal Office for Information Security (BSI), as he presented his latest report on cybersecurity.
The number of threats from blackmail software – tiny programs that encrypt data on computers and only release it upon receipt of a ransom – has also increased significantly. The BSI says that such attacks multiplied during the first half of 2016 by a factor of 55. More and more, the targets include infrastructure that is critical for the functioning of a state, such as energy providers or food producers.
How to handle this greater danger is unclear as laws are tangled and responsibilities for dealing with the crisis overlap.
Three federal ministries in Germany are currently addressing the issue of blackmail software: the interior ministry and its agencies, along with the defense and foreign ministries. But within Germany’s federal system, there are also areas which are covered by the different states. And even within the different federal ministries, a number of different offices have a cyber-security remit. In the interior ministry alone, eight units are charged with investigating the issue.
In the case of a cyber attack, all these threads are supposed to come together in a gray office building in Bonn, the home of the National Cyber-defense Center. There, five people are constantly on the lookout for irregularities. It’s their job to sound the alarm if necessary.
But then they face a decision: Which of the agencies is responsible for responding? Is it the BSI, the Federal Office of Criminal Investigation, the Federal Office for the Protection of the Constitution, the Federal Intelligence Service, the Military Counterintelligence Service, the Federal Office of Civil Protection and Disaster Assistance or the Federal Armed Forces?
“It’s a delicate matter if it isn’t entirely clear whether the attack came from a state or from criminals.”
The answer to this question depends largely on who is carrying out the attack, particularly when it comes to deciding how the country should respond.
“Germany can protect itself if attacked – also in cyberspace,” said Joachim Wieland, an expert on constitutional law who has served the government as expert and appraiser and has appeared before the country’s top constitutional court as attorney of record.
If cyber-attacks come from another country, Germany can launch counterattacks. “But it’s a delicate matter if it isn’t entirely clear whether the attack came from a state or from criminals,” said Mr. Wieland. To respond, especially to a foreign government, Berlin would have to be certain the attack did indeed come from a state.
But that is hard to determine: there are ways of disguising the perpetrator and aggressors are not likely to admit to being behind an attack. The accusations in the United States that Russia meddled in November’s elections are such a case in point. The U.S. intelligence agencies have said they are convinced, yet Russia has denied any involvement.
Furthermore, though most cyber-attacks may be started by foreign servers, there is no legal basis for those servers simply to be turned off in Germany to halt the problem. Even if it is assumed that criminals are the aggressors, federal agencies can do nothing more than apply for administrative assistance to the respective states. Valuable time is often wasted while such requests are processed. The interior ministry says that up to now, it has not turned off any foreign servers’ access to Germany in order to protect critical infrastructure.
Handelsblatt’s Heike Anger writes about politics and economics. Dana Heide covers domestic politics for Handelsblatt. Ina Karabasz writes about IT for Handelsblatt. To contact the authors: email@example.com, firstname.lastname@example.org, email@example.com