Neglecting cybersecurity in Germany – commentary on the new agenda

It could have been so nice: a new government will be formed at the end of 2021 – that in itself is good news for the nation’s security situation in Germany. The coalition agreement sounds promising: people and their civil rights, their freedom and the need for protection are at the heart of any security policy consideration. After years and almost decades of pessimism, there is finally a glimmer of hope: measures that protect us all in the digital age should be evidence-based and, above all, sustainable!

The Working Party on Sustainable Digitization (AGND) is a group of independent experts dealing with the long-term consequences of digitization. The social component of sustainable development comes to the fore in analyzes, publications, lectures and projects. The primary requirement of this working group is to avoid technical debts to future generations and to enforce safety by design across all institutions and systems. Initiating responsible activities in digital transformation and carrying them out diligently, i.e. their operationalization, is both a technical and ethical task. Two IT security experts, Caroline Krohn and Manuel Atug, recently founded AGND and it is now being created. Further information, dates and publications will soon be available on the website and via YouTube.

  • Sustainable Digitization Working Group (AGND) website – under construction

The monitoring accounts included therein are to be prepared in 2023. According to her, in the future, the limitation of civil rights through the extended powers of the state and its security organs should be proportionate to the fundamental rights of the individual, and this will be the basis of all future laws on security. Until then – as the coalition agreement clearly states – no new security laws will be passed, i.e. new interference with fundamental rights. So far, so full of hope.

Credit to Federal Interior Minister Nancy Faeser for one thing: she was offered this post in a very short time. Therefore, it could not be expected that she had dealt with the coalition agreement before her appointment. Apparently, your employees were so far-sighted that there would be no place for them in the new federal government. They will be surprised that they have been allowed to linger in their functions. Moreover, they even have a free hand to continue seamlessly with Seehofer’s old policy and include it in the new cybersecurity agenda – which Minister Faeser gladly presented.

Sustainable development, i.e. avoiding the debt of human and civil rights to future generations, is not part of this program. On the contrary: the security authorities are to be given even more powers and have even less to fear that they will be limited. The threat level is written even higher, more money is to be spent on water-canister surveillance measures, and civil society is to be heard even less: this program sets the conditions for dystopia.

Ultimately, whether hackback means “state shutdown of other servers” or “aggressive counterattack”, it cannot prevent or reverse the damage caused by a successful attack. It remains a digital retaliation strike that AG KRITIS, an independent association of security experts with expertise in, inter alia, critical infrastructure, he perceives as a dangerous measure. The LOAD eV Association for Liberal Network Policy also aptly states that this is a question of “knowingly misleading the public.”

The agenda continues to talk about ‘vulnerability management’. Instead of fixing weaknesses, the state should manage them, that is, administer them. This is especially necessary when they are used to create insecure encryption systems for smartphones, instant messaging, business information systems, and more – in order to use these uncertainties in investigations. It maintains open vulnerabilities that are not helping Germany’s digital security. They seem even more alienated on the government’s cybersecurity agenda.

In principle, one may be content to establish the “Security by Design And by Default” principle that the federal administration is striving for. However, it becomes a buzzword if there are no legally binding obligations behind it. The last two federal governments have already used this wording without implementing anything. Apparently, the security authorities and the ministry still do not understand what cyberspace security requires.

Legal scientist and IT security law professor Dennis-Kenji Kipker also leaves a good hair on the agenda when it comes to active cyber defense. Along with the planned strengthening, ZITiS sees a weakening of cybersecurity, as offensive actions ultimately endanger systems. Chat control briefly mentioned deals ad absurdum cybersecurity due to mass surveillance of confidential communications of all EU citizens. Apparently, the European Commission and the BMI-leaning substructure should be pacified here – recently Interior Minister Faeser herself spoke out clearly against this.

Giving people in the digital age in Germany, Europe and the world the opportunity to live their lives independently is not only appropriate but absolutely necessary. This means that the state guarantees the protection of people – through better encryption, security enforcement at the design stage in all solutions, and by integrating privacy protection in all digital products and processes. The basic requirement is the well-thought-out stabilization of digital infrastructure and increasing the resilience of critical infrastructure. By contrast, the geopolitical fantasies of power – whether internal or external – no longer belong to the concept of security in the 21st century. The emphasis on stabilization – even without blockchain, hackbacks, state-of-the-art Trojans, and artificial intelligence – is not fancy and does not sparkle, but it is necessary and the only sensible way.

The statements by Foreign Minister Annalena Baerbock last weekend are encouraging. He writes on Twitter: “Principles of international law must apply in defense against cyberattacks from abroad. This includes the right to self-defense, but also the principle of proportionality and never retaliatory attacks. “

Baerbock also calls for a joint clarification of internal and external security. This statement gives hope that the cyber security agenda of the Federal Ministry of the Interior has not yet taken a final say. Security has to be thought out. It is important to think about human protection from an individual point of view.


(I)

To the home page

Leave a Comment