Protection against cyber attacks: New strategy for Germany's IT

For years, experts have been pointing out the increasingly close connection between national security and information technology (IT) security.

The Federal Ministry of Defense and the Federal Ministry of the Interior therefore agreed in 2018 to set up a cyber agency to commission and coordinate research on future IT security.

The cyber agency got off to a rocky start in 2020, but the facility based in Halle, Saxony-Anhalt has now completed its strategy for the coming years.

The document is available to the FAZ.

Reinhard Bingener

Political correspondent for Lower Saxony, Saxony-Anhalt and Bremen based in Hanover.

• Follow I follow

A total of around 320 million euros are to flow into research by 2025.

Under the heading "Secure Systems", the cyber agency wants to deal with research projects in which the Ministry of Defense or the Ministry of the Interior have a direct interest.

The main focus is on the IT security of the German authorities and the protection of critical infrastructures, such as energy networks.

“Cybersecurity in Challenging Environments” is about communication in intelligence or military areas, be it in space, in war zones or when transmitting data for submarines and their weapons.

However, the "secure systems" area also includes "holistic protection of the supply chains" for IT hardware and software.

The research director of the cyber agency, Christian Hummert, tells the FAZ that Germany must ensure that no backdoors are installed along the supply chain of purchased technology through which other powers can gain access to Germany's sensitive data.

The second major area that the cyber agency intends to focus on is a forward-looking approach to major developments in IT.

According to the strategy paper, these include cryptology in general and quantum computing in particular, which offers both opportunities and risks for encrypted communication.

The cyber agency will also commission research into artificial intelligence and autonomous systems, for example in transport.

In addition, research is also to be carried out into a more secure communication architecture.

The common Internet protocol TCP/IP dates back to the 1970s and, according to Hummert, harbors “inherent security gaps”.

Increasing interest in German politics

In the talks with the government level, the cyber agency also urged not only to deal with the protection of the state sector, but also to research measures for an overall “safe society” in a third area.

Research Director Hummert points out that experience has shown that the biggest security gap is not in the computer, but in front of it.

In addition, there is an increasingly close connection between general social freedom and cyber security.

Hummert therefore wants to have research carried out into how the digital identities of people in a free society should be structured – i.e. in which areas people should be clearly identifiable and in which not.

It is also about the challenge of becoming a “cyber-resilient society”, i.e. being able to cushion successful attacks on IT structures.

However, the "cyber-enabled state" should also have the ability to penetrate IT systems and crack encryption to fight crime.

Another topic is “human-machine interaction”.

A few days ago, the cyber agency commissioned a specific project on this question, in which researchers from the University of Freiburg are to develop guidelines for the cyber security of computer-brain interfaces.

The cyber agency also wants to take a forward-looking approach in the area of ​​"digital consumer protection".

As an example, Hummert cites the digital voice assistants that can already be found in many households.

He certainly sees the danger that such devices will be used as "bugs in the living room".

The state is required to ask the question of cyber security in advance of such technical development steps in the future and to issue appropriate regulations.

In view of the Russian attack on Ukraine, research director Hummert has noticed that German politicians are becoming increasingly interested in cyber security.

However, the question of the extent to which Germany is allowed to use security gaps in other countries itself in addition to defending against cyber attacks has not yet been finally clarified.

Such offensive capabilities "from my point of view are part of our mission," says Hummert, whose cyber agency will be moving to a larger property in Halle this year.

The final location of the agency has not yet been clarified.

In the background, the two federal states of Saxony-Anhalt and Saxony are competing for settlement.