After new reports on Russian cyber warfare based on the “Vulkan Files”, Federal Interior Minister Nancy Faeser (SPD) is again campaigning for so-called active cyber defense aka hackbacks. “We are planning to amend the Basic Law so that the Federal Criminal Police Office can ward off threats from serious cyber attacks,” she told the editorial network Germany (RND). The police authority has “outstanding expertise and works together in an excellent network worldwide, for example in investigations against Darknet platforms”. Vladimir Putin’s war of aggression in Ukraine “also means a turning point for domestic politics,” the social democrat justified her initiative: “The threat level in the area of cyber security is high.”
Authorize “active cyber defence”.
In principle, the competence to avert danger lies with the federal states. In order to be able to react appropriately to threats, according to the report From the point of view of the Ministry of the Interior, however, the federal authorities need to be strengthened. In addition, in individual cases permissible under international law, it may become necessary to take action against IT systems used for attacks abroad. The power to do so should be part of the amendment to the Basic Law relating to the Federal Criminal Police Office (BKA) in the event of serious, cross-border cyber attacks.
Active countermeasures against cyber attacks are highly controversial. In Germany, the traffic light government alliance expressly rejects hackbacks in the coalition agreement. The federal government’s current cyber security strategy, which is being pushed by former Interior Minister Horst Seehofer (CSU), still includes these instruments. Faeser tried a middle ground last summer. “We have to be able to influence IT infrastructures that are used for an attack,” she emphasized when presenting the cyber security agenda of the Interior Ministry. “In this way, the security authorities can prevent, stop or at least mitigate serious cyber attacks.”
BKA and BSI are to be upgraded
It is about the ability to “redirect” an attack, explained the minister. Above all, the federal government will have to give the BKA – if necessary also several authorities – relevant responsibilities. There are no plans to use government funds to attack foreign servers with aggressive counterattacks. However, an attack can be so severe that the state feels compelled to stop it. The Bremen IT security lawyer Dennis-Kenji Kipker now regretted on Twitter, “that the latest Vulkan revelations are being used again to bring active cyber defense into the legal policy debate in a different way”. It would be more important to strengthen defensive cyber capabilities. The BKA is not legally and structurally suitable to receive a hackback authority.
Faeser wants to propose another amendment to the Basic Law in order to expand the Federal Office for Information Security (BSI) into the central office in the federal-state relationship – analogous to the BKA for criminal prosecution. The decisive factor is “that the federal and state governments act in a coordinated manner and continuously develop their skills”. The minister has already presented this new function for the BSI with her cyber security agenda. The domestic policy spokesman for the FDP parliamentary group, Manuel Höferlin, considered this approach to make more sense than active cyber defense in November. However, it must be able to be reproduced in a technically correct and constitutional manner. According to reports, the federal states have so far rejected the necessary amendment to the Basic Law.
(tiw)
