7 décembre 2018 | International, C4ISR

Germany Develops Offensive Cyber Capabilities Without A Coherent Strategy of What to Do With Them

BY MATTHIAS SCHULZE

Germany has traditionally prioritized defense over offense in cyberspace. That's now beginning to change.

There is a reoccurring debate in German national security and foreign policy whether Germany suffers from “Strategieunfähigkeit”—an inability to develop and implement strategy. The historic trauma of two lost World Wars created a pacifist culture that always struggled with formulating national security interests and defining strategy. The so-called “culture of reluctance” regarding the use of hard power has bled into Berlin's thinking about cyber issues, especially as it rushes to develop capabilities without an overarching strategy on how to use them.

Until recently, Germany has prioritized defense over offense in cyberspace. The Federal Office for Information Security (BSI), Germany's cybersecurity agency, has a strictly non-military defensive mandate and is a vigilant advocate of strong encryption and full disclosure of zero-day vulnerabilities to vendors. Germany's foreign intelligence agency (BND) has historically had a relatively small cyber espionage budget.

Germany's defensive posture began to shift in 2015, after the internal network of the German Bundestag was successfully compromised by Russian state-backed operators. That led the country to revise its cybersecurity strategy, issuing a more offensive-minded document in 2016. It called for the development of cyber teams in the intelligence agencies. It also might have been a contributing factor to the creation of a specialized agency, called the Central Office for Information Technology in the Security Sphere (ZITiS), to develop innovative techniques to break into encrypted devices, develop exploits and malware for real time interception and accessing data at rest, as well as identify or purchase zero-days to support offensive capabilities.

As Germany rolled out its 2016 strategy, the German military (Bundeswehr) centralized its cyber capacity by consolidating around 14,000 soldiers and IT personnel into a unified cyber command (CIR), loosely modelled on U.S. Cyber Command. CIRwants to achieve full operational capacity by the early 2020s and plans to perform strategic and tactical cyber operations against enemy assets. Usage scenarios include disrupting enemy military assets, battlefield support and reconnaissance on adversary IT assets.

Full article: https://www.defenseone.com/ideas/2018/12/germany-develops-offensive-cyber-capabilities-without-coherent-strategy-what-do-them/153227

Sur le même sujet

  • Developing the Royal Navy’s autonomous underwater capability: commercial clarification

    7 juin 2019 | International, Naval

    Developing the Royal Navy’s autonomous underwater capability: commercial clarification

    Please be advised that, in respect to the Defence and Security Accelerator competition: developing the Royal Navy's autonomous underwater capability, Dstl Commercial Services have offered a commercial clarification in respect to industry queries around the agreement of a Limitation of a Contractor's Liability to the proposed Framework Agreement: It is not possible to request a Limit of a Contractor's Liability (LoCL) under a Framework Agreement because it is impossible to calculate an appropriate LoCL amount with such a broad scope of work. Requests for a LoCL to the overarching framework agreement will be turned down, and proposals that include such requests will be deemed to be commercially non-compliant and excluded from the competition. However, in the event of placement of any Framework Agreement as a result of this Themed Competition, under the Tasking element of the aforementioned Framework Agreement (Item 2 of the proposed Framework Agreement only) on a Task by Task basis we will consider the risks associated with that Task and may consider it appropriate to agree a LoCL against that specific task only. This does not apply to Item 1 of the proposed Framework Agreement. Requests for a LoCL against Item 1 of the Framework Agreement will not be considered and proposals that include them excluded from the competition. Please be advised that this clarification explicitly applies to the Defence and Security Accelerator competition: developing the Royal Navy's autonomous underwater capability only. https://www.gov.uk/government/news/developing-the-royal-navys-autonomous-underwater-capability-commercial-clarification

  • Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

    11 décembre 2024 | International, C4ISR, Sécurité

    Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

    EagleMsgSpy, a Chinese surveillance tool by Wuhan Chinasoft Token, exploits mobile devices for data collection.

  • Italy's Leonardo signs sales contracts for more than 50 helicopters

    8 mars 2023 | International, Aérospatial

    Italy's Leonardo signs sales contracts for more than 50 helicopters

    Leonardo has signed preliminary sales contracts for more than 50 of its new AW09 helicopters, the Italian defence company said, without providing a value for the orders.

Toutes les nouvelles