7 décembre 2018 | International, C4ISR
Germany Develops Offensive Cyber Capabilities Without A Coherent Strategy of What to Do With Them
BY MATTHIAS SCHULZE Germany has traditionally prioritized defense over offense in cyberspace. That's now beginning to change. There is a reoccurring debate in German national security and foreign policy whether Germany suffers from “Strategieunfähigkeit”—an inability to develop and implement strategy. The historic trauma of two lost World Wars created a pacifist culture that always struggled with formulating national security interests and defining strategy. The so-called “culture of reluctance” regarding the use of hard power has bled into Berlin's thinking about cyber issues, especially as it rushes to develop capabilities without an overarching strategy on how to use them. Until recently, Germany has prioritized defense over offense in cyberspace. The Federal Office for Information Security (BSI), Germany's cybersecurity agency, has a strictly non-military defensive mandate and is a vigilant advocate of strong encryption and full disclosure of zero-day vulnerabilities to vendors. Germany's foreign intelligence agency (BND) has historically had a relatively small cyber espionage budget. Germany's defensive posture began to shift in 2015, after the internal network of the German Bundestag was successfully compromised by Russian state-backed operators. That led the country to revise its cybersecurity strategy, issuing a more offensive-minded document in 2016. It called for the development of cyber teams in the intelligence agencies. It also might have been a contributing factor to the creation of a specialized agency, called the Central Office for Information Technology in the Security Sphere (ZITiS), to develop innovative techniques to break into encrypted devices, develop exploits and malware for real time interception and accessing data at rest, as well as identify or purchase zero-days to support offensive capabilities. As Germany rolled out its 2016 strategy, the German military (Bundeswehr) centralized its cyber capacity by consolidating around 14,000 soldiers and IT personnel into a unified cyber command (CIR), loosely modelled on U.S. Cyber Command. CIRwants to achieve full operational capacity by the early 2020s and plans to perform strategic and tactical cyber operations against enemy assets. Usage scenarios include disrupting enemy military assets, battlefield support and reconnaissance on adversary IT assets. Full article: https://www.defenseone.com/ideas/2018/12/germany-develops-offensive-cyber-capabilities-without-coherent-strategy-what-do-them/153227