By Laura Kabelka | Euractiv Est. 4min 12-07-2022 (updated: 14-07-2022 ) "We take the current threat very seriously," Nancy Faeser said on Tuesday. [RAINER KEUENHOF / POOL / EPA] Euractiv is part of the Trust Project >>> Languages: Français | DeutschPrint Email Facebook Twitter LinkedIn WhatsApp Telegram The German Federal Ministry of Interior presented its ambitious cybersecurity agenda on Tuesday (12 July), aiming to reorganise its architecture amidst rising cyber threats. But critics say several proposed measures have little to do with cybersecurity. Federal Minister of the Interior Nancy Faeser and State Secretary Markus Richter presented the cybersecurity agenda as a road map for the Federal Ministry of the Interior and Home Affairs (BMI) on Tuesday. “The federation and the states must counter cyber threats in a coordinated manner and permanently develop their capabilities. We will propose an amendment to the Basic Law to develop the Federal Office for Information Security into a central agency in the federal-state relationship,” Faeser said. In view of the Russian war of aggression on Ukraine, strategic restructuring and investment in cybersecurity are urgently needed, according to the Interior Minister. While concrete attacks against Germany have not yet been recorded, there are security gaps, and the Viasat attack, where thousands of German wind turbines’ remote monitoring was deactivated, offered a foretaste of possible consequences. “We take the current threat very seriously,” Faeser emphasised. The cybersecurity agenda focuses on strong, modernised security architecture and a high level of cybersecurity protection as well as the resilience of critical infrastructure. Also, new “powers to avert danger” are to be granted to the security authorities. Exactly what kind of powers are to be involved was not specified, but the measures should “go beyond a mere investigation of an attack”. The agenda envisions various positive developments, according to cybersecurity expert Sven Herpig from the German thinktank Stiftung Neue Verantwortung. “But while cybersecurity policy is usually not hotly disputed among the major political parties, they managed to integrate several controversial issues into the agenda,” Herpig told EURACTIV. According to Herpig, a number of topics were packed into the agenda, although they do not have much to do with cyber security, but concern public and national security. Controversial aspects “This is like a wolf in sheep’s clothing,” Herpig said, referring to active cyber defence, the increased power of authorities, the potential breaking of end-to-end encryption and what critics call ‘chat control’ as part of the new plans to fight child sexual abuse material. Previously, Faeser has supported the storing of IP addresses to fight such content, but the debate within the governing coalition continues due to data and privacy concerns. With regard to the proposed bundling of competences at the federal level, Herpig said that one should “take a close look at what will be written in this amendment to the Basic Law”. At the moment, it is not clear what the changes will look like and what effect they could have. The German digital association Bitkom also criticised that for the sake of a supposed increase in security, the agenda deviates from the coalition agreement as it would intervene more in the private sphere of the citizens. “There must be no dismantling of end-to-end encryption in digital communication,” Achim Berg, Bitkom president, emphasised in a press release. It is very important that the implementation of the measures presented is “quickly specified and the critical issues clarified”, said Berg. Agenda versus strategy While Tuesday’s presentation concerned the cybersecurity agenda, the previous government already presented a cybersecurity strategy last September, just weeks before the elections for a new federal government. The two documents overlap in many points, but the strategy is much broader and to be implemented by the entire government, while the agenda is the work programme for the next few years for the Ministry of the Interior. “It should finally be admitted that it was a mistake to have published the strategy shortly before the election. It is not completely outdated yet, that’s why they are holding on to it. But they are letting it die a slow death,” Herpig added. [Edited by Luca Bertuzzi/Nathalie Weatherald] Read more with Euractiv European cloud providers call "not to give in to the pressure" over sovereignty requirementsEuropean cloud companies want to stand together as EU Agency for Cybersecurity (ENISA) is due to present its new certification scheme to ensure that services are impervious to extraterritorial laws, despite strong opposition.
