Project Aegis: Lower Saxony's Cyber Protection Shield Based on US Technology

Aegis is the mythical shield of Zeus and Athena – and now also of the state of Lower Saxony. This was announced by Interior Minister Daniela Behrens on Wednesday at the state press conference. The core of “Project Aegis” is a system for automatic attack detection and automatic defense, contributed by the Californian company Palo Alto Networks. The project, which has been running for eighteen months, aims to increase the defense capabilities of state institutions, as well as universities and municipalities in the sprawling state – at a considerable cost. In total, thirty million euros have been “invested a lot of money,” said those responsible.

The volume and quality of cyberattacks are constantly increasing, explained the minister – and their systems are also becoming more complex. Therefore, the digitalization department of the Ministry of the Interior, together with IT Niedersachsen, conceived and implemented the digital protection shield. This puts them in a leading position compared to other federal states, Behrens explained. For the challenges of modern IT security, Till Beilstein from IT Niedersachsen used the well-known castle analogy: A thick outer wall is no longer sufficient. Attacks by presumably state actors, for example from Russian territory, but also from Southeast Asia and the Middle East, account for a large proportion of the attacks.

The aim, according to those responsible, is to become faster in detection and response, and for this purpose, AI and cloud-based methods are also being used. The XSIAM (eXtended Security Intelligence and Automation Management) from the US company Palo Alto Networks is intended to help here. It is designed so generously that it can be used by the state, universities, and municipalities, Minister Behrens is sure. Interested parties will be successively brought under the “Cyber Protection Shield” starting in the second half of 2026.

Another goal of the project is a holistic overview of IT security for Lower Saxony. XSIAM is intended to support the N-CERT (Niedersachsen Computer Emergency Response Team) in warning and reporting tasks.

Digitally not very sovereign – out of necessity?

When asked by heise security if this did not contradict the goal of digital sovereignty, Minister Behrens replied: Although Palo Alto Networks is a US provider, digital sovereignty has its limits in provider quality. In the absence of European alternatives, they decided on the world's leading firewall provider from Santa Clara, California, according to Behrens.

Department head Beilstein seconded: It has been ensured through technical and organizational measures that no data flows from the state network abroad, for example into Palo Alto Networks' analysis cloud.

(cku)