heise PlusAbo
Anzeige

MCSC: Cyberdefense alone is no longer enough

European military and intelligence services call for a reassessment of counterattacks in hybrid warfare. New mandates and European tools are needed.

listen Print view
Artistic representation of the outline of Europe in the form of a mosaic of hexagons in different shades of blue

(Image: StudioProX/Shutterstock.com)

4 min. read
By
  • Monika Ermert
Contents

Defensive tactics in cyberspace are no longer sufficient, emphasized representatives of the US, British, and German militaries at the two-day Munich Cyber Security Conference. It is necessary to be able to respond to attacks on all levels, said General Michael Vetter, CIO of the Bundeswehr. "We must also be able to escalate, and above all, there must be no no-go areas where attackers can roam," Vetter stated. "We are in a hybrid war," seconded Vetter's British colleague Rob Magowan, Commander Cyber Operations at the British Armed Forces, "and one can say we are on the losing side."

Bundeswehr and BND: Ready for Cyber Counterstrikes

For the first time, active cyber defense is being seriously discussed in Germany, Vetter assured. "If we are certain about attribution, and we have the technical capabilities for a counterstrike, why shouldn't we do it?" Vetter asked. According to a recent study on 'Cyberforces' [PDF] in NATO countries, 16,000 military and civilian personnel were actually serving in the 'Cyber and Information Domain Service' in 2025.

Martin Jäger, President of the Federal Intelligence Service (BND), also advocated for hack-backs at the Munich Security Conference: "We should make it clear to the other side that if you continue, it will not be without consequences." In a panel on NATO's posture in hybrid warfare, Jäger described attacks on elections, drone sightings, and the fire at a DHL package on the tarmac as attacks that should not go unanswered.

He added that one can indeed act asymmetrically. Attacks on railway lines do not have to be answered by "attacking railway lines ourselves in a country further east." Instead, the theft of funds from crypto accounts could serve as a painful payment.

Missing Competencies, Missing Speed

According to representatives of the BND and the Bundeswehr, what is still missing for "active cyber defense" are the appropriate legal regulations. The Ministry of the Interior is proceeding too slowly with drone defense, warned Christian Badia, a retired Luftwaffe general, on the sidelines of the MCSC. Not least, how cyber defense is divided between the Bundeswehr and the intelligence services is highly controversial. A possible authorization of the BND for cyber strikes, as presented in the draft for the BND Act from the Dobrindt ministry, is viewed critically by the Ministry of Defense, according to recent reports.

Videos by heise

BND representatives attributed the lack of speed due to excessive bureaucracy to the "national attribution processes," such as the declaration of Russian attacks on the Bundestag election by Storm1516. There is a lack of authorization for information exchange between the various German agencies and also with foreign partners, stated BND Vice-Chief Dag Baehr at the MCSC. "It is so over-regulated. I am not allowed to share what I could share," Baehr criticized.

Europe's Own Five Eyes?

New forms of more flexible cooperation between EU intelligence services were advocated by the head of the Estonian intelligence service, Kaupo Rosin. There are ideas for a European Five Eyes alliance – analogous to or as an alternative to the old intelligence cooperation between the USA, Great Britain, Australia, Canada, and New Zealand, Rosin said.

However, the trend according to Rosin is rather towards shifting coalitions between intelligence services in Europe. These are structured and mandated very differently. Some have authorization for offensive actions. Depending on the objective, one can therefore come together in different constellations, Rosin said. Pure listeners are undesirable in the new world order, and "stronger operational cooperation is necessary," he reported.

Request for European Reconnaissance Tools

Rosin's most urgent request to companies at the MCSC was different: "I hope that you are not only thinking about cyber defense here, but also about cyber offense and that you provide us with the necessary tools for it." Currently, such tools have to be purchased from non-European providers. However, these are very expensive, so his message to the company representatives gathered at the MCSC was: "Please offer us European solutions!"

(nie)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten