Dobrindt: "Deter, defend, and shut down" shortly

Contents

Federal Minister of the Interior Alexander Dobrindt (CSU) wants it, the coalition agreement contains a basic declaration of intent, and now the draft law is to be approved by the cabinet: the legal power for “active cyber defense” by the Federal Criminal Police Office (Bundeskriminalamt, BKA). What the minister understands by this, in contrast to the previous activities of the security authorities, he explained at the federal press conference this morning: “We also want to defend ourselves and disrupt and destroy the attackers' infrastructure.” And that is more than, for example, redirecting Denial-of-Service attacks “only into harmless areas of the network.”

In no case does he want these new powers to be understood as hackback. “A hackback is unconditionally an act of revenge,” said the Federal Minister of the Interior. If, for example, someone attacks the electricity grid, a hospital would be attacked. Here, however, it is about being able to disrupt or change the attackers' infrastructures in an already fully clarified environment, for example, to take over command-and-control servers of botnets.

Technically, the BKA is already capable of this, but the legal framework still needs to be adapted. He wants to get the relevant law through the Federal Cabinet this month, explained the Federal Minister of the Interior. “To deter, defend, and be able to shut down” is what is planned. “We note that cybercrime offenses do not stop at a state border,” says BKA Vice President Martina Link, describing the problem from her perspective. So far, the authority lacks the power to prevent danger; it may only intervene when something has actually happened: “We have to wait until the child has fallen into the well.”

The discussion about preventive action against attacker systems is associated with a variety of pitfalls. Attackers regularly use the systems of actually uninvolved third parties – but from the perspective of the Federal Minister of the Interior, that is not a problem. “We don't go into the network indiscriminately and try to ward off attacks,” Dobrindt wants to counter possible criticism. “Therefore, the idea that one could somehow blindly hit uninvolved parties is unrealistic.” Other states would gladly use the BKA's technical capabilities here, said the Federal Minister of the Interior.

Many successes continue at a high level

Cooperation is what the Federal Criminal Police Office has recently excelled at: month after month, the federal criminal police authority, headquartered in Wiesbaden, has recorded successes in the fight against cybercrime groups – almost always in cooperation with a variety of international partner authorities. However, in some countries, cybercrime is tolerated – also for political reasons. Russia, for example, is currently considered a safe haven; groups are safe there from Western arrest warrants, and the suspicion is repeatedly expressed that there are overlaps between intelligence services and “cybercriminals.” “The traces regularly led to Russia,” says Dobrindt. According to police statistics, two-thirds of offenses are committed from abroad or from an unknown location.

Insurers should pay less for ransomware

335,000 cases were reported to the police in 2025, which are assigned to the field of “cybercrime,” which encompasses a wide variety of criminal offenses – a level almost identical to the previous year. The main economic threat remains ransomware, the BKA recorded 1041 attacks – and assumes a significantly higher dark figure. A problem that Federal Minister of the Interior Dobrindt wants to address: Too often, insurance companies pay ransoms, even though those responsible have not taken adequate care of IT security. “Negligence must not lead to insurance benefits being paid out,” says Dobrindt – and wants to ensure more IT security and fewer ransom payments in this way. Dobrindt did not explain when and how this should be implemented specifically in Berlin on Tuesday.

Lack of content control concerns BKA and Interior Minister

Another major concern is that the transitional regulation for providers to independently search for content depicting child abuse on hosting services and social networks has expired, Dobrindt and Link report. It is a “dramatic mistake” by the European Parliament, says Dobrindt, “not to allow the extension.” Dobrindt did not mention that the Parliament had demanded a permanently legally secure solution for the planned CSA regulation from the outset. The Commission and the Council of Member States had categorically refused the parliamentary position, which resulted in the expiry.

Link also sees the expiry of the content scanning authorization for Facebook, Instagram, Snapchat, Microsoft, Apple, and Co. as a major problem. However, she cannot yet provide specific figures on how much the reporting volume from US providers, which is centrally received by the BKA via the reporting office NCMEC in Germany, has decreased since the expiry of the transitional regulation. This occurred at the beginning of April. The “Good Samaritan” clause in the Digital Services Act (DSA) does not offer sufficient legal certainty for providers, says Link; the legal framework is not clear enough.

(wpl)