In the summer of 2022, Federal Interior Minister Feser presented the National Cybersecurity Agenda. It reads well because politically it aims to achieve a “robust security architecture and the highest possible level of security in cybersecurity”. But now, two years later, unfortunately there is not much left of the glossy work with picture agency graphics and lots of colorful symbols.
Advertisement
Of the 47 projects planned in the agenda, only four have actually been implemented so far. This is revealed by the response of the Federal Ministry of the Interior to a request by Anke Domscheit-Berg (left) in the Digital Committee, which is available online at Heise. Accordingly, eleven projects are currently on hold – i.e. not yet started -, the rest are still being implemented, it is not clear at what stage.
No frivolity, but the future of digitization
The content is not just about trivia, but about key questions central to Germany as a digital space. There is no trust in technology without cybersecurity, and no sensible digitalisation without trust in technology. That’s the case Cybersecurity on the agenda There is talk of expanding the BSI into a central office in federal-state relations and making the authority more independent.
Dennis-Kenji Kipker is scientific director of the cyberintelligence.institute in Frankfurt am Main and professor of IT security law.
There should also be improvements in the powers to investigate cyber-attacks by foreign powers and to improve the BKA’s investigative capabilities in cyberspace. ZITiS should be given a legal basis, investments should be made in quantum computing for cyber-secure government communications and the principle of “security by design” should be promoted in the federal administration. But it is not only about public institutions, but also about how we can optimize the cybersecurity of SMEs belonging to the KRITIS sector.
Instead of practicality, split hairs
These topics are indeed thick subjects that cannot be dealt with from one month to the next, but we have been talking about several key topics for years; about the independence of the BSI, the legal status of ZITiS or the reform of the German computer criminal law – keyword: hacker paragraph. All issues that should have been addressed politically long ago and in fact even before the agenda of the Fesser.
But instead of a practical approach to cybersecurity, we are faced with political demands, theses, speculations, and hair-splitting that are not intended to promote the issue, but merely political and media discussion about it. Cybersecurity is not unimportant to the federal government; it appears unable to decide on truly clear issues in favor of cybersecurity.
Cybersecurity is no longer just about public safety
In fact, the national cybersecurity agenda itself is the problem. Because it is so deeply intertwined with domestic politics, the federal government puts itself in a decision-making dilemma: it cannot decide in favor of cybersecurity, even if it is so relevant, if it could potentially collide with the interests of public safety now or in the future. We urgently need a national rethink of cybersecurity in this country: Cybersecurity, like digitalization, is an inter-departmental issue.
The political view that cybersecurity is solely a BMI issue dates back to the 1980s, when digitalization was primarily a “state task” and is now completely outdated. And while people in Berlin continue to spin around this decision-making dilemma and discuss it politically, elsewhere the facts have long been established; because the threat from cyberspace is not just coming out of nowhere, but has long been real for the economy, the state and society.
Act now instead of arguing
So cybersecurity is neither an end in itself nor an abstract topic of political discussion, but rather a constitutional responsibility of the state to ensure security. They also have to comply in terms of content, especially beyond colorful brochures and flowery political declarations. If the federal government doesn’t pay attention to this soon, it will be more dangerous than ever, especially in these times, because if there is one thing we don’t need right now, it is cybersecurity on paper.
(Never)
