In the final stages before the Bundestag elections, the cabinet adopted a cyber security strategy. However, its goals and measures are unlikely to be implemented by the next government. EURACTIV Germany reports.
“The threat level in cyberspace is very high. The state, together with business and society, must ensure that the new technologies can be used securely, freely and in a self-determined manner,” said Interior Minister Horst Seehofer on Wednesday (8 September) during the presentation of the strategy developed in close consultation with stakeholders from business, science and society as well as the EU Agency for Cyber Security (ENISA).
Due to the acceleration of digitalisation during the pandemic, the threat levels have massively intensified since 2020. According to the Federal Situation Report for Cybercrime, every fourth to fifth German company with more than 500 employees has already been a victim of ransomware attacks.
“Not least due to the increased threat, fast and decisive action is required to make digitalisation safe for all,” the President of the German Digital Economy Association (BVDW), Matthias Wahl, told EURACTV, adding that the strategy builds on this.
However, the strategy, of which the measures and objectives are non-binding, could have little to no consequences on the next government.
A strategy without effect?
The cybersecurity strategy was already met with massive criticism in the run-up to its adoption.
In an open letter published in June, almost 40 associations as well as a large number of representatives from science and civil society called on the federal government to postpone the adoption of the strategy until the next legislative period.
The strategy attempts to define the main fields of action for cybersecurity in Germany over the next five years and to formulate objectives, and thus covers almost the entire next legislative period.
But in view of the upcoming Bundestag elections likely setting up a new government constellation, it appears doubtful whether these goals can be implemented.
For example, the office of Falko Mohrs (SPD), a member of the digital agenda committee in the Bundestag, said in response to a question from EURACTIV that the strategy is merely a basis for discussion because “none of the possible future governments will see themselves bound by this decision.”
Whether adopting such an essential document for cybersecurity on the final few steps of the German government before the upcoming elections ‘makes sense’ is also viewed critically by digital association Bitkom.
It is questionable “to what extent adopting the strategy before the federal elections makes sense at all, and whether a decision with concrete budgeting and distribution of measures with the new federal government would not lead to more efficient implementation,” Susanne Dehmel from the digital association Bitkom told EURACTIV.
It is thus uncertain whether the strategy’s goals even have a chance of being implemented – especially because the opposition has massively criticised many of the strategy’s measures.
The liberal FDP party – likely to be the kingmaker in post-election coalition negotiations – has vehemently criticised the strategy, notably the expansion of intelligence powers at the expense of encryption, as well as the keeping open of security loopholes for surveillance purposes.
FDP’s digital policy spokesman, Manuel Höferlin, said in a statement, that the cyber security strategy confirms the federal government’s reputation “as Germany’s biggest security risk”.
Mario Brandenburg (FDP), chairman of the Bundestag’s Digital Agenda Committee, even called some of the measures targeted in the strategy “pseudo-helpful digital polemics.”
Harsh criticism of the strategy also came from the Greens. The party’s deputy parliamentary group leader Konstantin von Notz called the cyber security strategy an “insecurity strategy” and demanded stronger “vulnerability management” in a statement.
Internet association eco also criticised the strategy, particularly the goals and initiatives in the field of area of law enforcement and intelligence policy.
“Both points of criticism should be urgently looked at again and corrected by the next federal government at the latest,” eco board member Norbert Pohlmann told EURACTIV.
However, in view of the heightened threat situation, the next government must make cybersecurity a priority “because the security of information technologies is crucial for the success, the radiance and the digital sovereignty of Germany as a business location,” Bitkom’s Dehmel also said.