After years of using the Internet as a scapegoat for what went wrong, elaborating on censorship strategies, containing the Internet as the core element to that strategy and finally back-dooring email exchange for ‘official purposes’ the German government finally got the twist when it announced a cyber-strategy last week.
Last year, the German army already announced that they work on a unit which is formed as equivalent to te US cybercommand. Hackers in uniform if you want to call it like that. 2011 or 2012 is the first deadline for these apprentices of postmodern warfare and I hope that good work is done there. Back then it was already clear, that more has to be done that just putting up a military cyber-defense unit. A civilian one is needed.
Of course there are already law enforcement units in place allover Germany which deal with cyber-crimes and related issues. Adding that to the military part of cyber-defense is a good starting point but it still leaves out one of the most valuable and also vulnerable parts of the National Information Infrastructure: The business sector.
Germany is and has always been (at least for some time now) not only a country of engineers but also a country of inventions and knowledge as one of the most important values and also exports. Unfortunately, knowledge in the form of information is also the main target of cyber-crimes/ cyber-warfare. So we shield ourselves against cyber-attacks attacks against the state by the army unit, against individuals and groups by law enforcement but what is really needed is an umbrella protecting and offering help the the private sector. I do not really feel strong about state intervention and companies would favor to be responsible for their own digital security but some cannot afford it and the others do not really care. Awareness, Support and Pro-Activeness in targeting the private sector would be something I want to get from the new cyber-strategy.
In modern warfare, a bomb shell fired from one country to the industrial complex of a car factory in another country would be an act of warfare and therefore the state’s responsibility for retaliation. A hack originated in another country, targeted at the blue prints of a concept car in said factory should fall under the same responsibility, right?