Concerns Rise at Potsdam Cybersecurity Conference

The state of cybersecurity in Germany was the focus of discussions at the recent Potsdam Cybersecurity Conference, which brought together representatives from government, industry, academia, and civil society over two days.

Despite pleasant weather, the outlook on cybersecurity remains grim. Discussions at the conference, held at the Hasso Plattner Institute, covered a wide range of topics, from combating misinformation to the implications of cloud computing and the role of artificial intelligence in cybersecurity. However, experts struggled to provide definitive answers to these pressing questions.

Central to the discussions was the ongoing threat posed by Russia. Generalmajor Jürgen Setzer, the Deputy Inspector for Cyber and Information Space of the Bundeswehr, emphasized that while Germany and Russia are not currently at war, the nature of peace has shifted since 2022. He noted the necessity for strengthening cybersecurity capabilities across all levels, highlighting that the Bundeswehr is well-prepared for conflict in the cyber domain but still has room for improvement in electromagnetic capabilities. Setzer asserted that there is no clear distinction between internal and external security in the context of hybrid threats.

Sinan Selen, Vice President of the Federal Office for the Protection of the Constitution, echoed these concerns, stating there is a high willingness to accept risks, including potential harm to individuals. Claudia Plattner, President of the Federal Office for Information Security, underscored the persistent and alarming state of cybersecurity threats, particularly from Russia, which remains the leading source of attacks on digital infrastructures.

Discussions also revealed differing opinions on the effectiveness of current cybersecurity measures. Wilfried Karl, head of the Central Office for Information Technology in the Security Sector (ZITiS), suggested that cloud computing could be part of the solution, provided it is managed securely. In contrast, Manuel Atug from the Critical Infrastructure Working Group pointed out that many organizations continue to struggle with basic cybersecurity practices, with significant issues arising from a lack of data backups.

Moreover, the conference participants highlighted the shortcomings in self-regulation within critical infrastructure sectors, leading to significant financial losses due to cybersecurity incidents. Christoph Bausewein from Crowdstrike noted that unclear and contradictory regulations further complicate the situation.

One point of consensus among experts was the need for a more integrated approach to physical and cybersecurity, emphasizing resilience as a core objective. This encompasses various aspects, including digital sovereignty and the public's ability to discern misinformation.

The topic of misinformation was addressed, with Sven Meyer-Ottens, Director of the "Forum Innovative Technologies" at the BND (Federal Intelligence Service), acknowledging foreign influence in domestic affairs. He indicated that strategies aimed at inciting outrage are employed to undermine public trust in governmental actions, particularly concerning sensitive topics such as migration and infrastructure issues.

Military historian Sönke Neitzel criticized the BND for its abstract communication about threats, urging a clearer and more direct public engagement from political leaders responsible for the intelligence services. He pointed out the delicate balance between raising awareness and causing unnecessary panic among the population.

Discussions also touched upon the roles of platform operators in combating misinformation, with Harmen Zell from Meta asserting that the company has effective measures in place. While he acknowledged the current reliance on fact-checking, he noted that alternative systems, such as Community Notes, could potentially have a greater impact on addressing misinformation.

Looking ahead, agencies such as the BND, BfV, BKA, BSI, and the Bundeswehr are expected to collaborate more closely under the current government. Holger Münch, head of the BKA, expressed optimism regarding the expansion of his agency's powers, which would allow for more effective responses to cyber threats, including the neutralization of botnets. However, he clarified that these measures would not involve retaliatory actions, as the BKA's focus is on preventive measures.

Münch concluded on a positive note by stating that proactive measures against ransomware have proven effective, with forthcoming statistics from the BKA expected to illustrate a decrease in cybercrime incidents.