Forging Effective Cyber Defense

Forging Effective Cyber Defense

Nations that share democratic values should cooperate to stop threats emerging from cyberspace

By Dr. Hans-Georg Maaßen, director general of the German Domestic Intelligence Service, BFV

Protecting highly sensitive information and critical infrastructure is the most important aspect of domestic security. Modern societies depend on these to function well. Data protection and round-the-clock availability of communications systems have become matters of survival in the 21st century. Cyberspace offers enormous opportunities, but it also involves real threats to domestic security. Cyberspace is full of threats to data security, electronic systems and personal privacy. 

Germany’s domestic intelligence service, BfV,  has been tasked with the collection and analysis of data related to threats to the security of the state and intelligence activities carried out on behalf of foreign powers, regardless of whether they are based on human sources or surveillance images and electronic intercepts. The BfVserves as an early warning system for the federal government and parliament. The information it gathers is used to compile situation reports and assist in executive decision-making.

Data protection in cyberspace

A year ago, cyber attacks — or perhaps cyber war — would have received most of our attention. Today, Edward Snowden, who worked at the United States National Security Agency (NSA), betrayed state secrets and disclosed more information than the best Russian spy could have collected during the Cold War. And Snowden wasn’t even a top agent with special training but simply a person with access — thanks to modern technology — to large amounts of data that no one would have been able to tap into in the past. 

These disclosures have raised our threat awareness. How will we effectively protect data from being maliciously accessed by individuals “on the inside” in the future? We have a better understanding of why data protection is necessary, but those who use the Snowden case as a pretext to keep silent on real threats, such as electronic attacks from China or Russia, are turning a blind eye to a dangerous situation.

For decades, German and U.S. intelligence services have profited from close cooperation. Thanks to this cooperation, a series of terrorist attacks against Germany have been prevented.

Legal basis for signals intelligence

All intelligence services engage in strategic signals intelligence gathering — not only those from the U.S. However, U.S. signals intelligence such as the NSA’s PRISM surveillance program is different because it is based on laws that allow the storing and filtering of data to the extent technically possible. U.S. intelligence agencies may collect data inside and outside the U.S. if deemed necessary, as in the case of counterterrorism efforts. Within U.S. borders, U.S. laws apply. And it makes sense for the U.S. to make use of all legal and technical means available. But how about in cyberspace? No rules yet exist for this domain.

The jurisdiction of the BfV, on the other hand, ends at the German border. The German approach is different. Germany’s foreign intelligence service, the Bundesnachrichtendienst, does not store data — it only filters it. From a continuous flow of data, it takes only what is relevant for its ongoing work.

U.S. and German intelligence services have one thing in common: A legal basis is required to filter data. In both countries, it is unlawful to collect data and spy on private individuals for economic or political reasons. Depending on the facts and requirements of any given case, filtering data is lawful to fight terrorism, to protect national security and to combat proliferation and international organized crime.

The U.S. and Germany adhere to the rule of law, and this also applies to their intelligence services. They may not exceed their powers and collect and store data without legal authorization. At the BfV we observe the law, and oversight of intelligence services is provided by such authorities as the Parliamentary Control Committee, the German Bundestag’s G-10 Commission and independent courts. The U.S. system is similar in this respect. From our perspective, there is no doubt that our American colleagues are operating within the law.

The same cannot be said for all states engaged in strategic signals intelligence activities. Other states also have access to network nodes on land, or international broadband cables, or have submarines that can tap into these deep-sea cables. These states may have no legal basis for filtering data, nor any scruples about filtering, collecting and storing data to promote their own economic interests.

Cyber attack challenge

Apart from signals intelligence, cyber attacks have become an ever more urgent problem. Electronic attacks by intelligence services present a great threat potential in terms of quantity and quality. Cyber attacks can be carried out via the Internet or by manipulating hardware. Owing to its political and economic strength, Germany has long been a preferred target of foreign intelligence services, both in the real and virtual worlds. The large number of cyber attacks on federal agencies confirms this.

Cyber attacks are no longer simply Trojan horses or virus-infected emails but have developed into customized viruses that apply social engineering to target victims with precision. The attacker knows exactly who holds an important position and who might open and read an email with a certain subject line. Some intelligence work is required to identify this type of virus or Trojan horse.

Cyber attacks most often seek to weaken Germany’s foreign and security policy, as well as German and European fiscal policy. Industrial espionage focuses on the German economy, and the states behind these efforts are usually those that routinely use intelligence services to promote their own economy. The number of attacks against the German private sector is unknown because companies that have been victims of cyber attacks tend to remain silent. 

Extremists and all kinds of terrorists also take an interest in cyberspace. They use it for agitation, propaganda and recruitment. Cyber wars are directed against a state and its vital infrastructure but also against extremist opponents. In most cases, the attackers’ capabilities have been restricted by their limited knowledge, allowing only low-level attacks. But if they are sufficiently skilled, extremists would happily cause greater damage.

Cyber threats come from different vectors of the extremist spectrum. It will be interesting to see whether cyber guerrilla attacks will become the preferred option of militant resistance for left-wing extremists in this century. A couple of years ago, “jihadists” called for the establishment of an “Institute for Electronic Jihad” and emphasized the importance of Supervisory Control and Data Acquisition attacks on control systems for power and water supplies, gas grids, electronic airport and railway systems, and computerized stock exchanges and banking.

The threat is evolving with the same rapidity as cyberspace is developing. Therefore, we need to cooperate and share information with foreign partners whose interests and values we share.

This article is based on a lecture at the 10th International Law Conference of the Konrad Adenauer Foundation in Bonn, Germany, on October 16, 2013.