Enable breadcrumbs token at /includes/pageheader.html.twig

German MOD Makes Sweeping Changes to Counter Cyberthreats

NATO allies rely more heavily on industry for solutions to counter attacks on networks, infrastructure.

Katrin Suder, state secretary at the German Federal Ministry of Defense says cybersecurity is a game changer. Photo by Marcos Fernandez Marin, NCI Agency

Erki Kodar, undersecretary for legal and administrative affairs for the Estonian defense ministry talks of a volunteer civilian cyber defense force to protect national networks. Photo by Marcos Fernandez Marin, NCI Agency

Cybersecurity reaches far beyond processes to make doing business easier—it’s the “game changer” to counter real consequences that threaten everyday life, said Katrin Suder, state secretary at the German Federal Ministry of Defense.

“Cyber attacks are no more science fiction,” Suder said. “They are real and will become even more critical in the future. The trajectory [of safeguarding networks] is not going in the right direction.”

Germany’s defense ministry is making sweeping reforms in the cyber arena, beginning with centralizing cyber and information technology into a single structure and creating a new chief information department, Suder said on the final day of the NITEC 2016 cyber conference, held this year in Tallinn, Estonia. The three-day event is presented by the NATO Communications and Information (NCI) Agency and AFCEA Europe and organized in cooperation with the Estonian Ministry of Defense. The 2017 conference will take place in Ottawa in April.

“A word on centralization—I’m not a big fan,” Suder said. “It usually makes things slower and kills innovation.” But within the department it is a must for success, she shared.

As such, the ministry is seeking to engage with different cyber-based companies than usual, such as startups and small businesses developing solutions to combat the spiraling global cybersecurity environment—which has worsened in recent years and contributed to a “new normal” of instability, Suder offered. The trend bolsters arguments to make cyber and information space a distinct, new warfighting and operational domain.

Cyber-based attacks make for the ideal asymmetric weapon—cheap, precise, effective and difficult to attribute and find culprits, she added.

Germany’s migration to a centralized IT approach, along with greater reliance on industry for solutions, mirrors some of the efforts by NATO allies to bolster the readiness and responsiveness of its forces. At the 2014 Wales Summit, the alliance agreed on its significant readiness action plan (RAP) to guide actions for partner nations to be prepared to respond swiftly and firmly to security challenges.

To that end, Estonia’s government, in part, relies on an army of volunteers to help the small, cash-strapped Baltic nation defend its networks against cyber intrusions—a successful endeavor that enhances its cyber defense and fortifies industry relations, said an Estonian ministry of defense official.

The commonly called Cyber Defence League is an innovative model enlisting volunteers, strengthening the professional cyber skills of volunteer members to prepare and enhance support capabilities in the event of a crisis, said Erki Kodar, undersecretary for legal and administrative affairs for the Estonian defense ministry.

A decade ago, cyber “didn’t keep our leaders up at night,” Kodar said. “Cyber and IT were something innately civilian at that time. [Military] focus had been on conventional warfare. In 2007, all of that changed with the infamous bronze soldier relocation.”

In April 2007, Estonian officials moved the controversial war memorial commonly referred to as the Bronze Soldier of Tallinn, which sparked protests that led to riots and a follow-on series of debilitating cyber attacks against key sites, including parliament, banks and news media, which officials have pegged on Russia. For years, relations between the two nations have been strained.

It was no coincidence, Kodar said, that the alliance established its premier NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia. The mission of the CCDCOE, an international military organization, is to enhance the capability, cooperation and information sharing of education, research and development and lessons learned.

Global companies and governments struggle with cybersecurity and information technology needs due to the lack of a stable and talented work force. Estonia starts early with its recruitment efforts with government agencies hosting high school- and university-level cyber competitions to introduce youth to cyber, he said.

“Defense starts at home and the alliance can be only as strong as its members,” even the small nations. “Size doesn’t matter in cyber.”