Comment
Federal Government Founds Agency for Cyber Security
In order to improve the protection of the country and its infrastructure, the German government is founding an agency for cyber security. But it has several »birth defects«
The German government has announced the establishment of an »Agency for Cyber Security«. It is to start work at the beginning of 2019 and will later consist of 100 employees. The budget is 200 million euros for the next five years. With 80 percent of this sum, the agency is to fund research projects on cyber security. The aim: to improve the protection of state institutions and infrastructure against cyber attacks. It will also make Germany less dependent on technologies from other countries. The German government is also driven by fears of public opinion being influenced by Russia, as seems to have happened before the US elections.
The agency reports to the Ministry of the Interior and the Ministry of Defense. Conflicts are inevitable. Both the Ministry of the Interior and the Ministry of Defense have a fundamental interest in carrying out cyber attacks themselves. This is also perfectly legitimate: the German military must be able to develop deterrent potential in the event of cyber attacks and the police must be up to date in order to combat organized crime and terrorism. An agency that is to research and develop defensive measures against precisely such attacks is incorrectly located with the ministries mentioned, because elementary conflicts of interest become inevitable thereby. The fact that two ministries also share the authority to issue directives suggests that the distribution of responsibilities was not based on factual reasons but rather on some kind of proportional representation or that political considerations or personal vanity played a role..
It may be legitimate for an agency for cyber warfare or cyber espionage to be set up at the Ministry of the Interior and the Ministry of Defense. An organization that is to ensure cyber security must be independent of ministries. The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI), which reports to the Federal Ministry of the Interior, is already facing the same dilemma. Why is the BSI not entrusted with the tasks of the cyber security agency? Possibly because it has failed catastrophically in the fight against the cyber attack on the intranet of the Bundestag in 2015?
However, this failure is not due to the employees, but because the BSI is chronically underfunded. The 100 employees who will make up the agency for cyber security would certainly be in good hands at BSI. However, such employees do not stand in line to apply there. Even well-paying industrial companies have difficulties finding experts in cyber security. So if you want to do something for cyber security in this country, then instead of setting up another agency, you should make the BSI independent and enable it to do its job. For example, it would be necessary to break down public service tariffs and pay competitive salaries.
