Cyber defence
Increasing technological development has caused society to change rapidly: it is not only information on our private lives that is increasingly being stored or shared on the Internet; processes across industries such as business communications or workflows are also subject to digital transformation. E-mails and cloud services have long since become a part of the information exchange in politics, business and science.
This has made our society more connected and dynamic, but also more vulnerable. The reason is that modern technologies come with a significant potential for attack and that the possibilities the Internet provides to remain anonymous enable potential attackers to operate largely in secret.
The Federal Republic of Germany with its open and pluralistic society is a particularly attractive target for foreign intelligence services due to its geopolitical situation, the role it plays within the EU and NATO, its economic stability and not least its leading position in several segments of cutting-edge technology. Cyber attacks have long been a standard tool used by foreign intelligence services for espionage and have increasingly become so for influence activities; they may also be used for cyber sabotage in case of conflict.
The cyber defence of the Bundesamt für Verfassungsschutz (BfV) continuously carries out preventive monitoring and analysis of the activities directed against Germany undertaken by foreign states or by “APT groups” controlled by such states. BfV’s cyber defence moreover supports entities at risk and victims of cyber attacks.
To avert cyber attacks before they occur, intelligence about the respective actors is of major importance. With a view to gaining such intelligence, BfV’s cyber defence analyses the attacks and attributes them to profiles that take both the technical capabilities and the socio-political interests of state attackers into account. The attribution of a cyber attack is an essential element of investigation proceedings and helps the Federal Government make political decisions.
BfV’s cyber defence provides information about possible attacks and publishes technical indicators (indicators of compromise), which entities at risk can use to determine whether they have been affected and to take appropriate protective measures. Furthermore, BfV’s cyber defence publishes warnings as the need arises, for example in the shape of its “Cyber-Brief” (“Cyber Letter”).