The German military, or Bundeswehr, has launched a new Cyber and Information Space Command (CIS) to tackle attacks from hackers and foreign spy agencies.
The Bundeswehr has long been seen as a high-value target because of its military secrets, but its IT-supported weapons systems also mean that a successful cyber attack could have devastating global consequences.
German Defense Minister Ursula von der Leyen from the ruling Christian Democrat party has described attacks from cyberspace as, “a growing threat to our security.”
They are also a threat to prosperity: Europol estimates that Cybercrime costs EU Member States 265 billion euros each year, with the figure rising to 900 billion euros for the global economy.
Headed by Lieutenant General Ludwig Leinhos, CIS will have its own organisational structure, putting it on the same institutional footing as the other five branches of the German military.
Based in Bonn, the CIS will initially have a staff of 260, to be expanded to 13,500 by July, by which time existing capacity from other branches of the military will have been incorporated into the new structure. By 2021, it is anticipated that the CIS will be staffed by a total of 14,500 people, including 1,500 civilians, and will be fully operationally effective.
The Bundeswehr is recruiting for IT specialists on the open market, as well as from other branches of the German military, and from the new cyber cluster in the Bundeswehr’s university in Munich.
reactivity and flexibility
Cyber threats are constantly evolving, and one of the challenges faced by the new CIS will be to keep ahead of the pace of change. IT specialists have cast doubt over the ability of the Bundeswehr as currently configured to keep up: its procurement processes are notoriously slow, for example. It will need to show itself to be much more flexible and agile in future.
Last June, NATO designated cyber as an official operational domain of warfare, along with air, land and sea, having witnessed a five-fold increase in suspicious events on its networks in the previous three years.
The CIS is by no means the first cyber command to be established in Europe. The EU’s European Cybercrime Centre was established in 2013 and has a threefold focus on forensics, strategy and operations.
In France, the Sub-directorate in the fight against cyber crime was established in 2014 and is staffed both by gendarmes, who are part of the military, and the police. The SDLC works closely with EC3.
The UK moved towards a more active defence of cyberspace in 2016 when it created the National Cyber Security Centre. It aims to protect government and critical infrastructure from cyber attack, and is part of GCHQ, the UK Government Communications Headquarters.
German authorities are clearly worried about the cyber threat from Russia, following a series of recent cyber attacks on German political parties, as well as propaganda and disinformation campaigns, all of which Russia has denied.
It is perhaps no coincidence that, following allegations of Russian interference in the US presidential elections last year, Germany has chosen to launch CIS in 2017, the year when its own elections will be held.