Cybersecurity in Germany

In 2016, Germany's government presented its third cybersecurity strategy, which aims to strengthen the national cyber defence architecture, cooperation between the state and industry, and individual users' agency. For many years, Germany has followed/adopted a preventive and engineering approach to cybersecurity, which emphasizes technological control of security threats in cyberspace over political, diplomatic and military approaches. Accordingly, the technically oriented Federal Office for Information Security (BSI) has played a leading role in Germany's national cybersecurity architecture. Only in 2016 did the military expand and reorganize its cyber defence capabilities. Moreover, cybersecurity is inextricably linked to data protection, which is particularly emphasised in Germany and has gained high public attention since Edward Snowden's revelations.

On the basis of official documents and their insights from many years of experience in cybersecurity policy, the two authors describe cyber security in Germany in the light of these German peculiarities. They explain the public perception of cybersecurity, its strong link with data protection in Germany, the evolution of Germany's cybersecurity strategies, and the current organisation of cybersecurity across the government and industry. The Brief takes stock of past developments and works out the present and future gaps and priorities in Germany's cybersecurity policy and strategy, which will be decisive for Germany's political role in Europe and beyond. This includes the cybersecurity priorities formulated by the current German government which took office in the spring of 2018.