The section on cyber-security covers the security of the internet and IT systems (software and hardware), as well as the question of security of critical infrastructure (and related digital technologies such as mobile telephony). Our research into cyber-security investigates the dynamics of cyber-conflict: digital arms races, possibilities of arms control, confidence-building measures, deterrence strategies, and information warfare.
Threat perceptions in this area diverge widely. Some experts believe the risk of an incident, such as a strategic cyber-attack on critical infrastructures, to be massively exaggerated; others foresee dramatic military and civilian threat scenarios. Assessments also diverge between states. Democracies associate the concept of cyber-security with protecting public institutions and private enterprises against strategic cyber-attacks. Many authoritarian states, on the other hand, emphasise information security in the sense of surveillance and control of the public information space.
Because the digitalised world is so closely interconnected, cyber-security can never be addressed in isolation from economic, societal and (foreign) policy questions. For example, new internet security measures have immediate national and international repercussions on fundamental rights such as freedom of expression and the right to privacy.
To further complicate matters, the terminology in this field of security policy is still vague, not least on account of the many actors vying to set the terms of the debate. “Cyber”, “digitalisation” and “internet” tend to be used interchangeably. “Cyber-security strategies” were initially restricted to the classical fields of security; today they are defined much more broadly in Germany and Europe, covering a much broader spectrum than the IT security of the technical infrastructure. The prefix “cyber” originally derives from the Ancient Greek term for “to steer”, and is also used in a broad sense to refer to digital technologies.
There are signs—particularly the lack of high-level cyberattacks—that the United States and Russia are trying to avoid an escalatory cycle in cyberspace.
Recently, the Federal Cabinet adopted the Cyber Security Strategy 2021; it formulates the fields of action and goals for the next five years. However, the decisive factor for success is missing, say Annegret Bendiek and Matthias Schulze.
What Part Does the New EU Cybersecurity Act Play?