Germany struggles to step up cyberdefense

Along a broad, tree-lined avenue near the heart of Bonn, a shimmering glass and concrete building rises above a small side street. A black iron fence, retrofitted to secure the perimeter, bears a warning: This is military territory.

The office complex houses the German military's new Cyber and Information Domain Service (CIDS), a command center that oversees a vast team of soldiers and civilians defending and protecting the Bundeswehr's critical networks and information systems. Defense Minister Ursula von der Leyen inaugurated the cyber command at a ceremony in April 2017, hailing it as a milestone in German defense as cyberattacks become a fundamental threat to security.

Read more: Bundeswehr cybersecurity center trains elite counterhackers

"There are daily incursions on our systems and networks, regardless of notions like peace, crisis, conflict or war. They come from various players, private and governmental," she said. "And to be clear: When the Bundeswehr's networks are attacked, we are allowed to defend ourselves."

Over the past year and a half, the CIDS has taken form as a nucleus of 260 staff oversees soldiers and civilians working across various units, from military intelligence to information space, IT communications and geographic information systems. This is no army of hackers, however: Military personnel have been reassigned and disparate IT structures streamlined.

Between narrow office corridors and conference rooms, banner stands display slogans used to advertise the cyber command's mission statement and attract new talent:  "We're defending freedom – now online too," one reads.

Cyberattacks have become standard tools

The CIDS's emerging role in German defense comes as the country is grappling with a growing number of serious and sophisticated cyberattacks on government, industry and infrastructure. The interior ministry's annual "Report on the Protection of the Constitution," released July 24, noted that cyber espionage, sabotage, and disinformation campaigns have become standard tools for foreign intelligence agencies and hackers, particularly from Russia, China and Iran.

As the government is battling to shore up defenses, the military is warding off its own threats. The Bundeswehr says it identified and repelled around two million unauthorized attempts to access their systems in 2017; 8,000 were high-level threats that would have penetrated the military's IT systems if defensive measures (firewalls, for example) had failed.

The CIDS is at the core of the Bundeswehr's cyber strategy. Alongside the army, air force, navy, joint support service and joint medical service, the cyber command is now an equal branch of the armed forces. Defending the military, and Germany, in cyberspace has become a central priority at a time when the country has been asked to take on a greater role in NATO and European defense as well.

"The German military is active in Afghanistan and Mali and didn't have to develop cyber capabilities until now. It's a hugely bureaucratic apparatus with so many staff and billions in funds, so it took some time to develop. Now it's become clear that protecting cyberspace is a central part of defense," said Florian Kling, a Bundeswehr captain and IT specialist who leads a military watchdog group called Darmstädter Signal.

One of the linchpins of that defense is the CIDS's Bundeswehr Cybersecurity Center, a unit that defends the military's IT. Branch head Lieutenant Colonel Marco Krempel and his team are responsible for everything from shielding weapons technology (think drones that can be hacked) to operating cyber war-game training — exercises where blue teams have to stave off incursions from red teams. A situation room is staffed around the clock to monitor incidents and send out emergency response teams.

"The attacker has it pretty easy — he or she only needs to find one weak link to exploit. Once they have identified that point, they basically have reached their goal," said Krempel. "The defense has a much more difficult task: They have to determine where the weak links are and fortify them. That explains why those protecting our system also need to have a fairly good knowledge of offensive measures, in order to defend well. But our center is strictly tasked with defending."

Read more: Estonia buoys cybersecurity with world's first data embassy

Defending involves identifying flaws in the military's security infrastructure that a hacker could exploit. When asked about attributing an attack to a particular source, however, Krempel pointed out that's not part of his unit's core duty. And as cyberattacks have grown increasingly complex, the ability to identify the source of an attack with 100 percent certainty has become near impossible, he added.

Bundeswehr needs to become an attractive employer

Attribution is one hurdle; recruitment is another. As the CIDS expands — expected to reach full operating capacity by 2021 — it remains unclear how the military expects to fill its ranks. A special degree program at the Bundeswehr University Munich is training the next generation of cyber defenders, but in the meantime, the defense ministry has to compete for a limited pool of talent against other government agencies and far more lucrative tech jobs. That is why the military is working on incentives for high-level talent willing to join the squad. They also introduced an initiative called cyber reserve, whereby IT specialists reluctant to leave top industry positions can temporarily come on board and share their expertise with the Bundeswehr.

Read more: Why is Germany leasing armed drones?

This all comes as the defense ministry has been fighting larger battles — for one, securing more money. The armed forces' budget is set to rise to €42.9 billion ($49.8 billion) in 2019, a spending hike of more than €4 billion, after Defense Minister von der Leyen criticized the original budget proposal as too thin. Germany is under heavy pressure from NATO allies, chiefly the US, to spend far more. Whether the additional funds will address the yawning gaps in the Bundeswehr's equipment and readiness — defective jets and tanks and inadequate body armor for winter missions — remains to be seen.

Meanwhile, the CIDS squad faces the difficult task of expanding to meet cyber challenges of the future while defending current systems against an increasingly intricate array of threats.

"The world won't stand still. Everything we're changing right now is essentially like open heart surgery," said Marco Krempel. "The usual work is continuing, but we're restructuring as we go. Restructuring doesn't mean that we no longer protect our systems or send out our mobile teams. We have to continue those operations but rebuild our organization at the same time."