Navigation and service

Cyber defence

The recording shows a man sitting at a computer in a dark environment and typing on a keyboard.

Increasing technological developments have led to rapid changes in society: We not only share and save personal information in the digital realm, processes across industries, business communications or workflows are also subject to digital transformation. E-mails and cloud sharing services have long since become a part of how we exchange information in politics, business and science.

This has made our society more connected and dynamic, but has also opened vulnerabilities. Modern technologies provide attackers new possibilities to attack and new methods to hide their activities and obfuscate involvement. Potential attackers can re-main anonymous and operate largely in secret.

The Federal Republic of Germany with its open and pluralistic society is an attractive target for foreign intelligence services due to its geopolitical situation, its role within the EU and NATO, its economic stability and not least its leading position in several segments of cutting-edge technology. Cyber-attacks have long been used by foreign intelligence services for espionage purposes and are increasingly a tool for influence activities; they may also be used for cyber sabotage and disruption purposes.

The cyber defence of the Bundesamt für Verfassungsschutz (BfV) carries out preventive monitoring and analysis of cyber-activities directed against Germany by foreign states or state-sponsored "APT groups". BfV's cyber defence supports potential targets and victims of state-controlled cyber-attacks.

The picture shows a monitor with programming code
Photo by RoonZ on Unsplash

To avert cyber-attacks before they occur, intelligence on respective actors, their methods and techniques are of major importance. To gain such intelligence, BfV's cyber defence analyses attacks and attributes them to certain actors taking both the technical capabilities and socio-political interests of possible state-attackers into account. The attribution of a cyber-attack is a vital part of investigation proceedings and provides a basis for the Federal Government to act.

BfV's cyber defence provides information on attacks and publishes technical indicators (indicators of compromise), which help entities at risk to determine whether they are affected and to take appropriate protective measures. Furthermore, BfV's cyber defence publishes public warnings, for example in the shape of its "Cyber-Brief" ("Cyber Letter") or joint advisories with other agencies.