Germany Unveils ‘Active Cyberdefence’ Strategy as Online Attacks on Critical Infrastructure Escalate
Germany is preparing to introduce an ‘active cyberdefence’ framework that would give its security agencies wider powers to respond to and disrupt cyberattacks targeting critical infrastructure, joining a growing number of European states recalibrating their digital security postures amid a worsening threat landscape.
The announcement by senior officials in Berlin follows a marked rise in both the volume and severity of cyber incidents affecting German government bodies, municipal services, healthcare providers, energy operators and financial institutions. Whilst individual attribution remains difficult, German intelligence services have publicly linked a substantial proportion of these incidents to state-sponsored actors and well-resourced criminal networks operating beyond German jurisdictional reach.
Active cyberdefence is a contested concept. Under more cautious interpretations, it encompasses proactive monitoring, threat hunting and the disruption of command and control infrastructure within the defender’s own networks. Broader interpretations can extend to controlled action against servers used by attackers, raising delicate questions about international law, sovereignty and the risk of escalation.
German parliamentarians have for years debated whether to authorise so-called ‘hack-back’ operations. The newly outlined framework appears to chart a middle path, focussing on the capacity of federal agencies to disrupt ongoing attacks at their source whilst building stronger oversight and legal anchoring for such operations. Details will be fleshed out in legislation expected to be tabled in the coming months.
The cybersecurity community has reacted with cautious interest. Industry associations have welcomed the recognition of the scale of the problem and the prospect of clearer rules of engagement, whilst urging that operational measures be embedded in a wider strategy that prioritises hardening of critical infrastructure, mandatory incident reporting and the deployment of European cryptographic standards.
Civil society and digital rights organisations have voiced concern that, without careful safeguards, a more aggressive posture could undermine fundamental rights, erode trust between authorities and citizens, and complicate the position of independent security researchers. Calls have been made for independent ex-ante review of operations and for transparent reporting on their effectiveness.
The German initiative will be closely watched across the bloc. Several member states, including France, the Netherlands and Estonia, have already developed more or less explicit active cyberdefence doctrines. A coordinated European approach, potentially anchored in the NIS2 Directive and in the work of the EU Agency for Cybersecurity, has thus far remained elusive, but pressure for greater alignment is mounting.
