Germany is getting behind a new cybersecurity strategy that would introduce “digital border checks” in case of “a debilitating cyberattack,” EURACTIV wrote.
And Germany wants to lead in Europe, and to lead Europe on this issue – whose existing cybersecurity efforts are described as having good intentions – but that the issue is not be left in the hands of individual member-states.
Germany's plan for Europe now is that in case of a large-scale attack, Europe should be able to switch off the global internet and sacrifice access to external services to put down a digital border ramp and prevent attackers from accessing their targets.
A possible problem of this nature is not unlike what Russia has imagined, and the solution seems to be the same as that provided for in Russia's “sovereign internet” law that will soon come into effect. And the gist is this: whether the country is under attack and needs to cut off from the rest of the internet, or if has had its access cut off by others – it must make sure that the internet within its own territory continues to function without problems.
Of course, in Russia's case, this caused criticism of censorship being the ultimate goal of the effort. Now Deutsche Telekom's Thomas Tschersich, who spoke for EURACTIV to present the German plan, noted that the United States already has a system in place allowing for business as usual in case connections with the global internet are severed for whatever reason. And the head of cybersecurity at Germany's telecommunications giant believes that the US solution offers “an equal balance of freedom and security.”
But over here, Tschersich says, “we don't have a clue how to disconnect without switching off the whole infrastructure in Europe as well.”
And that is something Europe should now learn how to do, including by finding ways to cut off access to the global internet if that becomes necessary, he's suggesting.
Tschersich defended the proposed strategy much in the same way the Russians have been defending theirs: it's not meant to prevent access to services, but to defend against outside attack.
But critics think such solutions should be the last, not the first line of defense, and express suspicion as to whether the kill-switch tool would even be effective enough, as it could provide hackers with a way to ply their trade even more efficiently. A member of the European Parliament from Germany, Patrick Breyer, also downplayed the realistic chance of terrorists moving to shut down the internet – which might require such protections as proposed by Tschersich.
Other critics described the possibility of introducing digital border controls as a drastic, blanket solution, while digital rights group Access Now advised better interoperability between various cybersecurity agencies to prepare for and mitigate any possible attacks by making the best use of the existing legal solutions, and in general, going for a more fine-grained approach.
The EU and its member-states already have the Network Information Security (NIS) Directive at their disposal to prepare and respond to cyber challenges, and this directive, like others, leaves individual countries a level of flexibility in how to implement it.
But Tschersich's comments suggest that Germany would like to run a tighter ship, and step up the effort from cooperation and coordination among member-states provided by the NIS, to a single set of rules at EU level that would allow for “the digital border” to be erected.
EURACTIV mentions some past, mass-scale internet security incidents, such as the WannaCry ransomware attack of 2017, that in crippled public systems in the UK and Germany who were running outdated Windows systems. The lesson to be learned here might easily be that modern, secure operating systems and good networking security practices go a long way towards thwarting any attack – while having no negative effects on society and people's freedom to access the global internet.
But Tschersich sees things differently. He says these attacks showed Europe to be unprotected – that is, from outside attack. The objective and fixable, vulnerability of its flawed internal infrastructure doesn't seem to be a consideration here.
If Germans, in the end, have their way and if Europe starts cutting off access to the global internet, another set of issues will arise: the potential for this system to be abused for political purposes. Who's to say that an unscrupulous yet powerful political group won't abuse it to control the message in, say, a particularly high-stakes election? Introducing powerful, blanket tools into the digital sphere is always a risky business in its own right.