The federal government wants to expand the powers of German security agencies against cyber‑attacks and is also targeting foreign attackers. The Interior Ministry’s draft law to strengthen cyber security, reported by “Der Spiegel”, will allow the Federal Police, the Federal Criminal Police Office (BKA) and the Federal Office for Information Security (BSI) to not only detect attacks, but also intervene technologically-by rerouting or blocking traffic, shutting down systems, and in severe cases deleting or altering data.
To enable this, the Federal Police Act will be amended with a new paragraph that authorises the agency to take “special defensive measures” against hackers. The new list of interventions permits, in addition to stopping the operation of IT systems or redirecting traffic, the deletion or modification of data if public safety, sensitive facilities, critical IT systems, or human life are at risk, and the affected parties do not have to be informed. Such actions require a judicial order, which can in urgent situations be granted retroactively for up to three days.
Under the ministry’s plan, the BKA will receive comparable powers and will coordinate cyber‑defence cooperation with foreign security agencies. It will also gain authority for mitigating threats from cyberattacks with foreign or security‑political significance. Previously, the BKA could intervene only in countering international terrorism; in other cases it was limited to law‑enforcement duties. BKA President Holger Münch criticised this restriction as “no longer timely”.
The draft bill will also grant the BSI significantly more powers to collect, store, and analyse data, including searching for activities that could prepare an attack. Telecommunication operators and large digital companies will be required to provide security‑relevant technical information when ordered, and to comply with directives from security authorities. Violations could lead to fines of up to €20 million.
Key points of the draft law were approved by the federal cabinet last summer. Interior Minister Alexander Dobrindt (CSU) said earlier this year that he intends to confront the growing cyber threat more proactively.
