According to the Federal Ministry of Defense, hybrid threats are a significant threat to democratic states and global peace. However, defending against such threats is problematic because it is unclear whether there is an attack or attackers. Furthermore, according to the Ministry of Defence, hybrid warfare is a concealment tactic. According to a press release, the Bundesverband IT-Sicherheit e.V., Teletrust, is therefore quite rightly calling for an immediate situation report on cyber attacks in the context of the attack on Ukraine.

It is about the hidden intrusions of cybercriminals on strategically important networks and the so-called critical infrastructure. Cyber-attacks often lead to severe IT failures in organizations, municipalities, hospitals, energy networks and businesses. The considerable economic damages are existence-threatening on the one hand. But, on the other hand, they can also influence wars or peace, which affects everyone!

Mirko Ross, CEO, asvin GmbH: “Hybrid threats endanger national security, defence and the maintenance of law and order. They have long become a transnational threat situation. We can only strongly advise decision-makers at the political, economic and societal level to face the hybrid threats of the digital age with appropriate security standards. Counter these threats effectively and protect IT infrastructures regardless of whether they are part of critical systems or not, and software holistically.”

As experts in Security in Software Supply Chains, we, therefore, support Teletrust’s demand for an accurate situation picture of cyberattacks and their defence. Some of them are said to have occurred even before the conventional war of aggression started on 24.02.22. Apparently, Russia has been carrying out cyberattacks on Ukrainian institutions even before the invasion. Therefore, it is vital to understand what attacks have occurred and where to scan systems for exploits and malware and initiate countermeasures to avert further damage.

It is currently unclear whether there were cyberattacks on Germany, NATO partners or other EU member states. Naturally, this threatens our fundamental rights, democracy and the protection of life and health of citizens. But to effectively protect critical infrastructures from such attacks, the public must be given an overview of the threats and potential exploits. Only then can measures be taken as part of the risk and threat analysis to ward off current cyber-attacks and define appropriate cyber defence measures in advance of future threats.

The BSI also repeatedly calls for information security to be given high priority to identify the severe vulnerabilities in IT products and software. In this way, preventive measures can be defined for the future, and cyber security can be guaranteed along value chains. For the Internet of Things, completely new attack surfaces are emerging for cybercriminals because over-the-air updates allow hackers to access devices in autonomous vehicles, for example, and manipulate them.

Quote BSI: “The developments in the reporting period June 2020 to May 2021 prove that the threat posed by cybercriminals to the digital society and the connected world of work continues to increase. With the passing of the IT Security Act 2.0 in April 2021, the BSI was further strengthened and equipped with additional competencies in detecting security vulnerabilities and defending against cyber attacks.” Source

Cyberspace has become a preferred operational space for hybrid actors, the BmVg notes. In this regard, dealing with vulnerabilities is the biggest challenge facing businesses, governments and institutions. Hybrid conflict potentials have characterized the security environment in recent years, and the new type of conflict requires appropriate tools and methods to prevent influence against another state’s national security.

Hybrid influence as a political method is historically nothing entirely new, but what is new is that cyber defence is in the context of peace. Moreover, there are targeted vulnerabilities of open and globally networked societies. Therefore, protection against hybrid threats must be managed in a targeted manner and seen as part of foreign and security policy. The EU has a unique role to play here. It has the task of raising awareness among member states and the public about defending against hybrid threats and developing or embedding appropriate methods for prevention, response and resilience.