Original post WW2 made German Bundeswehr beret cap badge / Cyber Warfare Command / CIR, (Barettabzeichen der Cyber- und Informationsraum Entwurf der Bundeswehr), IN PERFECT CONDITION WITH 4 PRONGS ON THE REVERSE, MAKER MARKED: "A" (Assmann), RARE BERET BADGE, SIZE: cca 53 x 46 mm
HISTORY OF THE CIR:
Bundeswehr Cyber Warfare Command - Current conflicts are increasingly carried out in hybrid forms, including attacks on technical networks and campaigns aimed at influencing public opinion. In 2016 Bundeswehr has responded to this new threat by pooling its capabilities in this field and combining them in the new Cyber and Information Domain Service. On par with the classic service branches—Army, Air Force, and Navy—this service, with its approximately 14,500 members, makes an important contribution to the whole-of-government security provision. In Germany, the provision of cybersecurity—i.e. a condition where risks from cyberspace have been reduced to an acceptable minimum—is a whole-of-government task. This is laid down in the 2016 White Paper, the current basic document on German security policy. There are few areas where internal and external security are as closely intertwined as they are in cyberspace. This includes the joint protection of critical infrastructure. Nevertheless, even within a whole-of-government approach, there exist areas of responsibility. The Federal Ministry of the Interior, for instance, is responsible for cybersecurity and the protection of civilian infrastructure. It also has the lead responsibility for Germany’s cybersecurity strategy. The Federal Foreign Office shapes international cybersecurity policy, while the Federal Ministry of Defence is responsible for cyber defence. In order to conduct its operations, the Bundeswehr, as a military organization, particularly depends on the availability, confidentiality, and integrity of data, IT-based services, and network-enabled infrastructure. For this reason, Bundeswehr cyber defence places particular emphasis on the protection of friendly systems. An essential instrument to ensure this is a comprehensive, digitally generated, situation picture that also includes information space and is made available to other government agencies as part of a network-enabled approach. In information space, people perceive, interpret, and spread information beyond the technical sphere. What is known as “published opinion” is an essential aspect of our considerations. Apart from preventive measures, reactive and active measures (cyber and information domain operations) may also become necessary when it comes to ensuring the protection of friendly systems. Cyber and information domain operations can take the form of independent as well as supporting operations. In a conflict, they present a conceivable option for initial operations, which can, if necessary, even be conducted at a time when conventional forces have not yet been alerted. Cyber and information domain operations are subject to the same legal constraints as those of other Bundeswehr forces. In addition to the whole-of-government approach, multinationality is another basic principle of German cyber defence – as well as German security policy in general. Here, we aim at working together with EU and NATO partners as well as in a bilateral, multilateral, and UN framework to ensure cybersecurity and establish the accompanying legal framework. The German Federal Government regards threats from cyber and information space as one of the key challenges facing German security policy. Digitalization has penetrated all areas of life and together with the increasing interconnectedness of individuals, organizations, and states, this offers unique opportunities. At the same time, however, it leaves governments, societies, and economies particularly vulnerable. Since its 2016 Warsaw Summit, NATO has viewed cyberspace as an independent domain of operations – similar to the land, air, sea, and space domains. In cyberspace, armed forces can use suitable software to reconnoitre and subsequently engage enemy systems, amongst other things. In practical terms, this could entail, for example, the interruption of logistic chains, the corruption of data crucial to operations, or the restriction of the availability of key enemy C2 and information systems. By including not only the electromagnetic spectrum but also and especially information space, the Bundeswehr has deliberately defined this new military domain in a more comprehensive way than NATO does. Activities in the information environment, such as fake-news campaigns, continue to increase, making it possible to deliberately stir up unrest. International and national conflicts are more and more influenced by propaganda and disinformation. Consequently, information is becoming one of the core resources of the future. The cyber and information domain distinguishes itself from the classic domains of operations by several unique features. It is characterized by a high degree of complexity. Territoriality is complemented by virtual reality. The cyber and information domain cannot be divided into combat sectors with clear spatial boundaries. The same holds true for the manoeuvring of troops. Nevertheless, physical effects can be achieved in the cyber and information domain, too. The place where cyber and information domain operations create an effect, however, can be tens of thousands of kilometres away from where the action was initiated. Time, too, plays a different role, considering that effects in cyberspace can be achieved over any distance without delay. Given sufficient preparation, effects are produced in near real-time. The attribution of attacks poses a problem. Thanks to the available technical possibilities, actions can be concealed extremely well. In addition, there are a large number of possible perpetrator groups and motives. By now, the possibilities of digitalization have made it possible for non-state actors to achieve effects by way of cyberattacks which previously could only be achieved by state actors. To sum up, today’s conflicts are essentially characterized by their hybrid nature. Attacks in cyberspace and disinformation campaigns that remain below the threshold of armed attacks need to be taken into consideration just as much as the massive use of cyber operations as part of a national and collective defence scenario. A clear analysis leading to an informative situation picture is, therefore, of essential importance. As Chief of the Cyber and Information Domain Service, I see it as my responsibility not to confine myself to minimizing the risks described above. For the Bundeswehr, digitalization also offers enormous opportunities, which will be discussed below. Possible threats to governments, economies and societies are multi-faceted and include data theft, espionage, damage of critical infrastructure, disruption of government communications and are as diverse as the agencies that deal with them. Often hybrid strategies are used to exploit the interfaces between responsibilities, for instance, between internal and external security. Therefore, the closing of ranks and a system of exchange at national level are an absolute necessity. At the strategic level of the state’s cybersecurity architecture, the responsibility for coordinating the cooperation within the Federal Government as well as between the government and the business sector rests with the National Cyber Security Council. At the operational level, the National Cyber Response Centre, a forum to promote the cooperation of government agencies in the cyber and information domain, was established as early as 2011 under the auspices of the Federal Office for Information Security, which is subordinate to the Federal Ministry of the Interior. In cooperation with all key actors, the National Cyber Response Centre is currently undergoing further adaptation towards an interagency operational-level institution. This is an essential step towards establishing even more efficient structures for ensuring Germany’s future ability to act in this field. Here, the involvement of national Internet service providers, too, is indispensable. As a representative of the Bundeswehr, the Cyber and Information Domain Service actively contributes to this process. Once the further adaptation of the National Cyber Response Centre has been completed, it could be used to disseminate information provided by the new Joint Cyber and Information Domain Fusion Centre. In order to make a vital contribution to cybersecurity in Germany as early as during the development stage of key technologies, the Federal Ministry of Defence and the Federal Ministry of the Interior have been working together to build up the Agency for Innovation in Cyber Security since late 2018. This agency will award targeted contracts for ambitious research projects with high innovation potential. In this way, it will be able to tread new paths in order to maintain Germany’s prominent role in technological innovation. With the Cyber Innovation Hub, the Federal Ministry of Defence has its own interface between the start-up scene and the Bundeswehr. The Federal Office for Information Security provides support to government institutions, such as the German Bundestag, on issues of information security. If required, it dispatches computer emergency response teams to re-establish information security as quickly as possible. For the Bundeswehr, this task is performed by the Cyber and Information Domain Service. The attribution—i.e. the identification of the perpetrators—of a cyber-attack primarily falls within the responsibility of law enforcement agencies in cooperation with the intelligence services. As long as the Bundeswehr is not itself affected by a cyberattack, the German Basic Law limits its role to the provision of administrative assistance and support in the event of particularly grave accidents. This does not mean, however, that a serious attack on critical infrastructure cannot result in a military response in the context of national and collective defence.