cyber attacks Bundestag needs to do more to protect its network

The security of Germany's parliamentary IT looks like a piece of Swiss cheese. Some lawmakers belatedly want to fix that.
Hackers find it more difficult to get in for a tour.

Although the German government is the target of about 20 attempted cyberattacks a day, the country's lower house of parliament, the Bundestag, is dangerously vulnerable because of quirks in the country's checks and balances. Little has been done in the three years following a major incursion into the Bundestag network and the issue remains as urgent as ever - just last month Russian hackers penetrated networks at the defense ministry.

Members of essential important parliamentary committees working on strategically important laws or those who receive classified info are popular targets. “It’s alarming how poorly we’re protected from cyberattacks,” Omid Nouripour, a deputy from the Greens environmentalist party, said. “There were evidently no lessons drawn from the attacks on deputies’ offices [in 2015], in spite of the current threats from Russia and China.” After the incursions earlier this year, Mr. Nouripour pulled his web page from the Bundestag network.

The main problem is that the Bundestag’s network is purposely kept separate from the government’s own network because one Bundestag mandate is to supervise the government. If both used the same network, the government might be overseeing the Bundestag in some areas. Berlin’s own network security agency, known as BSI, has done well defending the government network but, because it is part of the interior ministry, is only allowed to provide advice to Bundestag IT specialists.

It’s alarming how badly we are protected from cyberattacks. Omid Nouripour, member of the Bundestag

The BSI says it’s doing all it can. It has held “sensitivity sessions” with parliamentarians and staffers to increase awareness of hackers’ methods, including the practices of phishing and spoofing e-mail accounts. It’s also provided filters against potentially dangerous software but many lawmakers also use personal phones and tablets, further exposing the network.

The agency was founded in 1991 and now employs 700. It was responsible for ensuring the security of internal government communications between the old capital in Bonn and Berlin. Few doubt the agency’s constitutional inability to share infrastructure between the government and the Bundestag but parliamentarian Volker Ullrich says the argument is only theoretical. “What really matters is a satisfactory outgoing IT security infrastructure.” Mr. Ullrich is a member of the CSU, the Bavarian sister party to Chancellor Merkel’s CDU.

One solution would have the BSI carved out of the interior ministry and made into a standalone agency. “I’m in favor of that,” said Ulrich Kelber, a Social Democrat and former parliamentary official in the justice ministry. Until then, the Bundestag’s network remains a easy target for foreign hackers.

Moritz Koch and Dietmar Neuerer are Handelsblatt reporters in Berlin. Darrell Delamaide adapted this story for Handelsblatt Global. To contact the authors: [email protected] and [email protected].