International Cybersecurity Research Made in Hamburg

The Active Cyber Defense Series

The term "active cyber defense" is confusing due to its use as a politically appealing and marketable phrase, which varies in meaning across different professional communities like military, cybersecurity, and law, as well as among different nations. This blog series aims to clarify these diverse interpretations and examine the specific actions encompassed by "active defense" to understand its role in enhancing security.

Part 1: The different meanings of active cyber defense

One of the more confusing terms in cyber-security is “active cyber defense”. The confusion with it stems from at least four reasons: 1) it is a political term, a framing to be more precise, to frame certain cyber-activity under a palatable term. Active sounds nice. There is action, activity and not just pure reactivity. For some it means not just taking punches but actually doing something, getting the initiative back. These are all positive connotations. 2) the term has been used in industry as a marketing term for similar reasons: It just sounds better than plain old information security or cyber-security, and thus all kinds of different products can be sold under the term. 3) The terminology lies at the intersection of various epistemic communities (communities of practitioners that have a different background and interpretation of the term) such as military, technical cybersecurity, politics, law, and intelligence. That means for a military General, active defense means something entirely different compared to the cyber-security practitioner or a lawyer who knows about international law. 4) To make matters worse, there are different national definitions as well, so the People’s Republic of China means something entirely different with the term than the UK or France or Germany.

Part 2: Doing active cyber defense

In the last blog post, we deciphered various elements of active cyber defense. We looked at technical definitions, analyzed the spectrum between defense and offense, and talked about deception. We concluded that active cyber defense might entail offense (i.e. engaging with the network of an adversary), but it does not necessarily need to. Active cyber defense might aim to preempt an imminent attack from occurring, rather than to prevent more abstract, future threats. What also became apparent is that active defense seems to entail “more” than passive defense: it employs additional tools and measures like honeypots and deceptive techniques with the aim to gather intelligence on adversary behavior. In this section of the blog post, we will look at what doing active cyber defense actually might entail.

New IFSH Policy Brief by ICS Researcher Matthias Schulze

Cyber attacks from Russia and China are on the rise. More and more states are therefore supplementing their defensive in cyber space with offensive components. Operators are penetrating enemy IT systems in peacetime in order to anticipate the attackers' actions and take protective measures. To prevent unintentional escalation, offensive cyber operations should be planned in advance. ICS researcher Matthias Schulze lines out such guidelines for proactively countering digital attacks.

Read more (available in German only) →

ICS Researcher Mateusz Labusz at the Moldova Security Forum

The first-ever Moldova Security Forum, held 19-20 November 2024 in Chișinău, was a key event dedicated to security in the region, which is particularly important given the hybrid threats targeting Moldova and CEE countries. Participants raised the issue of foreign actors’ influence on the security environment in Moldova and neighboring countries, pointing out the significant risk of further strengthening of centrifugal tendencies due to Russia’s high activity in the region and the attempts at electoral manipulation undertaken during the referendum on Moldova’s European perspective and the presidential elections held in October 2024. Nuclear and conventional threats were also widely discussed during the forum, mainly in the context of Russian aggression against Ukraine. The event gathered several hundred participants from around the world, including senior representatives of NATO and the European Union.
IFSH Researcher Mateusz Łabuz took part in the panel “Countering FIMI and strengthening societal resilience”, during which cooperative security strategies to confront emerging threats in the information space were discussed. Participants focused on ways to mitigate Foreign Information Manipulation and Interference (FIMI), pointing out the need to significantly strengthen social resilience, invest in technologies, counteract algorithmic amplification and consistently implement programs necessary for safeguarding democracy and social cohesion.

New Op'Ed A new ‘turning point’ for Germany’s cyber posture?

The 2022 invasion of Ukraine led to major updates to German defence policy, but cyber defence is still lacking, argues Matthias Schulze in Bindinghook.

f

WebTalk "Strategies and Attribution in Cyberspace"

Companies and institutions are increasingly exposed to complex cyberattacks. In order to counter these threats effectively, a deep understanding of the current threat situation and available technologies is crucial. But how can we analyse current attack strategies and improve the attribution of cyber attacks from a security policy perspective? What technical options are available to detect and defend against cyber threats and what role does technological sovereignty play in this? Experts from academia, business and computer science will dsicuss this in the online WebTalk on 4th September 2024.

Shaping Cybersecurity 2024: China's Cyber Challenge

China’s strive for global leadership in cyberspace and related technologies poses a unique challenge to the international rules-based order. China’s vision of a global internet shaped by the interests of its one-party state directly challenges the fundamental values of openness, security and interoperability underpinning today’s global digital ecosystem. Additionally, extensive cyber operations increase the urgency of targeted countries to bolster their cyber defences and resilience, especially in the light of globally heightened geopolitical tensions.
IFSH, AA and ESMT are organising the conference on 17th June 2024.

Shaping Cybersecurity 2023: Cyber in Conflict

Cyberattacks and information operations accompanying the Russian invasion of Ukraine have underlined the disruptive potential of digital technologies well beyond the immediate conflict zone. Already prior to the war, criminal cyberattacks against critical infrastructure have become major national security threats, heightening geopolitical tensions due to tacit or even active state support.
IFSH, AA and ESMT organised a workshop with more than 200 participants.

W orkshop on Government Vulnerabilities Disclosure

ICS conducted a workshop in cooperation with the Federal Foreign Office on the cyber security aspect of the German National Security Strategy as part of the dialogue processes.
The hybrid event centred on four thematic blocks: security trends and constellations; tasks, goals, and instruments; civil society and business partnerships; as well as regional and international cooperation.