The danger is invisible – and yet it is always present. With the increasing digitization of German administrations and their services, the protection of digital infrastructure is becoming increasingly important. “The threat situation is extreme and massive,” says Dennis-Kenji Kipker, cyber security expert and research director of the cyberintelligence institute and a member of the Weyher municipal council in the CDU parliamentary group. Most cyber attacks were automated and would be fended off. However, the intensity of the attacks by government actors has also increased since the Russian major attack on Ukraine. The municipalities are not adequately prepared for this, he warns.
The Weser-Kurier has sent a questionnaire on the subject to the district of Diepholz and examples of the municipality of Stuhr. Both administrations see a high risk of cyber attacks that occurred continuously. So far, they have not led to damage events. However, the different handling of the topic is striking. For the district, spokeswoman Mareike confirms that the attacks would be increasingly complex and more common. For the municipality of Stuhr, spokeswoman Jeanette Rische describes a fundamental threat situation: “However, due to the size and importance of our community, it is not rated as priority and critical.”
Dennis-Kenji Kipker
Such an assessment borders naivety for cyber security expert Kipker. “Local municipalities have already been attacked,” he warns. After all, this is about digital civil services, social benefits and municipal services such as street lighting, garbage disposal or water supply. “The services are not provided in the event of a damage,” said Kipker. It is therefore important to develop emergency plans and IT security concepts.
In this context, the current situation on the cybercrime of the Federal Criminal Police Office (BKA) is interesting in this context. In the report for 2024, the authority wrote: “The website of public administrations and authorities were increasingly the focus of DDOS attacks and hacktivist activities.” Both appear in the top four of the targets. In addition, the BKA warns that even “isolated activities are presumably recorded by state actors against institutions of critical infrastructures and political institutions. A weakness in a software solution, of all things, enabled attackers to “carry out any commands or malware”.
Basically, the authors speak of an increasing threat as a result of continuing digitization in all areas of life. As a result, the vulnerability of public and social life increases.
That is why the BKA emphasizes the outstanding importance of the digital critical infrastructure. “The proper functioning of technical institutions in the economy, critical infrastructures and public administration are essential for the functioning of our community,” emphasizes, and sees the need for technical and financial resources in order to unsettle perpetrators and to disturb their activities sustainably. One challenge: they often acted from so -called “safe ports”, ie from states in which the German law enforcement authorities could hardly determine.
Again and again data theft
The “municipal emergency operation” internet portal collects IT incidents. In March, for example, the municipality of Kirkel in Saarland was the victim of a cyber attack. The town hall remained closed for several days and was also unavailable by phone and email until the systems could be restored. However, “sometimes sensitive, personal data” ended up in the Darknet, as the administration admitted. Kirkel is certainly not a primary goal for cybercriminals. In the recent past, greater attention also attracted an attack on the district of Anhalt-Bitterfeld, which paralyzed the administration for months, and the attack on the Südwestfalen-IT, a purpose association for IT services for dozens of municipalities.
Such incidents show for expert Kipker, who has also worked on an IT security concept for Bremen: “Every citizen can be affected in the end.” Therefore, in the interest of the citizens and their representatives in the parliaments, it should also be a focus on municipal cyber security.
For the district and the municipality of Stuhr there is a mixed impression for the specialist according to the information. “The danger was recognized but not banned,” says Kipker. A comprehensive strategy that develops and implemented the district and municipalities together is necessary.
To the homepage
