I love how these stories always tend to focus on the "cyber attacks" rather than the incompetence that allowed them to be attacked in the first place.
These days, if a website gets defaced because of an outdated Wordpress installation, the media instantly rallies to the victim's defence and portrays the script kiddies that did it as terrorists. And if they're not personally identifiable, they're government agents of wherever their IP addresses originate from (or whoever the current political go-to villain happens to be).
I wouldn't be surprised if this major government IT SNAFU paves the way to more aggressive "cyber crime" laws and more posturing against Russia. It'll also likely be used to make the public forget about the entire NSA ordeal (because hey, we totally need the US to protect us against evil Russia).
Keep in mind that the entire "we're under attack" narrative isn't as popular or widely accepted in Germany as it is in the US. The last attempt to portray us as having to defend ourselves against an attack was during our involvement in Afghanistan, which the public generally disagreed with (although our politicians promised unlimited solidarity to the US).
We're also in a really awkward position: politically we're very dependent on the US (up to the point where US agencies can legally do what it wants in Germany thanks to post-WW2 agreements) but economically we're also very dependent on Russia -- as is a lot of Europe, for that matter.
> I love how these stories always tend to focus on the "cyber attacks" rather than the incompetence that allowed them to be attacked in the first place.
For the same reason stories about home invasions or robberies don't blame the victim for leaving their house or car unlocked.
Sure. But if someone hacks you or robs you, the media should place blame on the person who was actually malicious, not the one who was merely negligent
Somalia being a post-apocalyptic wasteland qualifies as a mesofact[0], I guess. Whether it actually ever was quite that bad I don't even know. I think the idea is mostly fed via movie tropes.
The victim here is not the government but the people it's supposed to serve. They are providing a bad service if data (likely ours but they don't say) gets stolen away.
It get's even better: According to some reports[1], the german IT-security office (BSI) recommended completely replacing the IT-infrastructure with new hardware and software. They say the situation has gone out of control and that they are unable to stop the leaking of data from parliament computers to unknown third parties.
For this "we are being attacked" reason, they want to get the parlamentarians to let secret services manipulate their laptops / phones. It's a classic.
As if the local agencies are somehow less dangerous for the individual politician than the foreign agencies.
The actual costs, "millions", are rather irrelevant.
Without denying the currently very present principal–agent problem between parliamentarians and the statefunded intelligence community all other claims seem sappy to me.
I bet they earned your trust for a reason. Nevertheless it should be the decision of the specific MP to assign IT responsibilities for the own hardware/software.
The German BSI is not part of the "intelligence community" and is not an intelligence agency, no matter how often you repeat your conspiracy theory. To spare everyone the trip to Wikipedia:
"The Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) is the German Upper-level Federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories."
Pretending the BSI has no connection to the intelligence community is just as disingenuous as pretending they are an intelligence agency themselves. Just going by your quote, many of their tasks are in the domain of counter-intelligence.
Beyond that, they are also responsible for the (quite unenviable) tasks of certifying/auditing the intelligence services IT infrastructure, not just in terms of security but also in terms of whether it stays within the bounds of the laws limiting what can be recorded and shared. From what was revealed in the parliamentary hearings prompted by Edward Snowden's leaks, they didn't do a very thorough job.
I had the same confusion in the beginning. The BSI is responsible to fix the infrastructure, to report on the problem, etc. You might not be aware of the discussion regarding the Federal Office for the Protection of the Constitutions involvement.
Not sure about your agenda and why you spill inaccuracies and distort what articles say with a tendency to promote Russian SWR goals.
1. The problem arose because the parliamentarians did not use experts from the BSI but have no clue but do it on their own with their own people. The BSI protected government network is not affected.
2. The German interior intelligence agency is not "involved" as you put it - what agenda do you have? - the article says parliamentarians need to decide if they want to ask the counterespionage department of the German interior intelligence agency, what some don't want.
Who do these experts report to? The individual parlamentarian (who is supposed to be independent), or the individual parties, or the governing coalition, or unknown third parties?
People can read on their own that it is about the BSI, contrary to your propaganda. Go back to the Spiegel or Zeit forums, where Russian trolls usually spend their time.
They should totally have someone looking after the parliaments part of the it infrastructure. I don't see why they shouldn't have someone in charge of it.
Some years ago there was some press about how many German politicians were complaining about the state phones and would bring in and use their own shiny phones, probably this goes for laptops too. I assume this was against the wishes of IT security. Then boom, and the politicians are complaining again.
We don't know what ethernet is, we thus started unplugging everything we could: pension funds, welfare spending, army spending. We even unplugged portugal, spain and greece, but nothing worked.
1. People want to work, and I assume the 'productivity' of politicians (meaning "we don't want security") brought this in the first place.
2. If sophisticated, the outflow of information might be with a mobile device plugged in, or other means to jump the air gap when ethernet is disconnected.
These days, if a website gets defaced because of an outdated Wordpress installation, the media instantly rallies to the victim's defence and portrays the script kiddies that did it as terrorists. And if they're not personally identifiable, they're government agents of wherever their IP addresses originate from (or whoever the current political go-to villain happens to be).
I wouldn't be surprised if this major government IT SNAFU paves the way to more aggressive "cyber crime" laws and more posturing against Russia. It'll also likely be used to make the public forget about the entire NSA ordeal (because hey, we totally need the US to protect us against evil Russia).
Keep in mind that the entire "we're under attack" narrative isn't as popular or widely accepted in Germany as it is in the US. The last attempt to portray us as having to defend ourselves against an attack was during our involvement in Afghanistan, which the public generally disagreed with (although our politicians promised unlimited solidarity to the US).
We're also in a really awkward position: politically we're very dependent on the US (up to the point where US agencies can legally do what it wants in Germany thanks to post-WW2 agreements) but economically we're also very dependent on Russia -- as is a lot of Europe, for that matter.