Germany Unveils ‘Active Cyberdefence’ Strategy as Online Attacks on Critical Infrastructure Escalate

Germany is moving to introduce an ‘active cyberdefence’ framework that would grant its security agencies broader powers to respond to and disrupt cyberattacks targeting critical infrastructure, joining a growing list of European states that are recalibrating their digital security postures in response to a deteriorating threat landscape.

The announcement, made by senior officials in Berlin, comes against the backdrop of a marked increase in the volume and severity of cyber incidents affecting German government bodies, municipal services, healthcare providers, energy operators and financial institutions. While individual attribution remains difficult, German intelligence services have publicly linked a significant share of these incidents to state-sponsored actors and to well-resourced criminal networks operating beyond German jurisdictional reach.

Active cyberdefence is a contested concept. In its more cautious interpretations, it covers proactive monitoring, threat hunting and the disruption of command and control infrastructure within the defender’s own networks. In broader interpretations, it can extend to controlled action against servers used by attackers, raising delicate questions about international law, sovereignty and the risk of escalation.

German lawmakers have for years debated whether to authorise so-called ‘hack-back’ operations. The newly outlined framework appears to chart a middle path, focusing on the capacity of federal agencies to disrupt ongoing attacks at their source while building stronger oversight and legal anchoring for such operations. Details will be fleshed out in legislation that is expected to be tabled in the coming months.

The cybersecurity community has reacted with cautious interest. Industry associations have welcomed the recognition of the scale of the problem and the prospect of clearer rules of engagement, while urging that operational measures be embedded in a wider strategy that prioritises hardening of critical infrastructure, mandatory incident reporting and the deployment of European cryptographic standards.

Civil society and digital rights organisations have voiced concern that, without careful safeguards, a more aggressive posture could undermine fundamental rights, erode trust between authorities and citizens, and complicate the position of independent security researchers. Calls have been made for independent ex-ante review of operations and for transparent reporting on their effectiveness.

The German initiative will be closely watched across the bloc. Several member states, including France, the Netherlands and Estonia, have already developed more or less explicit active cyberdefence doctrines. A coordinated European approach, potentially anchored in the NIS2 Directive and in the work of the EU Agency for Cybersecurity, has so far remained elusive, but pressure for greater alignment is mounting.