The Cyber Security Strategy for Germany 2021 describes the fundamental, long-term orientation of the Federal Government’s cyber security policy. It has now been approved by the Federal Cabinet. This move was prompted by an intensified threat situation.

The COVID-19 pandemic has given a further boost to technological development. A wealth of opportunities has been created by shifting numerous processes into cyber space or a digitalised domain – whether in the private, professional or official context. The risks this involves should not be overlooked, however. The Federal Cabinet resolution carries forward the strategies of 2011 and 2016 while at the same time addressing more recent developments in the field of digitalisation in business, science and civil society.

The strategy comprises four overarching guidelines:

• Establish cyber security as a joint task of the state, business, society and science,
• Strengthen the digital sovereignty of the state, business, science and society,
• Ensure the secure development of digitalisation and
• Make targets measurable and transparent.

These guidelines describe aspects that apply to all four of the following fields of action which comprise the cyber security strategy.

Secure action in a digitalised environment

The ten strategic goals that make up the first field of action aim to help citizens make use of the opportunities offered by digital technologies and, in doing so, enable them to operate safely and autonomously in the digitalised environment. This can be achieved by raising awareness and increasing cyber literacy among the population.

Joint mission on the part of the state and the private business sector

The 13 strategic goals in the second field of action are aimed at strengthening cyber security in business and industry as a whole. In addition to focusing on critical infrastructures, where failure or impairment can lead to supply bottlenecks and therefore a threat to public safety and security, small and medium-sized enterprises are also addressed. Cooperation between the state and the private business sector is to continue here.

Efficient and sustainable architecture

The third field of action concerns state actors in cyber security. The focus here is on the allocation of responsibilities and cooperation between the authorities. As an effective response to new challenges, it is crucial to constantly review structures and processes, develop capabilities and adapt the powers of state authorities where necessary.

Active positioning of Germany

Finally, Germany’s commitment to the EU and NATO is indispensable in matters of cyber security, too. Cooperation with international partners and the integration of national measures in European and international processes are essential in order to ensure a high level of cyber security in Germany.

Significant increase in cyber attacks

Adoption of the new strategy was preceded by an analysis of the threat situation, which revealed a significant increase in both the number of cyber attacks and their severity. More than 70 stakeholders from the private business sector, academia, society and the state were actively involved in the drafting process.

For the first time, the cyber security strategy also includes a transparent approach to implementation, reporting and monitoring.

The dynamic threat situation and the five-year cycle envisaged here required a resolution before the end of the current legislative period. The strategy will now be passed on for approval to the Bundestag and Bundesrat.