Cybersecurity and society: How much sovereignty do Germany and Europe need?

Cybersecurity and society: How much sovereignty do Germany and Europe need?

Munich, July 30, 2019 - In Germany, we live in a comparatively resilient society. Disturbances to critical infrastructures, be they due to natural catastrophes, malicious activities or political disruption, generally affect us for a short period of time and only on a contained place. In addition to that, we are part of the peaceful and prosperous area of the European Union. This is financed thanks to the traditional strengths of the German economy: mechanical and automotive engineering, chemistry, electrical and energy engineering. In short, all areas where complex concepts need to be applied with high precision to produce tangible, long-lasting and reliable products. There are, however, only few German global players in the software and internet services sector. It seems that, to date, we have had little success when it came to scaling innovative IT ideas to make them relevant in a European or worldwide scenario.

Crucial for success: a consistent digitalization of the European SMEs

There are multiple causes for this situation, among them our tendency to do things “properly or not at all”: perfectionism and self-financed product development are what have made our mid-sized owner-managed companies successful. When talking about search engines, commerce systems, social media and IT innovations, however, these SME-related virtues have brought about few success stories. Start-ups financed with risk capital, on the other hand, can aim at a quick maximization of their market share with widely advertised prototypes without worrying about profitability.

The solution seems obvious: a consistent digitalization of our successful industries, whose physical components we outstandingly dominate, and which cannot be simply copied. On this point, Germany and Europe have good chances to become the world leader. The use of technologies such as big data, machine learning and ubiquitous connectivity to industry 4.0, decentralized energy networks, intelligent traffic control systems, as well as intelligent administration and government processes can offer a wide-reaching benefit. Their use promises improved productivity and service quality that will in turn contribute to maintaining the economic strength and political relevance of our continent.

Experience, carefulness and a long-term focus will prove to be decisive success factors for an error-free, fail-safe and continuous operation.

Is trust enough?

Nevertheless, the digitalization and connection of critical or government infrastructures also opens both known and unknown interfaces that can be exploited by unauthorized users in cyberattacks. A private user, whose data is encrypted by a malware program, suffers individual immaterial damage. Our society, to the contrary, could see its stability threatened by the repeated sabotage or manipulation of just a few critical infrastructures. To counter these blackout scenarios, we need clear political will and strategic investments.

When it comes to digital platforms, strongly driven by the speed of innovation, we are virtually blind, both companies and private individuals. The underlying devices and components, such as PCs, smartphones, IoT devices, networks, processors and memory chips, as well as their software components, are predominantly developed and manufactured outside of the EU. European or at least local businesses have extensively migrated, taking their workforce and competencies abroad. These products and solutions, where security leaks could be lurking, are also the basis for industrial digitalization. Yet, considering security concerns, they are mainly just black boxes.

Political decisions are needed: planning the cyberautonomy of the EU

In order to achieve fundamentally resilient products and services, regulatory measures are worth considering, such as the much-discussed German IT Security Act 2.0 or the recently implemented EU Cybersecurity Act CSA.

Another option would be for Germany and Europe to maintain their own central IT and cybersecurity supply chain. This would ensure transparency and control over strategic infrastructure elements in critical moments, making us more resistant to cyberattacks. Personally, I would wish for a political debate on security and economic matters.

We would not be starting from scratch: the European Defence Agency introduced the idea of a fully European chip supply chain years ago. The BSI (German Federal Office for Information Security in its German acronym) cooperates with their French counterpart, ANSSI (National Cybersecurity Agency in its French acronym) regarding a bilateral recognition of official accreditations. Within Germany, there is an array of IT security providers “made in Germany” whose technology allows for operating IT from global providers reliably. This is a good start to creating new “visible champions”. Many topics that our society should discuss and which require a political answer were addressed in 2015 in a ZVEI paper on digital sovereignty.

Sovereignty has nonetheless a price when it comes to security. It is a political task to decide which level needs to be reached and at which cost. The economy and research sectors around cybersecurity are ready for this discussion. Germany does not need to go into it on its own. An extensive political act of will from the European Commission and Parliament could enhance the initiatives started until now on a European level, achieving a consolidated and homogeneous demand. Propelled by it, the way to continental cyber-autonomy would get a commercial outlook.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.