Germany is advancing sweeping legal reforms that would empower its intelligence and security agencies to conduct offensive cyber operations against foreign adversaries — a significant departure from the country’s traditionally cautious approach to cyber warfare.
According to officials from Germany’s Interior Ministry, two draft laws are currently in development. The first would broaden the authority of Germany’s foreign intelligence services to carry out cyber operations abroad. The second would enhance the powers of domestic security agencies to counter hybrid threats, including coordinated cyber and disruptive activities.
The proposed changes come amid a rise in digital and hybrid incidents targeting the country. Authorities have reported drone incursions near major airports in Berlin and Munich, along with cyberattacks affecting critical infrastructure, including the national air traffic control system.
Germany has also experienced high-profile political cyberattacks in recent years. These include the 2015 breach of the Bundestag and a 2024 cyberattack targeting the ruling Social Democratic Party, both widely attributed to actors linked to Russian intelligence services.
Interior Minister Alexander Dobrindt indicated a more assertive stance in an interview with Süddeutsche Zeitung, stating that Germany would “fight back, even abroad,” with the goal of disrupting attackers and dismantling their infrastructure.
Germany’s initiative mirrors a broader shift across Europe, where governments are increasingly incorporating offensive cyber capabilities into national security strategies. France and the Netherlands have already outlined such measures in recent policy updates, while Latvian Foreign Minister Baiba Braže has suggested that offensive cyber operations may be necessary to deter persistent foreign threats.
Security analysts say the policy shift reflects mounting frustration that defensive measures alone have failed to curb the growing volume of cyberattacks targeting governments and critical systems.
As global security officials gather at the Munich Security Conference this week, cybersecurity and hybrid warfare are expected to dominate discussions, particularly against the backdrop of heightened tensions involving Russia.
If approved, the proposed legislation would represent a pivotal shift in Germany’s cybersecurity doctrine — positioning Berlin among European nations prepared not only to defend against cyber aggression, but to respond with offensive capabilities when deemed necessary.
