InCyber Defense: At the Heart of European Cyber Commands

Episode 2 : Admiral Thomas Daum, Germany

Last year, the German Ministry of Defense decided to introduce a new full service of the armed forces – the Cyber and Information Domain Service. What bis its role within the German Armed Forces? What is the scope of its missions?

Germany, Europe, is under attack. 24 hours a day, 7 days a week. Not by tanks, ships or planes, but by cyber-attacks, disinformation campaigns and disruptions in the electromagnetic environment, for example with GPS. The German Ministry of Defence has recognized that the cyber and information domain plays an important role in modern warfare. To adequately address these threats, the Bundeswehr’s Cyber and Information Domain Service (CIDS) was established already on 1 April 2017. 

This decision was essential, as the increased importance of global cyberspace and space emphasizes the necessity for having an exclusive CIDS. This is also due to rapidly increasing innovation cycles in technology with enormous leaps in technology domains such as AI and quantum technology. We are now referring to the “information age”, in which the significance of data and information has reached a new level. 

In order to achieve digital combat readiness and effectively allocate responsibility for cyberspace, electromagnetic spectrum and information environment, CIDS was transformed in 2024 to a full service of the armed forces, equivalent to army, air force and navy. The cyber and information domain fundamentally differs from the traditional military dimensions land, air and see, as it transcends land, air, sea and space. The key factor is that there are no geographical boundaries, as attacks can be launched within milliseconds on the other side of the globe. Cyberspace has therefore become a battlefield in its own. 

What are the practical implications of this change? How will it improve interoperability between CID units and the land, air, and naval forces at the strategic, operational, and tactical levels?

The decision to implement the CIDS as the fourth service of the armed forces, reflects the new reality in which we have to be able to respond to threats and vulnerabilities within an increasingly interconnected world comprehensively, quickly and in a coordinated manner, especially regarding the cyber and information space. 

The CIDS enables troops and provides reconnaissance, protection and information for the “traditional”, conventional domains. At the same time, CIDS fights its own battle in its own domain by planning and conducting CID-operations, like offensive cyber operations, electronic warfare and information warfare.

Another core mission is the comprehensive digitization of the armed forces along common standards and processes. This includes developing new solutions as well as upgrading existing equipment in order to be successful on today’s transparent battlefield. We are therefore fulfilling an essential joint task of the Bundeswehr by supporting all other domains.

Armed forces face the enemy in a competition following the chain from the sensor that detects an enemy, to the decision maker that leads the operation, to the effector that finally defeats the target. To win, we have to accelerate this so-called kill chain. Important to achieve this goal are Multi Domain Operations (MDO): Using end-to-end digital connectivity, linking all sensors from the drone in the air to the soldier on the battlefield and contributing to a common real-time operational picture. 

The means are provided by CIDS: Military Intelligence collects information about the enemy, by conducting satellite reconnaissance or intercepting radio traffic, combining it with data gathered by other sources in all domains and processing it in the Joint Intelligence Center (JIC). This provides a joint real-time operational picture. 

IT-Specialists on the other hand ensure the transfer of those information. Using satellite communication and trunked radio network, they ensure secure communication during operations. The need to be able to wage war on a national level, networked in all dimensions and in real time, is demonstrated not least by the conflict in Ukraine. With CIDS as a key enabler, MDO can be realized and will meet the demands of the 21^st century.

What are the main challenges your organization is facing? Could you prioritize the most critical threats, whether they relate to human resources, the evolution of cyber threats, system resilience, national and international coordination, or budgetary constraints?

One of the challenges is implementing observations and lessons identified from Russia’s war against Ukraine into doctrine, training, procurement and equipment. And it is important to do this at the speed of relevance. We are aware that a comprehensive and common operational picture and the acceleration of decision-making processes as well as flexibility and agility are essential. Modern battlefields with the mass of potential sensors obtain fewer “safe areas” while geographical locations such as “reachback” and “front” are becoming increasingly less important due to the increased range of weapon systems.

At the same time, technical developments and innovations, for example artificial intelligence and quantum computing, and also the development of capabilities in space, are continuing. Not only do we have to take this into account, but we also have to be one step ahead of our opponents in order to ideally deter them from acting imprudently or, in case of crisis, to be in a position to protect the citizens of our Alliance from aggression.

Additionally, critical infrastructure is highly relevant for military operations and overall national strategy while being under greater threat than ever due to hybrid attacks. State actors attempt to weaken us below the threshold of armed conflict. Attribution is very difficult, since cyber-attacks are carried out by hacktivists, criminals as well as foreign powers. This not only raises the challenge of blurring the line between war and peace, but also shows the necessity that our society must become more resilient and aware. That is also because the intention behind hacking attacks is clear: To weaken our cohesion as a society, to undermine trust in the functioning of the state and to weaken the cohesion between NATO and EU member states.

CIDS on one hand faces the challenge to ensure our own full combat readiness in our domain based on the assumption, that Russia will be in a position to carry out offensive operations against the west by 2029, and on the other hand to enable the other services, army, air force, and navy to fulfill their role in a modern digitized Bundeswehr and contribute effectively to Multi-Domain Operations. 

Last but not least, the financial aspect is a particular challenge for us. Although around 20 percent of the 100 billion Euro special funds for the Bundeswehr have already been used for cyber and information domain service projects such as command and control capabilities (including TaWAN). This must be realized in permanent as part of the Bundeswehr regular budget in future. On the one hand, in order to achieve larger quantities and thus greater sustainability and resilience and, on the other hand, to ensure the further development and thus also the future digital war capability of the Bundeswehr across the entire spectrum.  

Recruitment in cybersecurity remains a significant challenge, affecting both public and private sectors. What specific difficulties do you encounter in this area, and what initiatives have you undertaken to address them?

There are currently about 15,000 people inside CIDS, yet roughly 29,000 people serve in CID-related posts across the other services, providing IT-Services and signals, Intelligence, operational communication or geoinformational support.

However, our recruitment profile differs significantly from other services. Regarding recruiting skilled professionals such as programmers and IT specialists, we face similar challenges, as does the civilian economy. Therefore, we have become creative and innovative in our approaches concerning recruitment and retention:

We work closely with Universities of the Bundeswehr and as well with Universities and academies in the civilian sector to identify motivated and qualified graduates. We maintain close exchange with partners in the information technology sector and IT-related companies and businesses to allow for a mutually beneficial exchange of personnel. 

We are also establishing an employer profile in that sector by attracting people seeking lateral moves and increasing our attractiveness, for example by ensuring local-independent working. Within the organization of our Bundeswehr recruitment centers we will establish specialized “IT-recruitment expertise” in focus areas. Experts will be assigned to identify qualifications we need in applicants and provide tailored opportunities.

Additionally, we rely on our cyber reserve. We aim to deploy reservists with cyber / IT skills appropriately. This includes especially soldiers with ending contracts, who have served in the CID S, managing directors from IT companies, project managers and university staff. Our so-called “spearhead” is a compact group of reservists who are selected for their exceptional skills. Those reservists provide their industry-specific expertise to the Bundeswehr, thus strengthening both, the capabilities in CID S and the understanding for military needs within the economy and industry. From the whole-of-society perspective, this is a win-win-situation. 

In France, a parliamentary report highlighted the strong reliance of the state and the Ministry of Armed Forces on “big tech” (cloud, AI, etc.). Is this also a concern for Germany? How do you manage and control these technological dependencies?

“Big tech” and its actors is particularly important for CIDS, as developments in AI, quantum computing, cloud computing, etc. are progressing rapidly. And often, “Big tech” companies are the drivers of those developments. We should be aware that AI processes are being integrated into the capabilities and actions of armed forces worldwide as we speak right now: AI is already changing warfare today. Opponents use them to program malware, coordinate bot armies, create manipulated content for disinformation campaigns or to scan our networks for vulnerabilities. We therefore need to adapt to these technological developments and utilize them ourselves for strategic advance. 

In order to communicate with each other, a common language is required in addition to a channel. This also applies to weapon systems. The concept of Software Defined Defence (SSD) focuses on communicating through standardized interfaces in uniform data formats, thus forming a comprehensive system. However, it is the integration of AI that ultimately accelerates the process, as it achieves a level of performance many times higher than can be accomplished by humans when evaluating extensive sensor data. 

Another example is integrating new software into mortar’s weapon control, i.e. the process by which reconnaissance data generates specific target instructions for the system, last year. This project helped to accelerate the kill chain and reduced the time from sensor to shooter from eight to four minutes. The software also improved accuracy, resulting in a significant reduction in ammunition use. SSD therefore helps us to increase the combat effectiveness of our weapon systems as the protection of our most important resource, our soldiers, is enhanced.

However, we are subject to special requirements when developing and utilizing supporting AI: With regard to ethical issues using AI applications, the Bundeswehr follows international law, the German government’s AI strategy (“ethics by design”), as well as the NATO Principles of Responsible Use of Artificial Intelligence in Defense. In particular, the Bundeswehr applies a strict standard to the development of so-called lethal autonomous weapon systems and develops platforms integrating a person in the decision-making chain, which is ultimately responsible. The military principle of indivisible responsibility is of vital importance here.

Public-private cooperation is essential in cyber defense, whether for technology development or ensuring ecosystem security. What types of partnerships do you establish with the private sector and economic stakeholders? Do you believe initiatives like DIANA can help better integrate private sector innovations into the military framework?

Cyber defense can only be successful in a whole-of-society-approach since we face the challenge that hybrid attacks blur the lines between domestic and external security. This is one of the reasons we are involved in the National Cyber Defense Centre, which is a cross-agency and cross-institutional platform for the exchange of operational information to coordinate measures relating to cyber security incidents. CIDS is a member alongside the Federal Ministry of the Interior, the police, intelligence services and others.

We also maintain close collaboration with industry and international partners in the EU, NATO and partners such as Singapore, Japan and Australia in the Indo-Pacific region. Cyber threats are not restrained by borders and can only be combated together and in close cooperation. This also includes the regular exchange and training we carry out as exercises such as LOCKED SHIELDS under NATO umbrella. In addition, we use the academic sector to promote further developments and research. NATO’s DIANA program surely contributes to this.

At the European level, several collective mechanisms have been established, such as the network of military CERTs, the Cyber and Information Domain Coordination Center (CSP/CIDCC), and the Cyber Rapid Reaction Team (CSP/CRRT). What are the current and expected benefits of these mechanisms? More broadly, how can interoperability between member states in cyber defense be strengthened. What complementarity do you see between the development of a European cyber defense and the capabilities being developed within NATO?

The Cyber- and Information Domain does not end at national borders; neither does the need for coordination between actors. Regarding Cyber Defense, for example, NATO’s main task is coordinating member states’ activities by setting and defining standards, exchanging threat information, aligning policies, fostering training and exercises in order to achieve more resilience. To enhance both, the coordination of NATO nations activities as well as the protection of NATO-owned networks, NATO Cyber Operations Centre was established in 2018. 

Since then, lots of activities have been undertaken in NATO on political, strategic, operational and tactical / technical levels to enhance the Alliance’s defence in the Cyber- and Information Domain.

What is particularly relevant in the context of cooperation between states is the coordinating and exchanging information, as well as consolidating existing capabilities. The CIDCC PESCO project demonstrates this: A demand for information from of the EU, which usually arises from EU military operations, is being addressed by the CIDCC, coordinated with the nations participating in the project and then compared with capabilities of one or more nations. This avoids creating parallel structures and ensures utilizing existing resources efficiently. The same principle applies to cyber defense or other comparable tasks.