By Maria Makurat - Human Rights & Cyber Security Desks
Germany’s critical infrastructures
Germany is facing more cyber-attacks ever since the Russian-Ukrainian conflict and is also forced to deal with potential hybrid warfare scenarios due to drone sightings in 2025 (see drone article and interview by the president of the BKI ). Just in 2025, Germany’s train system faced cyber-attacks as well as the Berlin airport, causing major disruptions and delays. The Global Cyber Security Outlook report 2026 by the World Economic Forum (WEF) highlights the increasing use and issue of Artificial Intelligence (AI) in relation to cyber-attacks, as well as how countries such as Germany and Denmark are shifting their cloud solutions away from foreign dependency towards regional managed cloud solutions.This shows the continuously changing world order and how countries and states are redefining their priorities and security agenda in recent years of globalisation and complex interdependence.
Will states continue to retreat back to their own methods, or will we see new cooperations and treaties being made? The theory of complex interdependence is strong in international relations theory and is a major driver for states to ensure that the risk of conflict remains low; however, no longer purely financial and trade major factors, since security has become increasingly important in the light of emerging conflicts, which makes the application of said theory difficult. Consequently, it is essential to continuously analyse and reassess the cyber strategies of states such as Germany and examine how the evolving international landscape both shapes and is shaped by these strategies.
Analysing Germany’s cyber strategy through the international relations lens
Germany has gradually expanded its cyber strategy through institutional development, including the strengthening of the BSI and increased cooperation between civilian and military cyber units, calling it “Integrated Security for Germany”. These efforts demonstrate a recognition that cyber security is no longer a niche issue but a central component of national security policy.
Many scholars, such as Nye, Thomas Rid, Valeriano and Jagoda, have and are (re)discussing the security of the cyber-domain and how one can apply theories. Can we apply realism and liberalism? Is Clausewitz appropriate in the realm of cybersecurity? An interesting note is the comparison of cyber-attacks and the human body by Allan Friedman and P.W. Singer, saying they bypass our skin like a viral infection.[1] Making a connection between the human body and international affairs theory can also be led back to sociological theories, such as “functionalism” by Herbert Spencer and analysts comparing cyber-attacks directly to the human body and viruses. This can also be an interesting point of view to look at Germany’s cyber-strategy. As the Integrated Security Report states, Germany’s cyber strategy adopts a whole-of-society approach, encompassing civilians as well as the public and private sectors. Much like the human body, all parts must function together; if one fails, effective defence against external threats becomes impossible. However, with AI increasingly becoming part of our lives, how can we ensure this?
Valeriano and Maness discuss Kello’s view: “New theories and new ways of thinking are required, and Kello (2013: 8) asserts that the social science field is ill-equipped to offer anything of value now.”[2] They further assess that one must also consider what is ‘easier’ in the cyber domain: offence or defence? Nye points out that at the moment (note the analysis was 2010), the offense has an advantage in the cyber domain due to the unpredictable nature of cyber-attacks.[3]Now, in 2026, after having seen many more cyber-attacks and their consequences, it still remains difficult to make a sound statement on this but, one can say that when looking at Germany, the defence needs to be focused on more since cyber-attacks on Germany caused a cost of roughly 300 bln Euros. Furthermore, it is stated that the lines between cyber espionage and cyber-attacks from states such as China and Russia are blurring, making defence increasingly difficult when also speaking of ‘information warfare’.
Valeriano and Maness suggest a ‘Just War’ approach: “a system of justice for the use of cyber technologies where states are incentivised to maintain continued restraint.”[4] This has also been suggested by Weber by urging Germany and other states to deepen norms in order to ensure that critical infrastructure is not being attacked. Seeing recent developments, this may be complicated since hybrid warfare and changing interdependence between states is having an influence on how states are perceiving world order. The changing order causes much unrest, which could prove problematic to ensure that states practice a constrained cyber practice. One can also bring in some theoretical viewpoints from sociology, such as how states and societies can act ‘morally. Sociologists such as Sigmund already raised the question in 2001 about, how much automation, disappearance of institutionally prescribed traditions and values leads to the disappearance of social order.[5] Meaning with now more questions arising whether young people under the age of 16 should even have access to social media due to the dangers of mental health as well as cyber bullying and AI taking over more tasks, states such as Germany see themselves questioning how such a morally and ethically right cyber strategy with other states can take place when other states such as Russia have a “different understanding of warfare” (Oscar Jonsson).
The developments in the past years show that a multidimensional strategy, where one has to consider different methodologies and schools of thought when analysing these incidents to then make suggestions for further research, seems to still be the best way forward. Realism, liberalism and constructivism all have their place in international relations when analysing cyber domains.
Whilst the blackout in Germany was not a direct cyber-attack but a result of physically damaging the cable wires, the consequences were still severe. When developing a ‘cyber’ strategy in the light of the Ukraine Russia war and other conflicts, Germany must not only invest in cyber security, but also physically protect the critical infrastructures more strongly.
Other scholars say that the solution to a secure cyber domain is not more privacy but more openness[6]. Jagoda, for instance, argues that a lack of knowledge plays a big role for cyber security and threats. Schneider makes a point which is also discussed by Jagoda, namely that “only bad security relies on secrecy; good security works even if all the details of it are public”.[7] In other words, security through obscurity, but this still seems contested. Germany is now also considering banning social media apps for individuals under the age of 16 to ensure safety and protection. Closing off access seems to be for now, the strategy forward to try and minimise danger.
Further thoughts?
This article does not claim to find the ultimate solution for a cyber-strategy. When considering many theories, methodologies and having not only an international relations lens but also an interdisciplinary lens, it becomes clear that many questions remain as to how one analyses a cyber-strategy and how can states such as Germany can move forward?
It is a difficult task for Germany and other states, since it seems that, especially for a cyber-strategy, the macro level (states and international relations in this case) is just as important as the micro level (civilians and private sector). A cyber-strategy pushes states to increasingly focus on the private sector since those remain vulnerable if not continuously ‘updated’ and educated about the cyber domain.
Recent discussions at the WEF reveal that states are increasingly reassessing their strategies and international partnerships, which will have significant implications for security and the cyber domain. Germany must continue to invest in both cyber and physical defences whilst also involving private actors and citizens in resilience-building efforts. Only through a comprehensive and adaptive approach can Germany effectively respond to the evolving challenges of cyber and hybrid warfare. Future developments, such as Germany’s plan to develop a kind of ‘cyber dome against cyber-attacks’will show whether it is possible to prevent such attacks or also the issue of ‘information warfare’, which could not be thoroughly discussed in this article. Perhaps states must consider that cyber-attacks cannot be prevented 100% and that a certain cyber-war will, for now, always be part of our society.
[1] P. W. Singer and Allan Friedman, Cybersecurity and Cyberwar (Oxford: Oxford University Press, 2014), 34–39. (from Discussion: ‘Resilience and is cyber resilience more attainable than cybersecurity?’)
[2] Valeriano, Brandon, and Ryan C. Maness, 'International Relations Theory and Cyber Security: Threats, Conflicts, and Ethics in an Emergent Domain', in Chris Brown, and Robyn Eckersley (eds), The Oxford Handbook of International Political Theory, Oxford Handbooks (2018; online edn, Oxford Academic, 5 Apr. 2018), https://doi.org/10.1093/oxfordhb/9780198746928.013.19, accessed 23 Jan. 2026: pg 264
[3] Valeriano, Brandon, and Ryan C. Maness, 'International Relations Theory and Cyber Security: Threats, Conflicts, and Ethics in an Emergent Domain', in Chris Brown, and Robyn Eckersley (eds), The Oxford Handbook of International Political Theory, Oxford Handbooks (2018; online edn, Oxford Academic, 5 Apr. 2018), https://doi.org/10.1093/oxfordhb/9780198746928.013.19, accessed 23 Jan. 2026: pg 266
[4] Valeriano, Brandon, and Ryan C. Maness, 'International Relations Theory and Cyber Security: Threats, Conflicts, and Ethics in an Emergent Domain', in Chris Brown, and Robyn Eckersley (eds), The Oxford Handbook of International Political Theory, Oxford Handbooks (2018; online edn, Oxford Academic, 5 Apr. 2018), https://doi.org/10.1093/oxfordhb/9780198746928.013.19, accessed 23 Jan. 2026: pg 268.
[5] Sigmund, Steffen (2001): Zwischen Altruismus und symbolischer Anerkennung. Überlegungen zum stifterischen Handeln in mondernen Gesellschaften. In: Jansen, A. et al (Hg): Eigeninteresse und Gemeinwohlbindung. Frankfurt/M.S. S 213.
[6] “Speculative Security.” pg 21-36, Patrick Jagoda, “Speculative Security.” In Cyber Space and National Security: Threats, Opportunities, and Power in a Virtual World edited by Derek S. Reveron (Washington, DC: Georgetown University Press, 2012), 21–36.
[7] “Speculative Security.” pg 21-36, Patrick Jagoda, “Speculative Security.” In Cyber Space and National Security: Threats, Opportunities, and Power in a Virtual World edited by Derek S. Reveron (Washington, DC: Georgetown University Press, 2012) pg 31.
No comments.