CyCon 2012 Germany has confirmed that its military maintains an operational cyberwarfare unit with offensive capabilities.
The admission, which appeared in parliamentary documents published on Tuesday, gave no details of the size of the unit much less any operations that it might have run. However documents delivered to the German federal defence committee did reveal that the unit has been operating for six years since 2006, a year before the cyber-attack on Estonia and four years before the discovery of the infamous Stuxnet worm.
"The initial capacity to operate in hostile networks has been achieved," the papers explain, adding that the Computer Network Operations Unit had carried out "simulations" of attacks in a "closed laboratory environment", German press agency DPA reports.
The unit reports to the joint forces strategic intelligence command. Legislators reportedly expressed surprise at the existence of the unit and questioned whether military commanders had the legal authority to launch attacks on foreign networks.
Prof Dr Wolff Heintschel von Heinegg, a professor of law at European University Viadrina Frankfurt in Germany, told El Reg that the armed forces of many nations are probably building up an offensive cyber capability. The only difference is that Germany and (also recently) the Obama administration is the US are publicly talking about it.
"The German MoD see a potential in having an offensive cyber-op capability as well as an ability to defend critical infrastructures", most notably military systems, Dr Heintschel von Heinegg explained.
The broader category of information warfare can be divided into "electronic warfare" – such as jamming enemy radar – and cyber-warfare, attacking a target's cyber-infrastructure. "There is no clear dividing line between the two," the prof explained, adding that cyber-espionage activities are not prohibited by codes of international law but only national criminal laws. ®