Probably in response to a report by “ZDF Magazin Royale”, Germany’s top boss for IT security, Arne Schönbohm, has to vacate his post at the BSI, the Federal Office for Information Security. The news agency “AFP” learned this from government circles. Last Friday, Jan Böhmermann clearly explained that an association that Schönbohm had founded had connections to the Russian secret service FSB. Various media reported at the weekend that the mood in the Ministry of the Interior was heated. However, the allegations were not new.
The ZDF program reported on the Cyber Security Council Germany e.V., an association that Schönbohm had founded. One member of this association, the Protelion company, is an offshoot of the Russian company Infotecs. This was in turn founded by a former employee of the Russian intelligence service KGB. And that’s not all: Andrei Chapchaev, the name of the Infotecs founder, even received a medal of honor for his work from Russia’s President Putin.
The Cyber-Sicherheitsrat Deutschland e.V. is a problem because the association was apparently closely linked to the BSI, not least through its founder and BSI President Schönbohm. As the top cyber security chief, his most important task would be to effectively protect critical IT infrastructure from external influences. A Russian secret service should therefore not have any connections to the BSI.
Because of the close ties to Russia, the government took the report “very seriously,” according to the “Handelsblatt”. They wanted to examine “all options” as to how Schönbohm could be removed from office – which now succeeded very quickly. “Bild” also reported on what was happening in the ministry and wrote that they wanted to “turn every stone” and check which companies were currently using software from the said company.
However, the report by “ZDF Magazin Royale” did not bring any surprising findings to light – but instead recalled facts that were already known to the public. As early as June 2019, “Die Zeit” reported on the ominous association, which Schönbohm headed as president until 2016. At that time, the media, including the ARD format “Contrasts”, reported on a conference of the Russian association National Association for Cyber Security (NAISS) in Garmisch-Partenkirchen. Members of the Cyber Security Council Germany e.V. also took part.
Schönbohm then publicly distanced himself from his club, whose presidency Hans-Wilhelm Dünn had meanwhile taken over. The BSI board of directors prohibited its authority from making appearances with representatives of the association. Apparently, that did not apply to Schönbohm himself, because he personally congratulated the club on its anniversary in September 2022 – and published it on his Twitter account.
Dealing with software from Protelion GmbH is also problematic because it was the BSI that recommended at the beginning of the Russian invasion of Ukraine to stop using software from the Russian provider Kaspersky – but did not mention Protelion, although the company also had software for offers cybersecurity.
At least since the Russian invasion of Ukraine, the Internet has also become a front, making the countries’ digital infrastructure an interesting target for manipulation and sabotage. In particular, widespread security software with extensive options for intervention in the user’s systems is therefore a possible gateway for intervention by third parties – especially if they are involved in government circles. That was also the argument that the BSI put forward when warning about Kaspersky – but without extending the critical view to Protelion or Infotecs.
As early as 2016, when Arne Schönbohm was promoted to the office of BSI President, the member of the Bundestag Dr. Konstantin von Notz sharply criticized the decision. He wrote on the “Green digital” portal at the time: “The decision by the federal government weakens IT security in Germany. Instead of effectively protecting our digital infrastructures, ensuring the protection of fundamental rights for citizens and companies and finally making the office independent, you have an IT lobbyist at the top despite weeks of discussions – against any criticism.”
The Böhmermann program may act as a wake-up call to examine critical areas of the German IT landscape very carefully. According to a report by “Capital”, an e-mail software from the federal government, called SecurePIM, also has connections to Russia and the ex-board of the scandalous company Wirecard. Thomas Steinmann, the reporter who first reported on “SecurePIM” and the company Virtual Solution, points out that you should also take a closer look here if you already missed it at the end of 2021.
The Cyber-Sicherheitsrat Deutschland e.V. has meanwhile also reacted and excluded Protelion GmbH as a member. President Dünn explained: “The allegations made by media reports are not compatible with the fight against cybercrime and the promotion of cybersecurity.”
As for the allegations that the association maintains relations with Russian state bodies, it says: “The allegations against the Cyber-Sicherheitsrat Deutschland e.V. to be influenced by Russian bodies are absurd. These are allegations against a single member of the CSRD e.V. . Protelion GmbH and its predecessor Infotecs GmbH joined the association in June 2020. Since then there have been neither discussions nor joint projects with representatives of the company. Accordingly, no influence could be exerted on the association platform and in the environment of CSRD e.V..”
Sources: ZDF, Handelsblatt, Bild, Zeit, Twitter, Grün Digital, Capital, Twitter, Cyber-Sicherheitsrat e.V.
