Secret information that has been leaked to the public, a head of agency who has been sidelined and who sees himself unjustly accused – a lot of china has been smashed in the past few days in the affair surrounding the private association Cyber Security Council Germany. But what about the allegations of being too close to Russian intelligence circles? Most of the allegations date back to 2019 and were recently also discussed in the satirical program “ZDF Magazin Royale” under the heading “Cyberclown security risk”.
The association, which Arne Schönbohm, who later became President of the Federal Office for Information Security (BSI), founded in 2012, has been a thorn in the side of some government officials and members of the security authorities from the very beginning. Initially, however, this had nothing to do with the suspicion of Russian influence. Rather, the name bothers you. Because there are fears that there could be confusion with the National Cyber Security Council, which was set up a year earlier – a body of the federal government that deals with threats in cyberspace and the protection of important facilities from hacker attacks. The Federal Ministry of the Interior therefore recommends keeping your distance from the association.
When the then Interior Minister Thomas de Maizière (CDU) made Schönbohm President of the BSI in 2016, he gave up the management of the association. The tasks of the BSI include the certification of information technology products or components as well as information technology systems.
In the years that followed, the membership of a subsidiary of a Russian company with connections in Russian secret service circles attracted the attention of the German intelligence services. In a response from the federal government to a parliamentary question by the FDP parliamentary group about the association, it was pointed out in 2019 that information on “specific educational goals as a consequence means a highly serious restriction of information gathering”. In other words, they didn’t want to give those in the club’s environment who were spied on any information about possible surveillance measures.
The reason for the FDP parliamentary group’s request was media reports about a meeting in Garmisch-Partenkirchen at which the association’s president, Hans-Wilhelm Dünn, and Wladislaw Scherstyuk, the president of the “National Association for International Information Security”, signed a declaration of intent to work together. However, the German association later canceled this agreement, the federal government announced at the time.
In March 2022, around two and a half weeks after the start of the Russian war of aggression against Ukraine, the BSI warns against using virus protection software from the manufacturer Kaspersky. In a statement, the authority states: “A Russian IT manufacturer can conduct offensive operations itself, be forced to attack target systems against its will, or be spied on itself as a victim of a cyber operation without its knowledge, or be a tool for attacks against its own customers be abused.”
The Russian company’s subsidiary, which is a member of the Cyber Security Council Germany association, was never warned in this form. Discreet references to individual companies are said to have been given.
Schönbohm has known for some time that there are reservations about the Cyber Security Council Germany e.V. However, he is said not to have been informed of the exact allegations and measures – perhaps also because he knows the current club president well and a conflict of loyalty was feared here. At the latest since the coverage of the meeting in Garmisch-Partenkirchen, Schönbohm must have been aware that something was up. That’s why he first asked Markus Richter, the state secretary of state responsible for his agency, for permission before agreeing to take part in a ceremony marking the tenth anniversary of the association on September 8 in Berlin.
Schönbohm is not the only prominent face to be seen at the event in a lounge not far from Zoo station that evening. Members of the Bundestag from several parliamentary groups are also present.
The “Cyberclown” post from Jan Böhmermann’s program was discussed for days on Twitter. Schönbohm was released ten days after the broadcast. Federal Minister of the Interior Nancy Faeser (SPD) has banned him from conducting official business with immediate effect. The Ministry of the Interior wants to decide quickly on the successor. Because Faeser has big plans for the BSI. The Bonn authority is to be expanded in the relationship between the federal and state governments to become the central office for IT security.
The affair caused astonishment among some BSI employees. They say: There was no sign of criticism or distrust of Schönbohm during Faeser’s visit to Bonn on August 8 – on the contrary. It is still unclear whether the rapid replacement of the management position in the BSI planned by the Ministry of the Interior will come to fruition. Because Schönbohm has not yet indicated that he would agree to a transfer to another post. In order to force the ministry to provide evidence of specific allegations, he has asked for a disciplinary procedure.
A civil servant in his position can be prohibited from conducting official business for compelling official reasons. However, according to civil service law, the ban expires “if disciplinary proceedings or other proceedings aimed at withdrawing the appointment or terminating the civil service relationship have not been initiated against the civil servant within three months”.
The Greens in the Bundestag this week asked the Federal Ministry of the Interior for more information on the allegations against Schönbohm. The deputy leader of the Union parliamentary group, Andrea Lindholz, criticizes: “First Ms. Faeser has the president of a central security authority publicly dismantled with a questionable communication strategy, then her house only provides the interior committee with flimsy answers to the question about the specific allegations.”