Germany fails to protect critical infrastructure from cyberattacks, warns Eon’s CEO
The CEO of Eon, a major German power company, warns that Germany is inadequately prepared to protect its critical infrastructure from cyberattacks, highlighting the need for enhanced cross-border cooperation and cybersecurity measures in the face of escalating threats.
Germany’s critical infrastructure is facing increased vulnerability to cyberattacks, and the CEO of Eon, one of the country’s largest power companies, is sounding the alarm. Leonhard Birnbaum, CEO of Eon, which operates Germany’s largest gas and electricity distribution network, has expressed concerns about the lack of adequate protection for crucial assets and infrastructure. He believes that in the event of a serious cyberattack, he and his company would be left to fend for themselves, lacking the necessary support from the German state.
Birnbaum revealed that Eon is constantly threatened by systematic cyberattacks, some of which are suspected to be orchestrated by state-backed actors. Despite Germany’s promises of a more robust approach to defence and security, particularly in the aftermath of Russia’s invasion of Ukraine, Birnbaum has little confidence that his company would receive timely assistance if a successful cyberattack were to occur.
His concerns extend beyond Germany’s borders, as Eon also operates power grids in eight other European countries, including Sweden, Hungary, and the Czech Republic. To address these issues, Birnbaum calls for greater cooperation and coordination among European authorities in dealing with cyber threats. He argues that cybersecurity experts should be consolidated into a single team under a pan-European agency to combat cyberattacks that often cross national boundaries effectively.
The vulnerability of critical European infrastructure, such as power and gas networks, has been a growing concern, particularly since the invasion of Ukraine. Foreign actors have increasingly targeted these vital systems. In 2015, western Ukraine experienced power outages due to a successful cyberattack on its electricity grid, and similar attacks were witnessed in the following years.
While the EU has an agency for cybersecurity known as ENISA, experts argue that it primarily serves as an information-sharing platform for best practices and guidelines rather than a unified defence mechanism. National governments are primarily responsible for responding to cyber incidents involving critical infrastructure.
Birnbaum’s frustrations are shared by many industry executives who face similar challenges due to fragmented response networks. Germany has improved its cybersecurity posture, including establishing a national cyber defence centre in the interior ministry. However, questions remain about clear leadership and coordination during cyberattacks.
In response to Birnbaum’s concerns, Germany’s interior ministry emphasized its commitment to advising and supporting critical infrastructure operators during serious cyber incidents. Additionally, the ministry is working on legal changes to facilitate responses to cross-border cyberattacks and plans to expand and centralize teams dedicated to addressing cybercrime.
The urgent call for improved cybersecurity and cross-border cooperation highlights the critical need to protect vital infrastructure in an increasingly interconnected world where cyber threats transcend national borders.