I am very honoured to be able to say that our next speaker has accepted the invitation to this event, cyberevolution. I would like to introduce Professor Dr. Roman Poseck to you, who is the Minister of the Interior for Security and Homeland Defence. I actually didn't know that HESA has a Homeland Defence, so that was new to me at least. So he's well equipped for that job with a solid academic background, spent entire life in administration and security, and we are now very curious to hear your view, HESA's leadership's view, on the importance of cybersecurity. Welcome on stage.
Thank you very much for the warm welcome, ladies and gentlemen. I hope it's okay if I speak in German. You have just heard a lot of English presentations. I would like to speak in German in turn. I am very happy to be here with you tonight and to give you a few insights into what concerns us at the national level in cybersecurity. First of all, I am happy that you are so interested in this topic. I think this is good and important, because this is a topic that concerns everyone.
We have to address it on all levels, in politics, in business, in science, and the topic is so important that we need all forces at this point and have to work together in order to ensure the highest degree of cybersecurity. And that has to be our common goal. Absolute security, I keep saying, doesn't exist, doesn't exist in the cyber space, but our goal has to be that we can guarantee as high a level of security as possible. We live in tense times and the security situation in the cyber space is ultimately also a mirror image of the general security situation.
And this week we still have the conference of the Minister of the Interior in Brandenburg, and there we will again have to deal with a lot of security issues. And we are definitely in agreement that it is an extremely tense security situation in which we are in general. This of course applies to general crime. This concerns terrorist threats and activities that unfortunately have already led to terrible attacks in Germany this year. But cybercrime is just as important in the consideration and fight as all other forms of crime. It is a new development.
It is also another development that has nothing to do with the classic forms of crime like blood and other things. It is invisible, but it is also of great importance. And we assume, based on all our knowledge, that cybercrime is increasing immensely. This has already played a role for you on this day. We assume that the damage in Germany is in the three-digit billion area. In addition, we have immense functional impairments, especially in the public sector. And this is of course the area that we focus on most of all.
We recently had cyberattacks on the University for Applied Science, on the university clinic here in Frankfurt, on the city of Rottgau, for example, also here in the Rhine-Main area. And I was in office for a few weeks as new interior minister. We had a cyberattack on our university for public management and security. A program that has not yet emigrated, which was still active in parts, with quite sensitive data from police officers. That means cyberattacks are everywhere.
And what worries us, especially in politics, is that we are increasingly experiencing a interplay of general crime, which, for example, is aimed at receiving ransom money with ransomware, and politically motivated crime. Foreign states are becoming more and more active at this point. Russia in particular is of course an aggressive country that has set itself the goal of destabilizing us. And direct war-related confrontations are fortunately not necessarily likely at the moment, even if we unfortunately have to expect new developments at this point.
But all the more likely it is that a hybrid warfare will take place, which will take place from the cyber space, which should hit us on the nerves of our lives, which destabilizes us. And we are, we all know that, simply dependent on the functioning of IT. Without digitization, nothing works anymore. This applies to business enterprises, this applies to supply chains, but of course it also affects the public sector, regardless of whether it is the municipal administration, the state administration, the federal administration or other areas.
Therefore, I believe that the importance of cybersecurity cannot be estimated high enough. And now the question is, what can be done?
I think, I come back to the opening words, everyone is called upon to do something. First of all, self-preservation is important for me, especially through each individual, also through each individual company. Cybersecurity must, to a certain extent, also be explained to the boss, especially in the companies. And everyone has to take part in this. That is why sensitization of employees is of excellent importance. This is sometimes tedious. I also include myself in this.
You are actually always happy when everything works to some extent and you don't want to be affected by security standards in this functioning. But it is just irresistible. And of course, all security measures, all security programs must always be up to date, also go with the times. And at this point, it is also necessary to take money into your own hands. Money that you also like, both in the public sector and in the private sector, would be used elsewhere. But this is well-spent money, because whenever there is damage, the damage is all the greater.
That means, the focus at this point really has to be on prevention, that is, on preventing attacks or on successful defense of corresponding attacks. Prosecution is good and important. We have just heard that again through the BKA. I find it impressive what is happening here again and again, through really highly professional action, especially of the federal authorities. But I was happy to see the Hessian Weapon, also in cooperation with the Center for Combatting Internet Criminality, which we have here in Hesse, which we are very proud of, because it also plays a leading role nationwide.
The Federal Criminal Court, I would say at least as a responsible minister, is very professional and well-positioned from my point of view at this point. And it is above all else that it succeeds in catching up with perpetrators.
And so, I think you just said, to turn off systems. That is important, that creates security. But prosecution will, I think we have to include that too, always come across limits. The convictions, which in themselves are the goal of prosecution, will always remain relatively limited. This is mainly because many perpetrators act from countries that are hostile to us, which in any case do not cooperate with us. In the end, it will not succeed to put perpetrators in Russia, in Iran, in China or in North Korea in front of a German court.
Or in any case, it is unlikely that this will succeed, because these states will not deliver, because they will not put the perpetrators in front of court there either. That is why it is so important that the state authorities are also involved in the preventive area and, especially on this topic, the prosecution and the prevention also merge with each other. And that is why it is also important from my point of view that we give the authorities further powers. These powers also have to go with time. Many powers that our security authorities have come from the analog world.
This is not surprising now, because the procedures and regulations come from that time. But there is still a lot to do. It is also about further powers for the Federal Criminal Court, especially in the preventive area. I personally think this is very, very important. I think it is also necessary that we bring the forces together even better in the public sphere. We now have a federal structure in our country, but at this point we also have a task that is of such great importance that it definitely needs a strong central position.
We are currently discussing in politics how the BSI, the Federal Office for Security in Information Technology, can be set up and equipped in the future. I am quite open to the fact that we also hand over competences from the side of the countries, so that an even more effective unit can be created at the federal level. That we also create a relationship there, as we know it between the Federal Criminal Court and the state criminal courts. But that is not easy. It probably also requires a change in the Basic Law, because we now have a federal structure in principle.
And of course you have to think very carefully about how the BSI will be equipped, which tasks it will receive individually. We are in a conversation between the countries and the federal government. Since we are now in politically somewhat difficult times, I do not assume that something will be done very quickly, because at least at the federal level it is not to be expected that basic decisions will be made. There is a need for a parliamentary majority, possibly even a two-thirds majority. But nevertheless, the topic remains important.
Especially smaller federal states, Saarland, Schleswig-Holstein, are, I believe, not able to position themselves in the field of cybersecurity in such a way that they can act effectively. And that is why it would be important and helpful from my point of view that the federal government also takes on a stronger role at this point. In my opinion, Hesse is quite well positioned in the field of cybersecurity. For five years we have had a Cyber Competence Center, Hesse Cyber Competence Center. We call it Hesse 3C, the 3Cs in Cyber Competence and Center.
50 people work there around the clock on the subject of cybersecurity. That means they analyze the situation, they act on specific incidents and, above all, they also advise. Small companies are less at the center of this, even if we would advise them in one way or another. But in the case of large companies, we have experienced that they essentially help themselves at this point, are very professionally positioned themselves and do not require the support of a federal state. It is different in the case of small and medium-sized companies.
We also support them concretely with advice and support offers. In this cyber world, you always have to assume that the perpetrators choose the weakest link and that this is more likely to happen in small and medium-sized companies than in large companies.
Of course, the focus is on the protection of the state system, but also on the support of the municipalities. Because we have seen that the municipalities are also victims of cyberattacks again and again. This was the case, for example, in the city of Rottgau two years ago. And since the municipalities are existential for the care of their residents, cyberattacks have devastating effects there. People feel it immediately when they no longer receive certain funds, for example. And that is why we have just started a community cybersecurity action program these days.
As a country, we can make it easy for ourselves and say, cybersecurity is municipal self-management, but we don't want that. We want to support the municipalities. We essentially do this through three measures. We offer the municipalities so-called pentests, i.e. stress tests, in which we simulate attacks and then see how secure the networks are. We also offer the municipalities that we support them in case of emergency with our own computer systems, which then get going quickly.
That means we have a 24-hour hotline, drive out to make sure that the municipality is able to act again as quickly as possible. And we support municipalities very specifically with so-called e-learning programs, i.e. as part of the training, so that, as I said, employees can also be included as best as possible. These are small contributions, but from my point of view, these are contributions that politics can make and that we want to make in Hesse. We cannot rule out that we will not have a second Rottgau.
Fortunately, we have not had it in the last few months, but we are doing everything we can to ensure that it does not come to that point and, if it should happen, that we are then able to act. Overall, we need a legal framework that takes into account the great challenges of the AI Act and the legal consequences, as was already mentioned in the speech. As a country, we are very sorry that the implementation of the NIS 2 guideline is still pending, because from our point of view, it would lead to more cybersecurity, also because more companies fall into the application area.
We now have to assume that no implementation will take place at the moment, which is also because there is no longer a majority in the Bundestag for legislative projects. Therefore, I firmly assume that the implementation of the NIS 2 guideline will be a task for the next German Bundestag. Is it either bright or dark?
Yes, I think it is pleasant this way. So the next German Bundestag, which will be elected at the end of February, will undoubtedly address this topic again. And I hope that it will be done very, very quickly, because we also have to implement corresponding regulations at the state level. And I don't think we should waste any time on this topic.
Finally, I think it will be a permanent task, because digitization is always moving forward. This is perfectly clear. The perpetrators will not rest, but will always look for new ways of attack. And that's why we must not rest either, but have to invest in cybersecurity on all levels again and again and also discuss it, especially between economy, science and politics.
As I said, then we can hopefully achieve the goal that I describe, which is to ensure a maximum level of cybersecurity together. First of all, thank you very much for coming here and thank you very much for listening.
Yes, thank you very much for the... I'll stay with the German now. Thank you very much for the address. Compliments also. You have already taken away and answered a whole series of questions that I had noted for you. In particular, the relationship between federal competencies in the cybersecurity area versus country competencies. But I still have one question. Education is definitely a matter of countries now. Yesterday I read or heard that two thirds of 12-year-olds have a smartphone. With 14- and 15-year-olds, that's almost 98 percent. So the digital generation is growing.
Don't we have to pay more attention to security in education? With security. So we now really have digital natives who don't really know anything else. And I think we have to focus on that on all levels. That is also security.
I mean, that cybersecurity must also be taught and communicated in school. But of course that is also a very wide and broad topic. It does not directly relate to cybersecurity, but of course also to the cyber space. What also worries us a lot are disinformation campaigns. The question is also, how do I deal with the possibilities and the information in the network? Who can I trust? Who can I not trust? How can we have a well-functioning democracy, even in times of this new world that we have to adapt to, which offers many advantages that should not be condemned?
How can we really protect and secure our democracy at this time? Incidentally, this will also be an issue at the interior minister's conference, which was also reported by Hesse. How can we deal with fake news, false information on the Internet, via the Internet, via the cyber space? And at this point it is mainly about education again. I'm all for that. Professor Dr.
Vorsack, thank you very much for coming. You're welcome. Yeah. So...
