Germany’s Federal Foreign Office in Berlin has summoned the Chinese ambassador over a cyberattack that targeted the Federal Agency for Cartography and Geodesy (BKG) in 2021. A spokesperson for the Foreign Office bluntly declared, “Today, we know that state-controlled Chinese cyber actors have infiltrated the BKG’s network for espionage purposes,” reports Germany's Zeit newspaper.
The BKG is Germany’s agency that deals with mapping and geodata for the entire country. Aside from producing original data, it also works with other government and private sources to provide a comprehensive and up-to-date geographical map of Germany. Although mapping data is readily available on Google Maps and can also be captured by satellites, up-to-date information including the location of government offices, demographics, and other collected are crucial for state security. Furthermore, other critical infrastructure providers rely on BKG data as well, including energy, water supply and treatment, and transportation companies.
It is exactly for this reason that China scrambles its GPS data — if you look at Google Maps and turn on satellite view in Chinese locations, you’ll notice that the road markings do not line up with the satellite images.
The Chinese cyber espionage attack was discovered after a “thorough technical analysis” with assistance from the intelligence community. According to the investigation, the attack was routed through compromised devices used by individuals and companies to obfuscate its source. “This serious cyberattack on a federal agency shows how great the danger of Chinese cyberattacks and espionage is,” says Federal Interior Minister Nancy Faeser.
The threat of cyberattacks, whether for profit or statecraft, has never been more significant. Because of this, the German cabinet passed a draft law that required large organizations in crucial industries, like communications, energy, transportation, and water works, to implement the European NIS 2 Directive. This law will affect almost 30,000 corporations when passed, which shows how vulnerable the entire system could be.
Aside from the successful Chinese intrusion on the BKG network, the German government noted that there were several cyberattacks on IT service providers that work with government contracts, although it did not indicate if these attacks came from one party alone. After all, the German Office for the Protection of the Constitution says that there are three other main players in espionage acts against Germany aside from China. These countries include Russia, Iran, and, notably, Turkey, which is also a NATO member.
Nevertheless, the Federal Ministry of the Interior said that China is pursuing an “offensive cyber strategy that is intended to make an important contribution to the country’s industrial and geopolitical goals through extensive knowledge transfer.” Whether the recent summoning and official protestations to the Chinese ambassador in Germany will make much difference, remains to be seen. However, it may be good to put this incident on official diplomatic records.