What an irony that Arne Schönbohm fell over an alleged proximity to a company with Russian secret service contacts. Because the former head of the Federal Office for Information Security (BSI) has dealt intensively with possible secret service contacts of others in recent months.
Until Tuesday, Schönbohm was Germany’s top cyber defender. In this role, he had kept in touch with an obscure lobbying association that he himself had once co-founded and later left. This “Cyber-Sicherheitsrat Deutschland eV” took on an IT security company with alleged contacts to the Russian secret service. Schönbohm’s successor as club chairman reportedly had contacts in Russian news circles himself. On Tuesday, Interior Minister Nancy Faeser banned Schönbohm from continuing to head the office (only formally he is still its boss). Apparently he had already made himself unpopular in the Ministry.
The irony: Back in March, Schönbohm, who is responsible for Germany’s IT security, daringly plunged into high politics and accused a company of being too close to Russia. At the time, his office issued a warning about Kaspersky, a major player in the antivirus and other security software market. His office did not present any evidence at the time, but company founder Eugene Kaspersky and many employees are Russians. According to Schönbohm, the company can no longer be trusted after the Kremlin’s attack on Ukraine. A somewhat laboriously constructed connection, similar to the one that now became Schönbohm’s downfall.
Evidence that he himself had direct contacts with Russian services, there aren’t any either. However, the case sheds light on how politically sensitive the proximity to the booming IT security industry, which is supposed to make everyday life for citizens, companies and authorities safer, can be. She works partly in the orbit of the secret services and is a plaything of geopolitical interests. As is so often the case in the game between hackers, secret services and companies with difficult-to-understand technology, it remains unclear in the Schönbohm case what is a real danger and what is paranoia.
Why the BSI, under Schönbohm’s leadership, ostracized Kaspersky, but was not even dissuaded from examining Protelion through the intervention of the suspicious Office for the Protection of the Constitution, remains a peculiarity of this affair. Protelion was precisely the company with the publicly known contacts to the Russian secret service, because of which Schönbohm was released in the end.
Schönbohm is not the only one who should know that companies and secret services are in close contact. And with their digital forensic preservation of evidence, the companies even make world politics. While US security companies, partly financed by the CIA, exposed Russian and Chinese hacker groups, Kaspersky focused on secret operations of the American NSA.
The IT security industry in its current form is unimaginable without secret services. Personnel change back and forth, secret service schools train founders, such as that of the company Infotecs, the mother of Protelion, in Russia. It has now become clear again that this can have unexpected political consequences. In fact, Kaspersky’s software was abused by Russian hackers a few years ago. This information, in turn, comes from an espionage campaign against Kaspersky. Behind it was presumably the Israeli hacking unit from which the founders of a number of security start-ups are recruited. Cyber security companies are also the nemesis of the secret services because they make their hacker attacks public and name the perpetrators.
Noisy BSI law “scientific-technical expertise” should guide the decisions of the cyber guards. But it is now obvious that the industry that the BSI is keeping an eye on is anything but apolitical. Schönbohm’s successor has to take a closer look at which companies are playing which game – and then prove it publicly in order to protect the agency’s reputation as independent. At the same time, he or she must be careful that politicians do not play a game with him or her.