
“We are striking back. We will disable the threat when we are attacked. We will have the power to disrupt the attackers and destroy their infrastructure.”
Federal Minister of the Interior Alexander Dobrindt
Germany plans to give its spy agencies powers to hack, disrupt and deceive foreign attackers in a major overhaul of its national security apparatus as cyber incidents and hybrid sabotage operations by Russia increasingly impact the country.
Hybrid attacks combine conventional military tactics with cyberwarfare, disinformation campaigns, and other forms of digital disruption and have been honed following the Ukraine-Russia war.
Berlin has made it clear it will adopt a zero-tolerance stance toward cyberattacks targeting critical infrastructure to prevent economic harm and social disruption through power blackouts and outages across other key sectors such as finance and transport.
The United States openly utilises active cyber defence and counter-cyber operations. Under 'Defend Forward', the US Cyber Command works to disrupt and disable adversary infrastructure before a cyberattack hits American networks.
It also uses offensive cyber operations as part of the Pentagon’s arsenal, most recently in Venezuela and Iran when Operation Absolute Resolve was launched to capture Venezuelan President Nicolás Maduro.
UK security and intelligence agencies are similarly authorised to conduct 'active cyber defence' and retaliatory strikes to disrupt foreign threat actors and dismantle digital operations.
Active Cyber Defence has been operational for more than 5 years with the NCSC providing a host of services to disrupt and defend against common attacks.
In Japan, the third pillar of the new Active Cyber Defense Law empowers government authorities to remotely access and neutralise attacker infrastructure such as command and control servers mounting malware attacks.
Under strict legal and procedural oversight - and only when deemed necessary to prevent or mitigate serious cyber incidents - the country will actively protect key infrastructure from the start of 2027.
In Germany, a new top-level watchdog, the Independent Control Council, will play a similar governance and oversight role to ensure intrusive measures are proportionate.
European nations continue to respect the UN's “Responsible State Behavior in Cyberspace” framework supported by countries including the FVEY allies Canada, the United States, and Australia.
But support for offensive capabilities is growing as defensive measures alone are not diminishing the number and size of cyber attacks against companies and government agencies.
"Hacking back" has for years been seen as a measure of last resort when accurate attribution of threat actors is hard to achieve.
In his seminal 2013 book Cyber War Will Not Take Place, US Professor Dr. Thomas Rid argued that the dangers in escalation between nation states prevented a 'cyber nuclear war' from happening.
His latest update, Cyber War Did Not Take Place, confirms this decade old view but also highlights how attacker attribution is now harder than ever and espionage, sabotage and subversion are growing.
And worryingly, AI is only hastening the rise of attacker capabilities and confidence.