Berlin arson attack power outage triggers calls to put security over transparency

An electricity outage in parts of Berlin caused by an arson attack shows that operators should no longer be forced to publish sensitive information on critical infrastructure, said energy industry association BDEW. The lobby group said recent efforts to improve the security of energy infrastructure clash with legal provisions obliging electricity and gas network operators to publish sensitive information on critical infrastructure, effectively presenting it to the public “on a silver platter” and making sabotage too easy.

A power outage in the south-west of Germany’s capital left tens of thousands of households and businesses without electricity and heating in freezing temperatures. The blackout, which started on Saturday (3 January) and is expected to last until Thursday (8 January), was caused by an arson attack that damaged high-voltage cables near a combined power and heating station. A far-left group has claimed responsibility. Power cuts were not the target, "but rather the fossil fuel industry," the group wrote in a letter seen by public broadcaster rbb. 

“We need a comprehensive and practical reassessment of existing transparency requirements,” BDEW said. “Transparency, freedom of information and open data regulations should be restricted or adapted where they could jeopardise the physical or IT security of critical infrastructure.”

In the past, the Social Democrats (SPD) have said that parliamentary inquiries by the far-right AfD pose an additional threat. AfD lawmakers have repeatedly requested detailed information on energy infrastructure in the country. As the replies by the government are made public, the information could easily be used by actors wanting to sabotage grids, power plants or electricity generation facilities, the SPD said. The AfD has been accused of gathering information for Russia. 

Industry lobby group BDEW said the publication of performance data or the geolocation of critical facilities on websites run by public authorities or open-source platforms should be reduced to a level compatible with security needs. Lawmaker Marc Henrichmann, security expert from chancellor Friedrich Merz’s conservative CDU, told newsletter Tagesspiegel Background that current transparency obligations are “no longer appropriate” given new security threats.

Germany and Europe as a whole are stepping up preparations for attacks on critical infrastructure amid the war in Ukraine and rising geopolitical tensions. Energy infrastructure has been subjected to a growing number of sabotage and cyber attacks, which authorities have often attributed to Russia. Germany’s office for information security BSI warned last year that foreign powers could gain control over relevant parts of the country’s energy supply.

Germany’s government has tabled a proposal to improve the protection of critical energy infrastructure in the so-called “KRITIS umbrella law”, which would require infrastructure operators across economic sectors to strengthen resilience, for example by considering a broad range of risks, from natural disasters and human error to acts of sabotage. The law still requires parliamentary approval.