The key point: Schleswig-Holstein and the BSI are expanding their cybersecurity partnership to defend against DDoS and ransomware attacks, which since 2022 have occurred in 123 registered incidents, predominantly from politically motivated and Russia-affiliated groups.
The Federal Office for Information Security (BSI) and the state of Schleswig-Holstein have signed a cooperation agreement to protect authorities in a coordinated manner against increasing cyberattacks. Since 2022, the state government has registered 123 cyberattacks and security-relevant IT incidents.
The agreement provides for expanding defensive structures, intensifying information exchange between the BSI and state authorities, and further developing existing security organizations. Concrete measures include modernizing IT systems, implementing EU regulatory requirements for IT security, and stronger support for the municipal level. The BSI works with its existing cyber protection structures, the so-called Cyberdome, to strengthen these capacities.
According to a response from the state government to a parliamentary inquiry, the 123 registered incidents since 2022 consisted predominantly of DDoS attacks, for which groups such as NoName057(16) and Overflame claimed responsibility. These are classified as politically motivated hacktivist collectives operating as supporters of the Russian Federation in the context of the Ukraine war and frequently respond to current political decisions. For ransomware attacks, the origin is often more difficult to determine, as perpetrators deliberately conceal their identity – such groups are predominantly attributed to Eastern Europe and Russia, but increasingly also to Asian, Latin American and other regions. Evidence suggests that perpetrators are operating from countries where law enforcement is restricted or international cooperation is difficult.
For CISOs, the partnership means better access to information about attack clusters and operational trends. The structured cooperation between federal and state level enables faster detection of attack patterns and reduces response times for targeted defensive measures. Particularly relevant is the focus on modernizing IT systems, as older infrastructure offers higher attack potential. The NIS2 implementation is mentioned as part of the agreement and thus increasingly determines compliance requirements for critical infrastructure in Schleswig-Holstein.
Notably, the state government has not recorded monetary damages in the narrower sense despite 123 registered incidents – possibly an indication of previously successful defensive performance or definitional questions in recording consequential damages. The revealed origin analysis reveals the core problem of cyber defense: adversaries operate from lawless or uncooperative spaces, which is why pure defense through technical and organizational measures (TOM) in authorities must be prioritized.
Source: www.it-daily.net · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.