When tens of thousands of households in southwest Berlin lost power during sub-zero winter temperatures as a result of sabotage, Governing Mayor Kai Wegner argued that complete protection against attacks is impossible.
“This shows once again that there is no such thing as 100 percent security,” said Wegner. “Should I put a police officer at every location?” asked the Christian Democrat (CDU) politician.
But the scale of the disruption has prompted questions about whether Germany’s infrastructure is simply too easy to target. Critics say the issue is not the impossibility of absolute security, but the structural weaknesses that make essential systems vulnerable to relatively simple acts of sabotage.
How vulnerable is Germany’s infrastructure?
Attacks on infrastructure in Germany are not rare. In September, tens of thousands of households in southeast Berlin were left without electricity for days after an arson attack on power poles.
In 2022, railway facilities in Berlin and in Herne (North Rhine-Westphalia) were sabotaged, causing hours-long disruption to rail traffic across northern Germany. Mobile phone masts have also been targeted on several occasions.
Airports, too, have been affected. Throughout the autumn, drone sightings repeatedly forced disruptions at major German airports with the federal government noting a marked increase in such incidents since the start of Russia’s full-scale invasion of Ukraine.
One reason infrastructure is vulnerable, experts say, is the amount of sensitive information available online.
The electricity transmission grid operator 50Hertz recently explained, as part of Bundestag expert hearings, that current planning regulations require operators to disclose detailed technical and geographical data.
Such information is typically posted online permanently and without significant access restrictions, with multiple critics warning that AI tools now make it much easier for malicious actors to collect and analyse these datasets in order to identify potential targets.
READ ALSO: How to keep your German home warm when the power goes out
Physical protection also varies considerably. While around 99 percent of Berlin’s 35,000‑kilometre power grid is underground, the remaining overhead sections are exposed and therefore easily accessible.
The national railway network faces similar problems. Germany’s 34,000‑kilometre rail system is largely unfenced, leaving key components open to tampering.
Rail operator Deutsche Bahn is expanding its use of video technology, acoustic sensors and thermal imaging, according to reports, but much of the control infrastructure is said to remain outdated and dependent on long stretches of exposed cabling.
What is the government doing about the situation?
The federal government is currently attempting to overhaul legislation governing “critical infrastructure”.
A comprehensive Kritis umbrella law was first announced in 2021 but only secured cabinet approval in September 2025. The Bundestag held its initial debate on the draft in November and the text is now being examined in committee.
Under the current proposals, many of the proposed physical protection measures are not expected to become mandatory until 2030.
Despite the amount of time it has taken to produce the draft legislation, criticism has come from several directions. According to reporting in Der Spiegel, the German Association of Towns and Municipalities argues that the bill overlooks the central role of local authorities in crisis response and does not ensure adequate funding.
READ ALSO: Germany's massive infrastructure plans demand more foreign workers
Transmission operator 50Hertz also pointed out that the draft fails to address the requirement for operators to publish detailed infrastructure maps and documentation – despite repeated warnings that this is one of the most obvious security gaps.
As parliamentary debates continue, operators, local governments and security experts are closely watching whether the final version of the Kritis law will address the weaknesses they have highlighted – or whether existing vulnerabilities will persist for years to come.
With reporting by DPA.
Comments