Executive Summary
A arson attack on a central cable bridge in Berlin's electrical grid in early January 2026 left up to 100,000 people without power and reveals dramatic vulnerabilities in German energy supply. The attack demonstrates the vulnerability of critical infrastructure to hybrid attack scenarios. At the same time, Hamburg begins proceedings against a 21-year-old from the international criminal group White Tiger, who allegedly committed over 200 crimes, including multiple murders – carried out remotely against minors. Both cases illustrate the central security risks of 2026: physical infrastructure attacks and digital abuse networks.
People
- Cory Doctorow
- Anne Roth
- Guido Schulte (CISO Bundeswehr)
- Kate Sim
Topics
- Critical infrastructure and resilience
- Hybrid warfare and cyber threats
- Child protection online
- NIST 2 directive and cyber security regulation
- Single points of failure in power grids
Detailed Summary
The Berlin Power Outage and the Question of Resilience
In early January 2026, a high-voltage cable bridge over the Teltow Canal near the Lichterfelde power plant caught fire. This single attack point – a classic single point of failure – led to Berlin's largest power outage in modern times. At times, 100,000 people, schools, kindergartens and hospitals were without electricity. Pensioners sat in cold apartments, mobile phones and internet went down, heating systems failed. People had to be accommodated in emergency shelters.
Authorities confirmed an authentic letter of confession that contained insider knowledge of the exact attack site. This suggests technical and physical expertise. Online, speculation centers on whether the letter was originally written in Russian – a suspicion that linguistic experts partially support and partially contradict.
Warning against hasty conclusions: The example of the car foam attacks in 2024 shows how misleading initial suspicions can be. Back then, alleged climate activists were suspected, but it later turned out that perpetrators paid from Russia were behind it. Here too: an authentic confession letter does not necessarily mean that the motivation is obvious.
Hybrid Warfare and the Escalation Situation
The Federal Office for Information Security (BSI) warned in an interview that energy supply is not resilient enough. For a long time, the agency said: A direct cyber attack by a hostile state on critical infrastructure was unlikely – that was a declaration of war. Meanwhile, such scenarios are no longer being ruled out.
The power grid is networked and can normally stabilize itself. However, this networking is also a risk: fluctuations that exceed a certain threshold can destabilize the entire grid. The Berlin case shows: even with grid redundancy, a single attack on a strategic point is enough to cause widespread outages – and repair takes days, not hours.
NIST 2 and the New Regulatory Landscape
In December 2025, the NIST 2 directive came into force (Network and Information Security Directive 2). This EU cyber security regulation for critical infrastructure requires:
- Extended reporting obligations for security incidents
- Business Continuity Management (emergency plans)
- Penetration testing and regular security audits
- Expanded circle of affected companies (also smaller businesses)
The BSI argues: It is sufficient if multiple small companies are attacked simultaneously to affect large population groups. Hence the comprehensive regulation.
Critical Infrastructure Beyond Energy
Under NIST 2 fall also:
- Water supply
- Postal services
- Waste disposal (quickly leads to hygiene problems)
- Food supply
- Digital infrastructure (fiber optics, internet)
Business Continuity Instead of Hackbacks
The Interior Ministry plans legislative amendments to enable security authorities to actively counter severe cyber attacks – which could hint at hackbacks. The Federal Intelligence Service (BND) is to be allowed in the future to carry out sabotage actions and cyber attacks in other countries.
Criticism of this: Such measures distract from the actual work that needs to be done. The CISO of the Bundeswehr, Guido Schulte, made clear: In cyber attacks, it is often impossible to quickly identify the origin. Days, weeks or months of investigation are needed. A quick counter-strike is therefore not a realistic defense strategy.
The better solution: Companies must assume that they will be attacked – not: whether they will be attacked. This means:
- Backups outside the main system
- Emergency plans and crisis management
- Backup systems ready
- Rapid restoration of data and services
A power outage lasting only four weeks can drive companies into bankruptcy if they are not prepared.
Strategic Significance for NATO Mobility
The Bundeswehr has additional cause for concern: Germany is a central transit and logistics country for NATO troop movements. An estimated 800,000 soldiers are expected to move within six months (west to east). A power outage like the one in Berlin would paralyze these operations – an existential weakness in the event of escalation with Russia.
The White Tiger Trial: Organized Child Sexual Exploitation
Background and Scope
The trial begins on Friday, January 10, 2026 in Hamburg. A 21-year-old must answer for over 200 charged offenses – many committed while still a minor. The trial will last about one year (82 court dates until December 2026) and takes place with the public excluded.
International Dimension
The White Tiger group is not limited to Germany:
- More than 100 perpetrators worldwide (estimate by Spiegel researchers and FBI)
- Victims in USA, Germany, European countries
- Trials also underway in the Netherlands and USA
The Crime Pattern: Murder from a Distance
The perpetrators are accused of:
- Causing juveniles and children to self-harm
- Driving them to suicide
- Organizing swatting (sending police to false addresses, potentially fatal)
- Making bomb threats against schools
- Coercing sexually explicit content from them
Central legal question: How is murder committed when perpetrators and victims never met physically? The answer lies in emotional abuse: perpetrators create apparent bonding, promise love, and exploit this psychological dependence. Children and adolescents who are mentally stressed or isolated are deliberately targeted.
Perpetrator Logic: "I'm Not Doing Anything"
Research shows a recurring defense pattern: perpetrators claim they are doing nothing, that they are merely a "catalyst." They make suggestions that victims carry out – so they are responsible. This logic is legally and psychologically wrong: they are instigators and exploiters.
Entry Points: Social Media
The platforms through which White Tiger perpetrators operate:
The problem: Many children and adolescents are active on these platforms from a very young age. For some, the internet is also a refuge when they have questions that their local environment does not answer (LGBTQ+, eating disorders, mental health issues). The solution cannot be simply to keep children offline.
Key Messages
Berlin Power Outage: A single point of failure – one cable bridge – left 100,000 people without power for four days. This was no accident, but a targeted attack with insider knowledge.
No Quick Answer: Hackbacks and offensive measures are not a realistic defense because it takes too long to identify perpetrators.
NIST 2 is the Way: Regulation, reporting obligations and business continuity management make infrastructure resilient – not military countermeasures.
White Tiger is Organized: Over 100 perpetrators, internationally networked, systematically exploiting minors and driving them to self-harm/suicide.
Remote Abuse is Real Violence: Psychological dependence leading to suicide is murder – even without physical proximity.
Platforms are Crime Scenes: TikTok, Instagram, Roblox are systematically abused by perpetrators. The narrative "just keep children offline" falls short.
Prevention Over Punishment: Parents, teachers and young people need awareness. At the same time, minors need safe online spaces, not just blocks.
Stakeholders & Those Affected
| Who is affected? | Who benefits? | Who loses? |
|---|---|---|
| Berliners, pensioners, patients (power outage) | Potentially Russia (sowing uncertainty) | German population (security, trust) |
| Children and adolescents online | Perpetrator networks (access to vulnerable persons) | Victims (physical/psychological), families |
| Companies in critical infrastructure | Governments (with clear regulations) | Companies (with compliance costs) |
| Police, investigators | Transparency through reporting obligations | Perpetrators (harder to hide) |
Opportunities & Risks
| Opportunities | Risks |
|---|---|
| NIST 2 creates pressure for serious cybersecurity | Hackback politics distracts from real solutions |
| Business Continuity Planning increases resilience | Single points of failure remain if physical security investment doesn't happen |
| White Tiger trial raises awareness among parents/teachers | Exclusion of public limits educational impact |
| Alternative platforms (Digital Independence Day) offer a way out | Large platforms (TikTok, Instagram) continue to dominate |
| Better monitoring through reporting obligations | Effort and costs for SMEs, deterrent effect? |
Action Relevance
For decision-makers at the federal level:
- Immediately: Review physical redundancy of critical energy infrastructure and invest. An attack like Berlin must not affect 100,000 people again.
- Priority: Validate and test Business Continuity plans in all critical infrastructure.
- Caution: Don't see hackback laws as a panacea – identifying perpetrators takes months.
- NATO Preparation: Ensure energy supply is stable for troop movements.
For companies (NIST 2 compliance):
- Take reporting obligations seriously – not as a nuisance, but as an early warning system.
- Write, test and practice emergency plans.
- Store backups redundantly and geographically distributed.
For