Germany has set up a cyber-warfare unit designed to carry out offensive operations, the country’s Defence Ministry has admitted for the first time in a parliamentary report to legislators.

According to German reports, the Bonn-based Computer Network Operations (CNO) unit had existed since 2006 but was only now being readied for deployment under the control of the country’s military.

"The initial capacity to operate in hostile networks has been achieved," a German press agency reported the brief document as saying. The unit had already conducted closed lab simulations of cyber-attacks.

Although the German admission is not a huge surprise – most countries are assumed to have cyber-offensive capabilities – the clear declaration that the CNO has an attack role has reportedly caused controversy among the country’s legislators.

The ambiguities are legion. Does the military have the legal or constitutional authority to launch cyber-attacks against third parties without the approval of Parliament and if so under what circumstances? 

Unlike physical attacks, cyber-weapons can’t be isolated from their surroundings with the same degree of certainty. If, as a growing body of evidence suggests, the US Government sanctioned the use of cyber-malware such as Stuxnet, are the authorities also held responsible should such campaigns hit unintended victims?

Stuxnet caused widespread disruption not only for its ostensible target Iran but many others, including companies based in states allied to the US.

Germany has long been known for its ‘Bundestrojaner’ (Federal Trojan) software, police eavesdropping malware used by several states to monitor criminals suspects by infiltrating their computers.

In at least one case this software was used inappropriately by an officer for personal reasons, leading (it is believed) to the compromise and disruption of a German police GPS system.