Lieutenant Colonel Bernard Hoffmann has been in his new position as Chief of Staff for approximately a month. He agreed to share his opinions on cyber defence developments in today’s world and his ambitions for his five-year tenure. He also shed some light on the early days of his career, when he served first as an information security officer and then as the ‘bomb’ guy in the German Army.
How did you end up as the CCDCOE’s Chief of Staff? Tell us about your journey.
Indeed, I was very surprised when I got the offer to be posted here. It’s now my fourth time abroad, and I will have spent around 20 years of service in international units. So maybe Germany has realized that I can’t be used in their system anymore [laughs].
What’s your work experience? Rumours are that you used to be the ‘bomb’ guy in the military.
From the start, I’ve been a CIS [communications and information systems] guy. In the early ’90s, I got my education and training as an INFOSEC [information security] officer, and from 1994 to 2010, I also served as INFOSEC officer at various headquarters in Europe. Posted back to Germany, I was chosen to help to establish and maintain the new capability in the German armed forces: Countering-Improvised Explosive Devices (C-IED). So yes, in my branch, we also conducted courses on homemade explosives, as well as weapons intelligence. These people are the investigators on missions when a bomb attack has taken place.
Was the decision to move to Estonia for five years a quick one? What were the pros and cons?
For me, it was very easy – I love to work in an international environment. However, for my wife, it was not so easy, because she had to give up everything to join me.
Do you already have a vision for the CCDCOE? What would you like to be different in the Centre after five years?
I think the CCDCOE is already at a very high level of expertise; we are an excellent team of experts, sometimes with a full plate of tasks, but willing to tackle and solve the challenges. If we keep working this way and strive to master the new cyber topics, I will be very happy.
Did your predecessor as Chief of Staff, LTC Franz Lantenhammer, give you any good advice before he left?
Franz was an excellent Chief of Staff and a very nice person, but he knows as well that we are different characters. So he provided me with a lot of information and prepared me very well for my new task.
Lieutenant Colonel Franz Lantenhammer (left) handed over the position of Chief of Staff of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) to Lieutenant Colonel Bernard Hoffmann (right).
Do you have any core principles that you live by?
That’s not possible! Such a thing does not exist. There is always a solution available, maybe not a 100 per cent solution, but still a good one.
Rumours are that you are a dog person – is that true?
Actually, I am a double-dog person, not because of my more than 100 kg weight but because of my two ‘little’ dogs. My wife and I have two Rhodesian Ridgebacks: one is 22 months old and the other six months old. They keep us busy, especially the very little one. His nickname is ‘Little Terrorist’.
Do you think that the world will be a more cyber-safe place in the future?
‘Cyber’ means only that it is connected to a computer and/or network. This technology has so much potential that it is hard to imagine what is or is not possible. It’s like the era when cars were introduced to the public. Everybody was scared, and a lot of restrictions were issued. The same is happening with cyber technology – we will get used to it and use it to our benefit. And yes, I hope we learn to ensure a high level of security in the cyber world.
What do you think are the main obstacles to achieving cyber safety in both defence and civilian spheres? And what can we do to overcome them?
Security is hard to measure against a real value. Security is quite expensive, and if it is in good working order, you do not even realize that everything is running smoothly. You can easily get the impression that cyber security is not needed because nothing has happened. Budgets are always limited, so many companies and states reduce their spending on security measures.
So to answer the question, it is the lack of awareness of the cyber threat and the required security at the strategic level of companies and states that is causing some delay in reaching a sufficient level of cyber security.
What is your favourite book and why?
The Swarm by Frank Schätzing. It shows us how vulnerable we can be if nature turns against us.