Security

Germany Admits Its Military Software Sausage Can’t Pass Muster

Leave a comment

Germany proudly invokes 500-year-old laws dictating what makes beer worth drinking. It’s a national point of pride across industries, from energy to entertainment, that every detail is professionally curated and monitored for quality.

And yet, the Bundeswehr just openly admitted it has zero clues about what’s been going into its weapons systems, or from where.

A new October 2025 study (Eine Achillesferse moderner Streitkräfte: Risiken der Software-Lieferkette und Schutzmöglichkeiten) by Germany’s own defense think tank confesses what should terrify natsec experts: The German military cannot answer the basic questions about trust in software systems. What’s inside? Who made it? Is anyone still maintaining it? Are we already breached?

Four years after internal experts recommended fixes, nothing has been done. Nichts.

This isn’t about capability gaps. It’s about a strategic blindness in a culture that demands vision.

Germany learned from mistakes made with Russian gas dependency and intentionally diversified energy supply. Yet they apparently learned nothing from Russian cyber operations. They’ll embargo and re-route from Russian oil but keep running code from opaque supply chains with potential ties to America, Moscow or Beijing. Yes, I said America. Not least of all because we know the Russians and Chinese are in American software, eh?

The Germans obsess over China EVs impacting their automobile industry while ignoring that the same adversary might control the update mechanisms in the military systems. The study’s own examples prove this threat vector isn’t academic or theoretical.

In March 2025, Ukrainian fighter jets nearly became expensive paperweights when the US threatened to cut software support—no attack needed, just flip a switch. On day one of Russia’s 2022 invasion, Moscow hijacked a satellite software update to knock out Ukrainian military comms before firing a shot. Chinese intelligence spent 2013-2018 inside the largest US naval shipyard not by breaching firewalls, but by compromising cloud providers.

Ask me about yesterday’s AWS outage and I’ll ask you what ingredients are in that beer in your hand.

Every modern military defeat through software happened via supply chains. And Germany’s response to the list of breaches is…?

The study admits: no one is responsible, no processes exist, no visibility into what’s actually running. The Bundeswehr treats software like Cold War hardware—buy once, use for decades, don’t ask questions. Meanwhile, they’re planning “software-defined defense” with massively networked systems, which means exponentially more code, more dependencies, more attack surface, and that’s just the beginning.

This is like announcing plans to renovate your kitchen while the whole house is on fire and you can’t find the extinguisher.

The contradiction is stark. Germany doesn’t allow a beer without proving ingredients, but billion-euro weapons platforms on unaudited code from global supply chains are fine without control or monitoring.

Physical supply chains are treated as high priority sovereignty issues. Digital supply chains are lowly, obscured department problems.

When AWS goes down in a “patently absurd” crash, the world asks what should be done. The answer is to admit first that when military software supply chains fail, wars are lost. The SolarWinds breach gave Russia access to US nuclear weapons administration for over a year. That wasn’t sophisticated tradecraft—it was simple supply chain positioning in an environment failing to hold integrity as a critical leg of safety.

Here’s what makes this a strategic culture failure rather than just a capability gap: Germany has the regulatory muscle, the engineering tradition, and the bureaucratic capacity to fix this. They apply industrial-grade rigor to food safety, environmental compliance, and manufacturing standards. The Reinheitsgebot proves they understand supply chain integrity when they care about it.

They just don’t yet understand dangers to systems that determine whether they can fight.

The study recommends everything necessary, and expected: establish responsibility, create processes, mandate software bills of materials (SBOM), verify suppliers, monitor for compromises, build expertise.

All feasible.

All ignored for four years while the threat environment deteriorated.

This matters beyond Germany. The Bundeswehr’s procurement inertia is teaching adversaries a lesson: Western militaries will spend billions on platforms while treating the software that makes them work as an afterthought. That’s an exploitable vulnerability at strategic scale.

Everyone saw Ukraine’s communications die from a poisoned update; and everyone has seen years of undetected access through trusted vendors. Adversaries are studying already for decades how kinetic missiles need to be coupled with patience and a position in the software supply chain.

Germany is projecting “Zeitenwende” transformation while running on mystery code from unknown sources with no security guarantees. You can call that a lot of things. “War-capable by 2029” isn’t one of them.

The Reinheitsgebot works because Germany decided beer purity mattered and enforced it for five centuries. The question isn’t whether they know how to secure supply chains. The question is whether they’ll treat military software with the same seriousness they treat beer.

Right now, the answer is no.

EU adversaries already are in the software sausage of the military. Germans shouldn’t wait until they lose control of the beer too.

Security

AWS Outage Cause “patently absurd”

Leave a comment

You have to love The Register for calling out AWS plainly.

AWS has given increasing levels of detail, as is their tradition, when outages strike, and as new information comes to light. Reading through it, one really gets the sense that it took them 75 minutes to go from “things are breaking” to “we’ve narrowed it down to a single service endpoint, but are still researching,” which is something of a bitter pill to swallow. To be clear: I’ve seen zero signs that this stems from a lack of transparency, and every indication that they legitimately did not know what was breaking for a patently absurd length of time.

[…]

I want to be very clear on one last point. This isn’t about the technology being old. It’s about the people maintaining it being new. If I had to guess what happens next, the market will forgive AWS this time, but the pattern will continue.

My own thoughts on this issue were published in Wired.

“When the system couldn’t correctly resolve which server to connect to, cascading failures took down services across the internet,” says Davi Ottenheimer, a longtime security operations and compliance manager and a vice president at the data infrastructure company Inrupt. “Today’s AWS outage is a classic availability problem, and we need to start seeing it more as data integrity failure.”

[…]

“Failures increasingly trace to integrity,” Ottenheimer says. “Corrupted data, failed validation or, in this case, broken name resolution that poisoned every downstream dependency. Until we better understand and protect integrity, our total focus on uptime is an illusion.”

And also I was interviewed by the BBC News, where I made some points about the people who can “run a cloud”.

History, Security

Loose Lips Sink Qubits: Forget Mars, Quantum Compute is a Race to Berlin and Beijing

Leave a comment

A conversation in Hamburg about delayed trains just exposed who’s ahead in the most significant technology race since the Space Age

“Training” the Public

Dr. Robert Axmann in Hamburg just did something unusual for a government official involved in quantum: he leaked truth.

As head of Germany’s DLR Quantum Computing Initiative, Axmann could have stuck to the standard script about reducing train delays and optimizing airport operations.

Nope. Instead, he said something far more revealing:

“…quantum computers are not yet powerful enough for commercial applications,” said Axmann. But that may be possible next year. […] The first milestones, i.e., demonstrators have already been achieved. […] “The QCMobility project focuses on optimising air, rail and road transport, as well as the maritime environment and intermodal transport,” said Axmann.

Transit infrastructure logic puzzles? As in the 1950s birth of artificial intelligence? As in the birth of modern hacking?

As in… trains?

Germany invests billions into Deutsche Bahn running on time based on classical computers. Chinese trains move half a billion people during Chunyun using ordinary algorithms. Japan’s rail is famously punctual without a single qubit. So isn’t it natural that the countries ahead in public network logistics would become the centerpiece of a multi-billion dollar quantum compute power race?

Yes, but maybe… none of the transit-focused quantum was really ever about trains. Just like the moon race was always really about highly accurate intercontinental missile flight.

These Numbers Don’t Compute (And That’s The Point)

Let’s look at what quantum computing has actually achieved in public transit optimization news:

UK “Breakthrough”:

UK’s Q-CTRL and Network Rail managed to optimize 26 trains over 18 minutes at London Bridge station using 103 qubits. Even this tepid tea is being called “record-breaking” work that could deliver quantum advantage “as early as 2028.”

Real-World Scale:

Let’s get some perspective. About a decade ago I was working with storage performance issues for China’s New Year (Chunyun) travel rush and the scale was staggering then. The 2025 Chunyun is now expected to handle more than half a billion rail trips over 40 days, with daily averages of 12.75 million passengers.

Peak days for the Chinese compute platforms means 14,100 train services operating simultaneously across thousands of stations. Classical algorithms already handle the Chunyun, the world’s largest annual human migration. So what’s quantum got to do?

Moving from solving for 26 trains to 14,000 trains isn’t a scaling problem. It’s a seven orders of magnitude problem.

Researchers freely admit they’re starting on “simplified demonstration problems,” as expected. However, for some reverse perspective, a recent Baltimore study (ignoring America lacking any modern trains) scheduled just 12 trains on D-Wave’s quantum system, and only 2 trains on IonQ’s hardware. Two trains! America, LOL.

It’s not just math to overcome, either. Deutsche Bahn’s digital chief, being stereotypically German, told the media to calm down, since he saw practical large-scale quantum applications for his rail “at least a decade away”. Sure, because for him that’s probably sooner than he expects his application for a new desk chair to be approved.

Now, instead apply a national security lens when you think about what’s really happening today versus a decade away.

Sputnik Wowed the World

Public transit logistics optimization is the most politically palatable justification for winning the sovereign quantum capability race.

There are some very real stakes, which depend on researchers trying to secure public funding:

  • “We need €500 million to break everyone’s encryption and absolutely wreck our own Internet and every industry we have including critical infrastructure”
  • “This is for military supremacy in attack logistics”
  • “We’re building cryptographic weapons but can’t tell you why”

Not going to fly, especially in Germany. Now compare that with:

  • “€500 million reduces train delays by A and improves national human throughout by B”
  • “This will reduce emissions by C, preventing D deaths”
  • “Airport scheduling will improve by E, reducing fuel and ATC staff dependencies”

Same technology.

Radically different political viability and metrics.

The US Department of Transportation held a quantum workshop where officials stated that quantum computing “may be more important to transportation than artificial intelligence.”

Yeah, no kidding.

The UK strategy includes deploying quantum sensors across critical infrastructure—transport, telecoms, energy, defense—by 2030.

Germany is building five quantum computers in Hamburg, making them available to “DLR research teams and industrial partners across Germany.”

The applications they’re really developing? The same algorithms that optimize train schedules have many military lifts:

  • Coordinate real-time deployment and attack logistics
  • Optimize supply chain warfare
  • Simulate molecular structures for materials science
  • Crack encryption
  • Model climate systems
  • Accelerate drug discovery

Transportation is both an excellent and historic focus as well as (again) the perfect cover story. Everyone understands a rocket to the moon. Almost no one understands mutually assured destruction by the same rockets, let alone understands post-quantum cryptography or quantum chemistry simulations.

Trainless America Falling Behind

While TED talks in a country devoid of trains is reduced to pontificating about theoretical promise of quantum computing, here’s what’s actually happening in advanced nations:

China’s Origin Wukong quantum computer:

  • Went operational January 6, 2024
  • Has completed 380,000+ quantum computing tasks
  • Served 26+ million users from 139 countries
  • Secured the first commercial quantum computing export order
  • Production line now builds 8 quantum computers simultaneously

Compare that to the West’s achievement: successfully scheduling 26 trains for 18 minutes in a controlled demonstration.

China has also deployed the CN-QCN quantum communication network spanning 10,000+ kilometers, incorporating 145 fiber backbone nodes and 20 metropolitan networks covering 17 provinces and 80 cities. It’s not a research project—it’s operational infrastructure.

The most telling statistic?

American researchers are among the heaviest users of China’s Origin Wukong quantum computer. We’re literally using their quantum infrastructure while we dance around a TED stage to avoid actual hard work and admitting the obvious.

The EU and China Race

Hamburg is being built as a quantum ecosystem for Germany. Five quantum computers. Indigenous production methods. Talent pipeline development. “Simplified demonstration problems” that will scale over time.

Germany lost funding (Axmann noted their budget was cut from €740 million to €540 million), yet they’re still pushing forward. Why? Because military planners understand what’s at stake.

China’s quantum computing firms increased from 93 to 153 between 2023 and 2024—a 40% jump in one year. Their public investment in quantum is estimated at over $15 billion, roughly triple U.S. spending and double the EU’s.

The quantum computing market in transportation and logistics is projected to grow from $46.6 million in 2025 to $194.6 million by 2032. But the market is not what this is about. The real prize is technological sovereignty, and therefore power in the defining computing and political paradigm of the 21st century.

Leadership in quantum computing is becoming the definitive mark for national prestige, economic competitiveness, and avoiding strategic dependency on foreign power.

An Honest Assessment

I’ve been in countless executive meetings across every industry in America for the past two years, discussing the quantum threats. The Department of Homeland Security had me evaluate and report a strategic quantum-safe target.

Can quantum computers solve railway scheduling better than classical systems? Eventually, of course. Do they need to now? Who’s asking? It’s like asking can a repeating rifle solve hunting needs in 1860.

As I said at the start, China handles the world’s largest human migration annually with classical computing. Japan’s trains run with legendary precision using traditional algorithms. The optimization problems are being solved as best they can by yesterday’s technology. Their old flint-lock rifles are bringing home food just fine.

But that’s not what makes Hamburg’s quantum initiative important:

  • Nations are building quantum capability under the political cover of civilian applications
  • Transportation provides relatable, fundable use cases while teams develop general-purpose quantum systems
  • The algorithms developed for “train optimization” transfer directly to military, cryptographic, and industrial applications
  • Whoever builds operational quantum infrastructure first gains a potentially insurmountable advantage

Trains probably still will run delays in 2035, quantum computers or not. But Germany—and every other serious power as measured by their trains—will have developed the quantum capability that matters for doing everything else.

When Dr. Axmann talks about trains he is not predicting the future, he’s revealing who is winning in the present.

China isn’t talking about quantum trains—they’re running 380,000+ quantum computing tasks. They’re not writing papers about potential applications—they’re exporting quantum computing capability. They’re not building prototypes—they’re scaling production to eight quantum computers at once.

The West, thanks to open immigration policies and publication platforms, had an early advantage on quantum computing research. More published papers, better theoretical breakthroughs, and Nobel prizes.

China however has quantum computers doing actual work, integrated into national infrastructure, serving millions of users globally. The question now what will define building the quantum infrastructure that will define international power in the next century?

Germans leaked the answer. We probably should listen. Every quantum “transportation optimization” initiative you see announced is a dual-use technology play masquerading as a public service project.

The quantum race no longer is happening in the future. It’s no longer about who publishes the best papers or announces impressive academic qubit counts.

The train has left the station, with leaders building operational systems right now. Who has their workforce ready?. Who has their supply chains ready?. Who’s integrating quantum into immediate national infrastructure planning?

By that measure, the scoreboard isn’t even close. Any Western official talking about quantum solving “trains” knows this: optimizing demonstration problems with two dozen rail lines while China is on their fifth generation of production quantum systems.

Dr. Axmann gave us the usual conservative roadmap:

I expect to see the first practical benefits in five years.

China’s Origin Wukong hit 380,000 completed tasks in less than two years. That’s a lot of cracking.

Do the math and, more importantly, know your arms race history.

Welcome to Sputnik 2.0.

Security

Israel Kills Dozens in Ceasefire Enforcement

Leave a comment

It’s hard to ignore blatant double-speak being normalized by Israel.

Strikes began in southern Gaza after the Israeli military said “terrorists fired an anti-tank missile and gunfire” toward its troops in Rafah, killing two soldiers.

Hamas said it was “unaware” of any clashes in the area under Israeli control.

By evening, Israel said it had hit Hamas targets across Gaza, with hospital sources saying 44 people were killed.

I’m reminded how Egypt achieved total surprise in 1973 when the Israelis, and the Americans for that matter, were too caught up believing their own lies.

Or perhaps more to the point, Netanyau’s rise to power has been implicated in the assassination of Rabin, to stop anyone from making peace with Palestinians. Netanyahu stirred extremist violent political groups by decrying Oslo peace accords with vitriolic hate.

To this day, the killing of Yitzhak Rabin by a man determined to halt the Middle East peace process remains that rare thing: an act of political violence that wholly achieved its aim. Judged by the goal it set itself, it is surely the most successful assassination in history.

A cease-fire deal where Israelis are opening fire to enforce it, sounds on brand for Netanyau… if not authoritarians before him like Stalin.