Cyber Resilience and Democracy

Mansfeld-Südharz, Germany - November 6, 2025

When the public square moves online, resilience means keeping the microphone in citizens' hands and not in the hands of whoever owns the server

Democracy here used to smell of coffee and floor wax: 200 folding chairs in the Bauhaus-style town hall, parents debating a new bike lane while the mayor poured lukewarm filter brew into chipped porcelain. Then the heating bills rose, the hall closed on winter nights, and conversation drifted into Facebook groups where the same voices were suddenly sorted by black-box algorithms and moderated from Dublin. Last year a fake letter—claiming the county would seize private wells—spread to 18,000 feeds in four hours, nearly toppling the water-rate referendum. The incident made clear that civic trust is no longer threatened only by misinformation; it is threatened by the infrastructure itself: opaque terms-of-service, offshore data, and kill-switches no elected official can reach. Our response was not another glossy awareness campaign, but a piece of civil infrastructure as tangible as asphalt: a community-hosted, open-source discussion platform that routes through the same resilient backbone we built for chemical plants and hospitals, giving the public square a digital lease that cannot be cancelled by a quarterly earnings call.

The first design choice was ownership. Instead of renting a “free” forum in somebody else’s cloud, the county co-owns a small-footprint Kubernetes cluster housed in the former air-raid shelter beneath Hall 14. The concrete walls—two metres thick, already EMP-shielded—now guard a rack of quiet ARM boards that draw 400 watts, less than the Christmas lights on the neighbouring market square. Storage is encrypted with keys held by the county clerk and two randomly drawn citizens each year, a ritual that turns cryptographic custody into a civic ceremony. Because the domain name is registered under a .de trustee tied to the public body, the site cannot be sold, mortgaged or subpoenaed without a vote in the district assembly, a procedural speed-bump heavy enough to deter casual censorship yet transparent enough to satisfy local press. The result is a forum that feels familiar—threads, likes, moderators—but sits on property law as old as the Magdeburg Rights: if the burgers own the land, they own the conversation.

Resilience against disinformation is woven into the code, not bolted on as a banner ad. Every uploaded image is passed through a perceptual-hash filter that compares against the EU’s disinformation database; a match does not delete the file, it simply wraps it in a red frame that contains the original source URL and a two-sentence rebuttal written by the regional library’s fact-check desk. The refusal to delete is deliberate: erasure breeds conspiracy, whereas visible context invites scrutiny. Speech that violates German law (Volksverhetzung, threats) is hidden but logged, and the hash of the text is time-stamped into an immutable ledger running on a small Tendermint chain operated by three local IT firms—no token, no speculation, just tamper-proof evidence should prosecutors later need an unaltered copy. Thus moderation becomes a public record instead of a black-box decision, and the ledger itself is replicated nightly to the state archives in Magdeburg, ensuring that even a catastrophic fire in the shelter cannot erase what was said and when.

The harder problem is not content but connectivity. Rural areas still rely on a single back-haul fibre that follows the old railway embankment; one enthusiastic back-hoe can sever the county’s link to the world. We therefore layered mesh radios—60 GHz licence-free links—across rooftops from the library to the fire station, creating a 2-gigabit ring that automatically fails over to Starlink ground stations when the fibre light goes dark. The mesh is encrypted with WireGuard tunnels terminated inside the same shelter, so satellite traffic never touches a foreign hyper-scaler before reaching the forum. During last summer’s flooding, when copper cables drowned in the Mulde river, the mesh kept council meetings streaming with 180 ms latency, low enough for the clerk to swear in new citizens without skipping the legally required pause. That episode convinced even the most analogue councillor that resilience is not an IT luxury but a constitutional prerequisite: if citizens cannot deliberate, they cannot consent.

"Democracy survives when the server room is as public as the town square—cold, loud, and impossible to sell."

Participation design matters as much as packet routing. The platform requires no e-mail address and no phone number; instead, residents obtain a pseudonymous wallet seeded by a one-time QR code handed out at the citizen’s office or during the weekly market. The wallet holds zero cryptocurrency—only a non-transferable credential that proves residence and age group (over/under 18) without revealing identity. Polls on zoning plans or budget priorities can therefore be tallied by district and demographic bracket, giving policymakers an X-ray of opinion while protecting individuals from the chilling effect that real names produce. The wallet also carries a “voice credit” counter: each verified account receives 100 credits per month to spend on up-votes, ensuring that loud minorities cannot drown out the silent centre without paying an opportunity cost. When the credits are gone, the only way to amplify further is to convince others to spend theirs on your post—an economic brake on populist flooding that mirrors the physical queue at the old town-hall microphone.

Finally, the entire system is financed through a civic-tech trust that cannot be raided for other political pet projects. The seed corpus—540 000 € from the same EFRE pot that co-finances the cyber-range—was placed into a German Treuhand foundation whose charter obliges any surplus to be reinvested in hardware renewal or bandwidth upgrades; dipping into principal for ceremonial flowerbeds is legally impossible. Annual operating costs—electricity, domain, bandwidth—run below 42 000 €, a line item smaller than the county’s expenditure on photocopy paper, and the mesh radios were donated by local SMEs in exchange for visibility on the login page, turning civic sponsorship into a marketing ritual everyone understands. The result is a piece of democratic infrastructure that behaves like a utility: boring, predictable, and too cheap to become the next political football.

The first test will come in spring 2026, when the county must decide whether to grant a foreign investor the right to extract groundwater for a battery factory—exactly the kind of issue that triggers astroturf campaigns. If the forum survives the inevitable wave of bots, deep-fake voice messages and emotionally charged memes without surrendering to either censorship or chaos, we will know that resilience has moved beyond servers and into the culture itself. Until then, the shelter stays lit, the mesh keeps pinging, and the microphone—once made of wood and nails—now glows in a rack of solid-state drives, still owned by the same people who once dragged those chairs across the parquet floor, still determined to decide for themselves what tomorrow should sound like.

The Cyber Resilience Alliance is a public-private partnership established 2025, led by CypSec, Validato and the County of Mansfeld-Südharz. The Alliance operates a sovereign private-cloud security stack, a shared SOC and an cyber academy, aiming to make Mansfeld-Südharz the reference site for rural cyber resilience by 2030.

Media Contact: Daria Fediay, Chief Executive Officer at CypSec - daria.fediay@cypsec.de.