The Federal Government on 17 December 2014 approved draft legislation to improve the security of information technology systems, the IT Security Act, proposed by Federal Minister of the Interior Thomas de Maizière. This is one of the first concrete steps in implementing the Federal Government’s Digital Agenda.
As stipulated in the Coalition Agreement, the draft legislation defines requirements for the IT security of critical infrastructures, that is, those systems that provide vital services, such as electricity. The new legislation would require operators of critical infrastructures to meet minimum standards for IT security and to report significant IT security incidents to the Federal Office for Information Security (BSI), which will analyse the information it receives and make the results available to operators of critical infrastructures to help them improve their protection.
To improve IT security on the Internet, the proposed legislation also contains stricter requirements for providers of telecommunications and telemedia services, which would have to offer state-of-the-art security. Telecommunications companies would also have to warn their customers when they notice that a customer’s connection is being misused, for example by a botnet.
The draft legislation provides for a greater role for the BSI and recognizes its increased significance as central agency for IT security by expanding its advisory function. In order to make the security of IT products more transparent for customers, the BSI would be authorized to test the security of IT products and systems currently on the market and publish the results as needed.
The new legislation would also expand the authority of the Federal Criminal Police Office to investigate computer-related crime, in particular hacker attacks on federal IT systems.
According to the BSI’s 2014 report on the IT security situation in Germany, which Federal Minister de Maizière and BSI President Michael Hange also presented on 17 December, the IT security situation in Germany remains tense: Cyber attacks occur daily and are increasingly professional and targeted. The report describes and analyses the current IT landscape, the causes of cyber attacks and the tools and methods used by attackers. The BSI report includes specific recommendations for improving IT security in Germany.
For more information: https://www.bsi.bund.de/EN/Publications/SecuritySituation/SecuritySituation_node.html