Germany's New Infrastructure Cybersecurity Law

Uploaded on 2015-07-29 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities

2000px-Bundesamt_f%C3%BCr_Sicherheit_in_der_Informationstechnik_Logo.svg.png

 Federal Office of Information Security (BSI)

German institutions and businesses that fall in the "critical infrastructure" category will have to implement new information security measures, as defined by the new IT security law passed on Friday by the German Bundesrat (the country's "Federal Council").

According to RT, over 2,000 water and energy utilities, telecoms, health providers, transportation companies, and finance and insurance firms - in short, providers of services essential to the uninterrupted day-to-day life of German citizens - will either have to comply with the new law or pay fines of up to €100,000.

The new law will require both these firms and federal agencies to, among other things, enforce a defined minimum of cyber-security standards and report to the Federal Office of Information Security (BSI) about cyber attacks mounted against their systems.

The legislation will also expand the federal criminal police's powers. The Office of Criminal Investigation (BKA) will be tasked with investigating various cyber crimes, from data interception and manipulation to data spying.

A provision of the law heavily debated by privacy advocates is that which requires telecoms to store their customers' traffic data for as far back as six months, so that the police could use it in their investigations. Another obligation telecoms will have is to notify its customers when their connection was abused.

It seems that no one, apart from the legislators, is satisfied with this new law: privacy advocates are worried about the government spying on the citizens' communications; companies are worried about the costs of implementation of these security measures, as well as the possibility of successful cyber intrusions becoming public and damaging their reputation with customers and shareholders; and the opposition is wondering how can the government mandate IT security measures when their own have repeatedly been found wanting.

Net-Security

 

« The BYOD Debate is Not Over
Can You have Both Security & Privacy in the Internet Age? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

CSL Group

CSL Group

CSL solutions provide complete end-to-end connectivity services for Security, Fire, Telecare and other mission critical M2M/IoT applications.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

Udacity

Udacity

Udacity's mission is to train the world’s workforce in the careers of the future. Our programs range from beginner to expert levels and deliver the hands-on skills for real-world expertise.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.