Germany's New Infrastructure Cybersecurity Law

Uploaded on 2015-07-29 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities

2000px-Bundesamt_f%C3%BCr_Sicherheit_in_der_Informationstechnik_Logo.svg.png

 Federal Office of Information Security (BSI)

German institutions and businesses that fall in the "critical infrastructure" category will have to implement new information security measures, as defined by the new IT security law passed on Friday by the German Bundesrat (the country's "Federal Council").

According to RT, over 2,000 water and energy utilities, telecoms, health providers, transportation companies, and finance and insurance firms - in short, providers of services essential to the uninterrupted day-to-day life of German citizens - will either have to comply with the new law or pay fines of up to €100,000.

The new law will require both these firms and federal agencies to, among other things, enforce a defined minimum of cyber-security standards and report to the Federal Office of Information Security (BSI) about cyber attacks mounted against their systems.

The legislation will also expand the federal criminal police's powers. The Office of Criminal Investigation (BKA) will be tasked with investigating various cyber crimes, from data interception and manipulation to data spying.

A provision of the law heavily debated by privacy advocates is that which requires telecoms to store their customers' traffic data for as far back as six months, so that the police could use it in their investigations. Another obligation telecoms will have is to notify its customers when their connection was abused.

It seems that no one, apart from the legislators, is satisfied with this new law: privacy advocates are worried about the government spying on the citizens' communications; companies are worried about the costs of implementation of these security measures, as well as the possibility of successful cyber intrusions becoming public and damaging their reputation with customers and shareholders; and the opposition is wondering how can the government mandate IT security measures when their own have repeatedly been found wanting.

Net-Security

 

« The BYOD Debate is Not Over
Can You have Both Security & Privacy in the Internet Age? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

DarkLight

DarkLight

DarkLight Cyio is an AI-powered cyber risk solution that applies real-time threat intelligence and business context to risk prioritization.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

AwareGO

AwareGO

AwareGO is a global provider of security awareness training content and solutions that help enterprises improve cybersecurity awareness in the workplace.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

Whalebone

Whalebone

Whalebone develop user-centric, no-installation network security products for telcos, internet service providers, enterprises, public institutions, and governments.