Germany's New Infrastructure Cybersecurity Law

2000px-Bundesamt_f%C3%BCr_Sicherheit_in_der_Informationstechnik_Logo.svg.png

 Federal Office of Information Security (BSI)

German institutions and businesses that fall in the "critical infrastructure" category will have to implement new information security measures, as defined by the new IT security law passed on Friday by the German Bundesrat (the country's "Federal Council").

According to RT, over 2,000 water and energy utilities, telecoms, health providers, transportation companies, and finance and insurance firms - in short, providers of services essential to the uninterrupted day-to-day life of German citizens - will either have to comply with the new law or pay fines of up to €100,000.

The new law will require both these firms and federal agencies to, among other things, enforce a defined minimum of cyber-security standards and report to the Federal Office of Information Security (BSI) about cyber attacks mounted against their systems.

The legislation will also expand the federal criminal police's powers. The Office of Criminal Investigation (BKA) will be tasked with investigating various cyber crimes, from data interception and manipulation to data spying.

A provision of the law heavily debated by privacy advocates is that which requires telecoms to store their customers' traffic data for as far back as six months, so that the police could use it in their investigations. Another obligation telecoms will have is to notify its customers when their connection was abused.

It seems that no one, apart from the legislators, is satisfied with this new law: privacy advocates are worried about the government spying on the citizens' communications; companies are worried about the costs of implementation of these security measures, as well as the possibility of successful cyber intrusions becoming public and damaging their reputation with customers and shareholders; and the opposition is wondering how can the government mandate IT security measures when their own have repeatedly been found wanting.

Net-Security

 

« The BYOD Debate is Not Over
Can You have Both Security & Privacy in the Internet Age? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

SeQure

SeQure

SeQure is a cutting-edge startup specializing in the development of advanced security infrastructure for artificial intelligence and blockchain.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

BLOCX

BLOCX

BLOCX is designed to address the ever-growing challenges of managing and securing digital devices, from personal computers to corporate networks.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.