Germany's New Infrastructure Cybersecurity Law

2000px-Bundesamt_f%C3%BCr_Sicherheit_in_der_Informationstechnik_Logo.svg.png

 Federal Office of Information Security (BSI)

German institutions and businesses that fall in the "critical infrastructure" category will have to implement new information security measures, as defined by the new IT security law passed on Friday by the German Bundesrat (the country's "Federal Council").

According to RT, over 2,000 water and energy utilities, telecoms, health providers, transportation companies, and finance and insurance firms - in short, providers of services essential to the uninterrupted day-to-day life of German citizens - will either have to comply with the new law or pay fines of up to €100,000.

The new law will require both these firms and federal agencies to, among other things, enforce a defined minimum of cyber-security standards and report to the Federal Office of Information Security (BSI) about cyber attacks mounted against their systems.

The legislation will also expand the federal criminal police's powers. The Office of Criminal Investigation (BKA) will be tasked with investigating various cyber crimes, from data interception and manipulation to data spying.

A provision of the law heavily debated by privacy advocates is that which requires telecoms to store their customers' traffic data for as far back as six months, so that the police could use it in their investigations. Another obligation telecoms will have is to notify its customers when their connection was abused.

It seems that no one, apart from the legislators, is satisfied with this new law: privacy advocates are worried about the government spying on the citizens' communications; companies are worried about the costs of implementation of these security measures, as well as the possibility of successful cyber intrusions becoming public and damaging their reputation with customers and shareholders; and the opposition is wondering how can the government mandate IT security measures when their own have repeatedly been found wanting.

Net-Security

 

« The BYOD Debate is Not Over
Can You have Both Security & Privacy in the Internet Age? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Kount

Kount

Kount's “decision engine” platform is ideal for managing fraud in online/telephone channels that process payments and onboard new customers.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

Longbow Security

Longbow Security

Longbow automates root cause for your application and cloud risks, enabling teams with intelligent remediation actions that reduce the most risk with the least effort.

Quantum Bridge

Quantum Bridge

Our unbreakable key distribution technology ensures the highest level of protection for your critical infrastructure and sensitive data in an evolving digital landscape.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.