IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Germany has recently passed legislation mandating over 2000 essential service providers to adopt new minimum information security standards. Those that don’t comply within the two year adoption period risk facing significant penalties.
On Friday, doubts about the law coming into existence were put to rest after approval from the German parliament’s upper house, the Bundesrat, was secured in its favour.
The law’s ambit extends to all institutions listed as critical infrastructure, which includes transportation, health, water utilities, telecoms, finance and insurance. If caught violating the law, the penalty can be as high as €100,000 ($111,000).
Under the new rules, it is obligatory for these institutions as well as federal agencies to get certification for minimum cyber-security standards. They must also get clearance from the Federal Office of Information Security (BSI) clearance and notify the Office of suspected cyber-attacks. Telecoms operators will be required to alert customers if their connection is compromised, during a botnet attack for example, or retain records of data traffic for up to six months for use in investigations.
As a result of the new law, the BSI will double up as the international centre for IT security and will be responsible for evaluating reports of breaches to cyber security in critical infrastructure. The right for accessing foreign data related to malware signatures and traces for evaluation remains with the Federal Intelligence Service (BND). The Federal Office for the Protection of the Constitution (BfV) will assist the BSI in assessing the damage inflicted on accessibility of critical infrastructure during cyber-attacks. However, the responsibility to investigate cyber crimes, such as data spying, intercepting or manipulating, is entrusted to the Office of Criminal Investigation (BKA).
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Germany’s Cyber Security Law for Critical Infrastructure Receives Upper House ApprovalThe upper house in Germany recently granted approval to the cyber security law for critical infrastructure.
Bhavesh Kumar
IFSEC Insider | Security and Fire News and Resources
