IIn response to the recent cyber-attacks against German targets the German Government has announced measures to improve the cyber security.
In response to the recent cyber-attacks against German targets, including the hack of the systems at Bundestag, the central Government has announced measures to improve the cyber security.
To avoid more problems, the German Government listed its “critical infrastructure” after a consultation of 2000 German institutions and is planning to take precautions to avoid cyber attacks.
Similar attacks could have serious repercussion on the operation of the country, consider that German media stated that Bundestag may need to replace 20,000 computers after the recent attack, an operation that could cost millions Euro.
The list of critical infrastructure provided by the German Government includes essential services like telecommunications, hospitals, water utilities, and so on. The Government plans to give fines up to 100.000 Euros, if these institutions fail to pass the minimum information security standards.
The German Government has proposed a law that was passed last Friday in the Bundestag, and obligates the listed institutions to notify the Federal Office of Information Security (BSI) if they are victims of severe cyber-attacks.
The institutions need to also obtain BSI clearance, meaning that they are compliant with minimum security standards.
Since BSI has at the moment only 600 employees, extra funding and personnel will be provided.
This can be a start to make important institutions more compliant with security standards and definitely fines will help institutions to take things seriously, since public institutions sometimes are caring for this type of problem (because they lack budget for more, or because employees are not sensitized), I feel confident that this type of law could be applied over many countries, and since attacks will keep being on the rise, there is no excuse to avoid the issue.
About the Author Elsio Pinto
Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.