Pierluigi Paganini
July 14, 2015
In response to the recent cyber-attacks against German targets, including the hack of the systems at Bundestag, the central Government has announced measures to improve the cyber security.
To avoid more problems, the German Government listed its “critical infrastructure” after a consultation of 2000 German institutions and is planning to take precautions to avoid cyber attacks.
Similar attacks could have serious repercussion on the operation of the country, consider that German media stated that Bundestag may need to replace 20,000 computers after the recent attack, an operation that could cost millions Euro.
The list of critical infrastructure provided by the German Government includes essential services like telecommunications, hospitals, water utilities, and so on. The Government plans to give fines up to 100.000 Euros, if these institutions fail to pass the minimum information security standards.
The German Government has proposed a law that was passed last Friday in the Bundestag, and obligates the listed institutions to notify the Federal Office of Information Security (BSI) if they are victims of severe cyber-attacks.
The institutions need to also obtain BSI clearance, meaning that they are compliant with minimum security standards.
Since BSI has at the moment only 600 employees, extra funding and personnel will be provided.
This can be a start to make important institutions more compliant with security standards and definitely fines will help institutions to take things seriously, since public institutions sometimes are caring for this type of problem (because they lack budget for more, or because employees are not sensitized), I feel confident that this type of law could be applied over many countries, and since attacks will keep being on the rise, there is no excuse to avoid the issue.
About the Author Elsio Pinto
(Security Affairs – German Government, hacking)
