Inside BSI – Germany’s federal information security agency

On the front-line of Germany’s cyber defense

Germany’s Federal Office for Information Security or Bundesamt für Sicherheit in der Informationstechnik (BSI) in German, is the federal agency tasked with managing and protecting government IT systems and the wider country’s critical infrastructure. In light of recent reports of hacking and alleged political leaks aimed at swaying democracy, their role has never been so important. We recently spoke to BSI spokesperson Matthias Gärtner about the importance of the agency.

What are the biggest IT security challenges faced in Germany today?

A major challenge is the protection of critical infrastructures in Germany. In July 2015 the German government launched the IT security act. The first part of the regulation “KRITIS-Verordnung” was released in May 2016. This regulation defines the technical parameters in the sector energy supply e.g with the number of households supplied by power plants. Additionally, the parameters for sectors IT and telecommunications, water supply, agriculture, and food are released. The industry is developing cyber security concepts.

BSI has established mobile incident response teams (MIRT) to support the critical infrastructures in case of cyber attacks. For the industry sector the transformation to smart factory is a major challenge. Private users are confronted with new cyber threats by the smart home and the Internet of things.

Cyber security is an international problem. How closely do you work with other national defence organisations across Europe to ‘join the dots’ across borders?

BSI has close working relations with all European organizations and authorities working on cybersecurity. Beside the cooperations, with other governmental CERTs BSI has a close cooperation with the French IT security authority ANSSI (Agence nationale de la sécurité des systèmes d’information). Recently ANSSI and BSI founded the ESCloud working group, where BSI and ANSSI are jointly starting up a cloud security initiative that should feed into pan-European cooperation. BSI is also working together with the organisations in the Netherlands, in the UK and also in the German-speaking countries Austria, Switzerland, and Luxembourg. As national cybersecurity authority BSI is also working together with the cybersecurity departments of the NSA and DHS.

Cyber security is in the news more than ever. With the onset of IoT, driverless cars, drones etc, what steps are you taking to secure German government assets and the public at large?

Last November the German Government adopted the Cybersecurity Strategy for Germany 2016. This is an update of the national Cybersecurity strategy from 2011, focusing new technical development like IoT and self-learning machines and the new threat situation. The strategy provides more than 30 goals and measures for the improvement of cybersecurity. One goal is to strengthen, secure and self-define action in a digitalised environment. As a guideline for the consumers, the intention is to introduce a basic certification procedure for secure IT consumer products. The criteria will be determined by the BSI. In parallel with this, there will be a strengthening of existing resources in the BSI used for the development of technical guidelines, for certification and for the support of national accreditation bodies in the area of IT security. The aim is also to expand cooperation between government and business in cyber security. Beside this BSI continues his activities in information services, awareness rising with the website www.bsi-fuer-buerger.de and telephone and email help line.

You also extend support to protecting businesses in Germany. What products are you showcasing this week at CeBIT?

During CeBIT in Hannover BSI releases new standards of IT Grundschutz as a community draft. This is an important step for the modernization of this IT security management concept. We also release new cryptographic guidelines for the secure implementation of cryptographic protocols like TLS, IPsec and SSH. These activities will also be presented at the CeBIT Security Stage in Hall 6, Stand H30

More information about the BSI’s activities during CeBIT can be found on their website  www.bsi.bund.de