Draft legislation that would pave the way for the introduction of tough new cyber security measures to protect ‘critical infrastructure’ in Germany has been unveiled by the country’s federal interior ministry.21 Aug 2014
The ministry said the draft IT security requirements would apply to telecommunications, energy, traffic, transport, health, water, food supply, finance and insurance companies and agencies.
The proposals, announced on 19 August, are designed to ensure the security of IT systems, “the protection of citizens generally”, and ensure Germany’s IT systems and digital infrastructure becomes “the safest in the world”, the ministry said.
Other federal government departments have been asked to study the proposals, which will then be made available for “broad public debate”, said the ministry, which is also responsible for IT security.
Measures outlined in the proposals include strengthening Germany’s federal information security office and extending the investigative powers of the federal criminal police in relation to cyber crime. Companies would also be required to report attacks by hackers.
Interior minister Thomas de Maiziere said: “We need to be more secure than before. Whoever puts others at risk must bear responsibility. Anyone who operates critical infrastructure must do so safely.”
The ministry said the proposals are in line with Germany’s ‘digital agenda’ for 2014-2017, which was approved by the federal government on 20 August 2014. The digital agenda is a supplement to the government’s information and communication technology strategy launched in 2010 (46-page / 1.34 MB PDF).
The new digital agenda calls for enhanced innovation of IT and related services, the development of comprehensive high-speed networks and the promotion of digital media literacy for all generations. In addition, the agenda aims to “instil greater confidence in the use of systems to benefit the wider economy”, the ministry said.
De Maiziere said: “The digitisation of our daily lives provides enormous opportunities both for individuals and for the economy and society as a whole. It is up to us to take advantage of these opportunities for our country.”
However, de Maiziere said the government’s strategy is to exploit the full potential of the internet while “balancing the different interests” of stakeholders.
According to the interior ministry, “cyber crime poses an increasing threat (and) IT security is a top priority, because an IT failure could compromise Germany’s internal security”.
In June 2014, the interior ministry announced plans to end the federal government's contract with the US internet services provider Verizon amid concerns over “revelations about surveillance by the US National Security Agency and its relations with US companies”.
In July, de Maiziere called for the conclusion of stalled efforts to overhaul and harmonise data protection law in Europe. In particular, de Maiziere said Germany wanted to see an “opening clause” in future regulations that would “explicitly allow” EU member states to go beyond the planned ‘General Data Protection Regulation’ (119-page / 448 KB PDF) “as needed and pass stricter national data protection legislation for the public sector”.