- Get link
- Other Apps
Last week, around 900,000 Telekom customers had to learn painfully about the dangers lurking in cyberspace. Many could neither use the Internet nor watch television or simply “only” make phone calls. The reason for the thousands of disruptions was a global hacker attack on DSL routers. The incident shows how important cybersecurity is in our time. Especially against the background that more and more applications are migrating to IP-based networks.
The Federal Ministry of the Interior (BMI) sees protection against cyber threats as
one of the most important tasks for our government. For this reason, a new
cybersecurity strategy for Germany has been eagerly
worked on in recent months. The result was presented to the federal
government on November 9th and approved by it.
Much Known, Little Concrete
Then the paper describes a total of 30 strategic goals and measures to improve security
in the digital world. We were already able to find many elements of the
new strategy in the predecessor of 2011: Sensitizing citizens to more security
in cyberspace, strengthening cooperation between state and business and
interlinking European and international IT security policy more closely.
In
addition, mobile incident response teams ("Mobile Incident Response
Teams" - MIRT) will react quickly to cyber-attacks and also support
affected companies. The national cyber defense center (NCAZ) is to be
expanded and the competencies of the Cyber Security Council and the Federal
Office for Information Security (BSI) is to be expanded. Encryption
techniques should be continuously promoted, at the same time the Federal
Ministry of the Interior also wants to further develop the skills of the law
enforcement and security authorities so that these encryptions can be cracked
or bypassed. How these two points can be reconciled remains to be seen. Criticism
of the fact that there is a "two-pronged approach" was raised immediately
after the paper was published.
Cyber security Strategy Misses the Need in Parts
The strategy certainly contains some exciting approaches, but unfortunately remains
very vague on many points and, admittedly, also falls short of our
expectations.
The creation
of the paper was preceded by an extensive process, during which the Federal
Ministry of the Interior also asked companies about their needs and
expectations of a cybersecurity strategy - with some very clear results.
While
the idea of the mobile reaction force, which 60% of the companies surveyed
consider to be useful state support, was gratefully taken up and worked out,
very central aspects are treated only disappointingly superficially.
If
53% of the companies would like a state IT security seal of approval as a
decision-making aid, the paper does not go beyond ideas for basic certification
for IT consumer products. Admittedly, existing security certificates are
also being touched upon - these just unfortunately largely miss the needs of
most user companies.
In, In my opinion, this is a blatant weak point in the strategy. In addition to
protecting consumers in the digital world, protecting small and medium-sized
companies is a very important state task. Because it is precisely these
companies that are often confronted with the complexity of IT security tasks
and need help.
The aim here is to develop sustainable and practicable certification procedures
that confirm the security and trustworthiness of IT security solutions for
companies. That won't be easy and the experts at the BSI will certainly be
demanding.
Then the second point that struck me negatively is the chapter “Strengthening the German
IT Industry”. An overwhelming majority of 80% of the companies surveyed as
part of the BMI survey are in favor of targeted state funding of key
technologies - including network technology and the cloud. The survey we
conducted in 2019, “Digital Sovereignty: Assessments in the German Economy and
Administration” also came to very similar results.
However,
one looks in vain for concrete measures or even industrial policy programs in
the cybersecurity strategy.
Although
the seal of approval “IT Security Made in Germany” (ITSMIG) is to be promoted
and expanded, no example is given of how this can be implemented. Otherwise,
the measures are within the familiar framework: classic research funding. That
is all well and good, but it does not help to close the gaps in the key
technologies in the foreseeable future or to promote marketable products in
their distribution. What is missing is a clear industrial policy signal
including effective funding programs. In the USA and China, which are so
envied for their IT successes, this has long been part of the political agenda.
There Are No Clear Liability Regimes
What
is mentioned only marginally in the paper is the question of product liability
in the event of damage (page 18 “Secure digitalization”). Here, too, one
should have expected more. After all, the so far completely unresolved
question of liability for injured parties is a very important aspect.
The long-term goal of product liability for IT solutions is to increase the
security level of the products. Only if there are appropriate sanctioning
options in the direction of providers and manufacturers will those who do not
do so today for cost reasons also find it easy to keep their products up to
date.
However,
such a legal framework needs to be very well thought out. The dialogue
with the manufacturers is elementary here - and the user must also be held
accountable. After all, it is not enough for manufacturers to make
security updates available. They also have to be brought in. As with
many points in the cybersecurity strategy, there is still a lot of work to be
done here.
Overall,
the 2021 cybersecurity strategy, unfortunately, fell short of expectations. The
big hit, at least, did not materialize.
It is to be hoped that much will become more tangible when the goals and measures are further elaborated.
Include the best antivirus solution in your cybersecurity strategy to keep your data safe from fraudsters.
Comments
Post a Comment