The SPD digital politician Jens Zimmermann explained: “In view of the attacks on pipelines and the railway infrastructure, we have to assume that further escalation can also occur in the digital space.” The Greens also consider the cyber threat to be a “relevant risk scenario”. . The interior expert of the parliamentary group Irene Mihalic believes, however, that Germany is “not adequately prepared”.
Mihalic is therefore calling on the interior minister to introduce the “Kritis umbrella law” this year. “We finally need binding standards in the critical infrastructure so that we are well protected against attacks,” Mihalic told the Handelsblatt.
Critical infrastructure includes facilities from the energy, transport, water, food, state and administration, health, information technology and telecommunications sectors. Some experts have doubts as to whether these partly state-run, partly privately run facilities are adequately protected in Germany.
Top jobs of the day
Find the best jobs now and
be notified by email.
An “umbrella law” was agreed in the traffic light coalition agreement. In July, Faeser then announced that he would soon present key points to the cabinet. So far this has not happened. Now the minister is concretizing her plans.
According to this, Faeser wants to oblige the operators of critical infrastructures to take increased protective measures. “Binding requirements for risk assessments and protective measures” would be anchored in the “Kritis umbrella law”, said Faeser. “Our law will affect all sectors of critical infrastructure, including energy supply in particular.” The plan is to strengthen the entire system of critical infrastructure and make it more resilient.
Faeser emphasized that the Kritis operators had to be “comprehensively prepared” for dangers such as natural disasters, terrorism, sabotage or human error. “We are also introducing a reporting system for disruptions in critical infrastructures.” With a view to the EU directive on the resilience of critical facilities, which is currently being negotiated, the minister added: “We are closely embedding our system for protecting critical infrastructures in the European framework overall to strengthen security of supply.”
Espionage, sabotage, cyber attacks: Secret services warn against Russia
Faeser also wants to ensure more security with the implementation of its recently presented cyber security agenda. “We are creating new instruments to investigate cyber attacks and to be able to influence IT infrastructures that are used for an attack,” said the SPD politician. “In this way, the security authorities can stop or at least mitigate serious cyber attacks.” The protection of critical infrastructures must have “top priority”, emphasized Faeser. The acts of sabotage on the Baltic Sea pipelines and the railway infrastructure also showed this.
Cyber experts like Sven Herpig from the New Responsibility Foundation (SNV), a think tank for digital politics, now see Faeser as an obligation. “So far, the Minister of the Interior has not attracted attention with her energy in the area of cyber security policy,” he said. “In this respect, the timely introduction of legislative drafts would definitely be in favor – if they are good.”
>> Read also: Small and medium-sized businesses are demanding government emergency programs to protect critical infrastructure
The findings of the German secret services in connection with the Ukraine war also show that there is a great need for action. At a hearing in the Bundestag earlier this week, the presidents of the services emphasized that espionage, sabotage of infrastructure and cyber attacks are part of Russian attack strategies.
It is all the more urgent that Faeser will soon be presenting stricter requirements. The SPD politician Zimmermann indicated that this will not last much longer. “The Kritis umbrella law is well advanced and will further improve and specify the protection of critical infrastructure,” he said.
Schönbohm’s dismissal raises concerns
According to the FDP domestic politician Manuel Höferlin, the law should ensure that the critical infrastructure is made more resilient in the future, i.e. more resistant. For this purpose, so-called “technical redundancies” are to be introduced. So something like double bottoms, “so that acts of sabotage do not immediately lead to a total failure of systems and the effects remain limited,” said Höferlin to the Handelsblatt.
The cyber expert Herpig also thinks it is necessary to focus more on the topic of “resilience” than before. “Regardless of whether it’s criminals, intelligence services or extreme weather events: resilience helps to ensure the operative operation of the infrastructures,” he said. In addition, he believes that lowering the threshold for reporting serious incidents should also be considered in order to get a better picture of the situation.
In Germany, it is fundamentally the task of the companies and authorities that operate critical infrastructure to ensure the safe and reliable operation of their systems and facilities. When it comes to espionage risks, they receive warnings from the Office for the Protection of the Constitution. If cyber security is affected, they are in contact with the Federal Office for Information Security (BSI).
>> Read also: German foreign intelligence service dampens fears of a nuclear strike – but expects a long Ukraine war
Germany’s top cyber security authority is currently without a leader, however, after Interior Minister Faeser relieved BSI President Arne Schönbohm of his duties due to accusations that he was too close to Russia. The process is explosive because the authority is more in demand than ever due to the current increase in cyber risk.
The IT association Bitkom is calling for the head post to be filled quickly. “In view of the growing threat situation in cyberspace, the BSI is of great importance,” said Susanne Dehmel, member of the Bitkom management board, to the Handelsblatt. “The successor at the top should therefore be arranged with the necessary care, but also quickly.”
The managing director of the Federal Association of IT Security (TeleTrusT), Holger Mühlbauer, is also putting pressure on: “In the current situation, an effective BSI is urgently needed,” Mühlbauer told the Handelsblatt
The cyber expert Sven Herpig from the New Responsibility Foundation (SNV), a think tank for digital politics, does not believe that the BSI’s ability to act will be jeopardized after Schönbohm’s dismissal, especially not in operations. However, where there could be delays or “serious consequences” is, for example, in cooperation at national and international level, he told the Handelsblatt.
More: “Who actually advises the Chancellor?” – Traffic light politicians warn of China’s involvement in the port of Hamburg