Critical Infrastructure: Ministerial Draft for IT Security Act To Improve IT Security Standards for Energy Sector

To counteract the increasing number of cyber attacks and improve the IT security of public authorities and the private sector, the Federal Ministry of the Interior has presented a ministerial draft for an IT Security Act (IT-Sicherheitsgesetz). The draft also contains new provisions for critical infrastructure, including in particular the energy sector.

IT systems and the internet have become an integral part of private and commercial life in Germany. Across all sectors more than half of all enterprises already rely on the internet and the importance is still rising. The planned IT Security Act shall address IT system security in “critical infrastructures”, including in particular the energy sector (cf. Article 1 no. 2). Besides, the law gives the Federal Office for Information Security (BSI) and the Federal Criminal Police Office (BKA) greater competences in their fight against cyber attacks.

The draft defines “critical infrastructure” as facilities and installations in sectors such as the energy sector that are of great importance for the functioning of the community (Gemeinwesen) and breakdown or damage of which would lead to lasting supply bottlenecks or  disruptions of the public safety (cf. Article 1, no. 2, new Section 2 para. 10 BSIG).

A new Section 8a BSIG shall set requirements for the safety of information technology systems, components thereof and processes of critical infrastructure. Operators are required to take precautionary measures for critical infrastructure within a period of two years following the entry into force of an ordinance that prescribes further details. According to a new Section 8b BSIG, operators of critical infrastructure have to report significant security incidents to BSI.

BMI points out that the new requirements are based on the proposal of the EU Commission for a Directive concerning measures to ensure a high common level of network and information security across the Union. The ministry emphasizes that the draft IT Security bill reflects the position of the German government in the ongoing talks on the Directive.

Source: Federal Ministry for the Interior

4 Responses to “Critical Infrastructure: Ministerial Draft for IT Security Act To Improve IT Security Standards for Energy Sector”

Comments are currently closed.