International Cyber Warfare and Security Conference
Cyber Defence
Germany's Analysis of Global Threats
19th November 2013,
Ankara
www.bmi.bund.de
Motivation for the new german cyber security
strategy:
Changed Security Situation
Busisness
Processes on the
Internet
Interconnection
Military
Intelligence
Services
Complexity of IT
Systems
Cyber Security
Crime
Underground
Economy
Short Innovation
Cycles
Hacker,
Cracker
www.bmi.bund.de
Convergency
of Networks
IP
Competition
Espionage
2
Shared Responsibility
Joined Action
Fed. Gov.
Fed. States
Integration
and
Convergence
Local Authorities
Operators of CII
Industry
International
Networking
Virtualization
Citizens
www.bmi.bund.de
3
Framework Conditions
Issues and Action Lines
Internet as a Public Good
Internet as a Public Space
Cyberspace Security
Security in Cyberspace

Resilience of Infrastructure

Integrity and Availability (failure
safety) of Systems and Data
www.bmi.bund.de

Secure Action in Cyberspace

Authenticity, Integrity,
Confidentiality of Data and
Networks

Legal Security
Legal Obligation

Security against Crime

Security against Malicious
Activities
4
Cyber-security-strategy
goals and measures
National Cyber Security Council
National Cyber Response Center
Critical IT
Infrastructure
IT of Citizens
IT in the Public
Administration
Use of Reliable and Trustworthy Information Technology
International Cooperation (EU, worldwide)
Response to
Cyber- Attcks
Effective Crime Control
Personnel development Fed. Gov.
www.bmi.bund.de
5
Participants in the National Cyber Response
Center
Supervision CIIP
BSI, BfV, BBk
…
Federal States
www.bmi.bund.de
6
National Cyber Response Center
Information is supplied by …
Implementation Plan KRITIS
(incidents, counter-measures)
Implementation Plan Federation/Federal Gov
(incidents, counter-measures)
.:
.:
Supervisory authorities
(routine and incident-related)
.:
Hard- and software suppliers
(vulnerabilities, counter-measures)
.:
BSI CERT, Command centre int. CERT
Association (monitoring/reports)
.:
BKA
(modus operandi, crime trends)
.:
Federal Armed Forces
(intelligence; own experience/ findings)
.:
Federal Intelligence Service
(intelligence; own experience/ findings)
.:
www.bmi.bund.de
Cyber
Response
Center
7
National Cyber Response Centre
Information is supplied to …
BSI-CERT and Command Centre
(coordinated evaluations/recommendations)
Hard- and software suppliers
(vulnerabilities and recommendations)
Nat. Cyber
Response
Centre
IP KRITIS / IP Federation/Fed. Gov.
(vulnerabilities, alerts, reecommendations)
Industry in general
(alerts, recommendations)
BKA, ZKA, Bundeswehr, BND
(all types of intelligence)
National Cyber Security Council
(periodic reports, recommendations)
Crisis management staff
(support in times of crisis)
Federal states depending on structure
General public (alerts)
www.bmi.bund.de
8
Communication Architecture in the
Implementation Plan kritis
companies
Company 1
Company 3
Cyber Response
Center
SPOC
Sector 1
...
Company 2
Single Points
of Contact
SPOC
Sector n
...
Company x
CERTS
Industry
www.bmi.bund.de
Federal Office for Information Security (BSI) &
National Cyber Response Centre
Findings after the first year

More than 900 incidents analysed

80/20 rule confirmed:
About 80% of cyber attacks could be prevented if the
basic 20% of known counter-measures were
consistently applied!

Among the remaining 20% there is a growing number
of very sophisticated attacks – for all we know by
special forces
www.bmi.bund.de
10
National Cyber Security Council - Tasks
Federal
Government
www.bmi.bund.de
11
The National Cyber-Security Council
Coordinates Instruments and
Overlapping Policy Making
Goals and Tasks
 Coordination of Cyber Security Policy Stances
Identification und Correction of Structural Trouble Spots
Discussion of Cyber Security Issues, new technologies
 Transparency in Collaboration
Recommendations to the Cyber Response Center
www.bmi.bund.de
12
Next steps – key questions

Ongoing implementation of strategy

This includes, e.g.:
 Enhancing and extending cooperation on critical
infrastructure protection
 Creating more PC security by increasing provider
responsibility
 Intensifying cooperation both at home and abroad
 Establishing norms of state behaviour in Cyberspace in
international fora (G8, United Nations)
www.bmi.bund.de
13
Draft IT Security Act
- Draft provisions to improve the protection of
Critical National Infrastructure (CNI) -
 Legal obligation to meet minimum organizational and
technical IT security standards in the field of CNI; state of
the art.
 Industries to work out standards. Federal Office for
Information Security (BSI) to recognize suitable
standards, after consultation with supervisory authorities.
 Security audits to be conducted every two years; list of
audits and identified deficiencies to be forwarded to BSI;
BSI may require operators to remedy problems
immediately.
 Major IT incidents to be reported to BSI directly.
 Purpose of reports: BSI to compile situation reports
and to inform CNI operators when necessary.
www.bmi.bund.de
Draft IT Security Act
- Draft provisions governing
ICT providers/operators -
ICT industry: Key role in cyber security

Telecommunications network operators and providers of
telecommunications services for the general public
 should always take into account the state of the art when
seeking to guarantee IT security.
 should report IT security incidents, even if they have not
caused direct disruptions of telecommunications
networks/services.
 should inform users about failures caused by their systems
and point out technical remedies for such problems.

Telemedia service providers (acting on a commercial basis and, as
a general rule, for payment) should safeguard state-of-the-art IT
security to the extent technically possible and reasonable.
www.bmi.bund.de

Thank you

http://www.bmi.bund.de
www.bmi.bund.de
16