Federal Office for Information Security

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Federal Office for Information Security
Bundesamt für Sicherheit in der Informationstechnik
Bundesamt für Sicherheit in der Informationstechnik Logo.svg
Agency overview
Formed1991
Superseding agency
JurisdictionGovernment of Germany
HeadquartersBonn
Employees>1,100 [1]
Minister responsible
Agency executive
Websitewww.bsi.bund.de
Building in Bonn, Germany

The Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2020 has about 1,100 employees. Its current president, since 1 February 2016, is former business executive Arne Schönbohm, who took over the presidency from Michael Hange.

BSI's predecessor was the cryptographic department of Germany's foreign intelligence agency (BND). BSI still designs cryptographic algorithms such as the Libelle cipher and initiated the development of the Gpg4win cryptographic suite.

Similar Agencies[edit]

The BSI has a similar role as the

  • Computer Security Division (CSD) of Information Technology Laboratory (ITL) of NIST (United States)
  • CESG (United Kingdom)
  • National Cybersecurity Institute (INCIBE)[2] (Spain)

Unlike those organizations, BSI is focused on IT security rather than being part of an organisation with a more general IT standards remit. BSI is separate from Germany's signals intelligence, which is part of the military and the foreign intelligence service (BND).

Responsibilities[edit]

The BSI's scope of duties is defined by the German Federal Office for Information Security (BSI Act). The aim of the BSI is the promotion of information and cyber security in order to enable and promote the use of secure information and communication technology in government, business and society. For example, the BSI develops practice-oriented minimum standards and target group-specific recommendations for handling IT and Internet security.

The BSI is also responsible for protecting the IT systems of the federal government. This involves defending against cyber attacks and other technical threats against the IT systems and networks of the federal administration. Once a year, the BSI reports on this to the Committee on Internal Affairs of the German Bundestag.

The tasks of the BSI include:

  • Protection of federal networks, detection and defense of attacks on government networks
  • Testing, certification and accreditation of IT products and services
  • Warning of malware or security holes in IT products and services
  • IT security consulting for the federal administration and other target groups
  • Information and raising awareness of the public and the econonmy on IT and Internet security
  • Development of uniform and binding IT security standards
  • Development of cryptographic systems for the federal IT

The BSI is the central certification body for the security of IT systems in Germany (computer and data security, data protection). Testing and certification is possible with regard to the standards of the IT-Grundschutzhandbuch, the Green Book, ITSEC and the Common Criteria.

The BSI is a national authority in the field of cryptography, which draws up recommendations and technical guidelines for cryptographic procedures and is involved in the development of international cryptographic standards.

National Cyber Defense Center[edit]

The National Cyber Defense Center (Nationales Cyber-Abwehrzentrum, Cyber-AZ) is a cooperative institution of German authorities at federal level for the defense of electronic attacks on IT infrastructures of the Federal Republic of Germany and its economy. It was launched on April 1, 2011 and is located at the BSI.

The center is a core element of the Cyber Security Strategy adopted by the German government in 2011. It aims to optimize operational cooperation and coordinate protection and defense measures. This is based on a holistic approach that brings together the various threats in cyberspace: Cyber espionage, cyber spying, cyber terrorism and cyber crime. The goal is a rapid exchange of information, rapid assessments and concrete recommendations for action derived from these.

Alliance for Cyber Security[edit]

The Alliance for Cyber Security, or Allianz für Cyber-Sicherheit, is an initiative of the German Federal Office for Information Security, which will be launched in 2012 in cooperation with the German Association for Information Technology, Telecommunications and New Media. (Bitkom) was founded. As an association of all major players in the field of cyber security in Germany, the alliance aims to provide up-to-date and valid information on threats in cyberspace. The initiative also supports the exchange of information and experience between the participants. More than 4,000 institutions now belong to the Alliance for Cyber Security, including almost 100 partner companies and 45 multipliers. Participation is free of charge and can be applied for by any German institution.

UP KRITIS[edit]

The UP KRITIS (UP stands for implementation plan) is a public-private cooperation between operators of critical infrastructures (KRITIS), their various associations and the responsible governmental agencies such as the BSI. It addresses eight of the nine critical infrastructure sectors. The sector "state and administration" is covered by the UP BUND and activities on state and municipal level. The goal of the UP KRITIS cooperation is to maintain the supply of critical infrastructure services in Germany. All organizations based in Germany that operate critical infrastructures in Germany, national professional and industry associations from the KRITIS sectors and the responsible authorities can participate in UP KRITIS upon application.

BSI for citizens[edit]

The tasks of the BSI include informing and sensitizing citizens to the safe use of information technology, mobile communication media and the Internet. The BSI therefore offers online content specially tailored to the needs of citizens (BSI für Bürger). The website covers topics and information on IT and Internet security in a way that is understandable even for technical laypersons. In addition to providing information, the BSI also offers specific and actionable recommendations, for example on topics such as e-mail encryption, smartphone security, online banking, cloud computing or social networks. Private users can also contact the BSI by phone or e-mail with their questions on IT and Internet security issues. In addition, the BSI offers a free warning and information service called "Bürger-CERT", which informs citizens and small businesses quickly and competently about weaknesses, security gaps and other risks and provides practical guidance.

Activities[edit]

In December 2018, Arne Schönbohm stated that the BSI had not yet seen evidence that Chinese telecommunications company Huawei had used its equipment to conduct espionage on behalf of China.[3]

IT Baseline Protection Catalog[edit]

The IT Baseline Protection Catalog, or IT-Grundschutz, is a collection of enterprise security guidelines established by the office, which serve to identify and combat security-relevant vulnerabilities in IT environments. With introduction and catalogs, the collection comprises more than 4,800 pages and serves companies and authorities as a basis for obtaining certification according to IT-Grundschutz. By obtaining certification, a company demonstrates that it has taken appropriate measures to protect its IT systems against IT security threats. [4]

See also[edit]

References[edit]

  1. ^ "Das Bundesamt für Sicherheit in der Informationstechnik". The Federal Office for Information Security (in German)
  2. ^ "incibe". incibe.es. Retrieved 2019-02-06.
  3. ^ Varghese, Sam. "iTWire - German IT watchdog says no evidence to back Huawei spying claims". IT Wire. Retrieved 2018-12-26.
  4. ^ "Using standards to create cyber security policies". British Standards Institution. Retrieved 27 January 2020.

External links[edit]