On 25.07.2015, the new IT security law came into effect after publication in the Federal Law Gazette.
The aim is to strengthen the security of IT systems by “avoiding disturbances to availability, integrity, confidentiality and authenticity” and to protect critical infrastructure areas such as energy and water management, rail transport and telecommunications from cyber attacks.
In addition to observing higher requirements for the protection of customer data, hacker attacks must be reported centrally to the BSI (Federal Office for Information Security).
Operators of flood protection systems and water supply and wastewater treatment plants are now also required to maintain state-of-the-art IT security measures. Moreover, corresponding control organizations for compliance with IT security standards (so-called ISMS, see glossary on p. 26) must also be established and must be reviewed by external bodies every two years within the scope of audits or certifications. The results must be submitted to the BSI. Precise regulations are now being specified in the context of the legal guidelines. Recommendations on IT security standards from the individual industries are taken into account.