03
What are the tasks of the BSI?
The responsibilities of the federal authority are specifically defined in the Act of the Federal Office for Information Security (BSI Act). The BSI is primarily responsible for the IT security of public administration, private industry and end users in Germany. To this end, the authority is divided into specialized departments that cover different technology and operate various portals, as well as performing advisory functions. Here are several of the BSI's key protection goals, initiatives and organizations:
PROTECTING THE FEDERAL GOVERNMENT'S IT INFRASTRUCTURE
The BSI's core mission is to protect the federal government's IT infrastructure. Its experts are constantly working to secure the networks against new attack vectors. The primary goal is to secure digital communications and protect sensitive data records. Critical government secrets must not fall into the wrong hands under any circumstances. In the event of an emergency, human lives depend directly on the protection of this data - for example, if it involves classified military information on Bundeswehr or NATO missions.
NATIONAL CYBER DEFENSE CENTER
The National Cyber Defense Center (Cyber-AZ) is a cooperative platform located directly on the premises of the BSI in Bonn. There, the state security authorities work together for improved coordination of protection and defense measures in the event of IT security incidents. Even in the event of a crisis, the German government's ability to act is to be ensured. In addition to the BSI, the platform includes the Federal Office for the Protection of the Constitution (BfV), the Federal Office of Civil Protection and Disaster Assistance (BBK), the Federal Criminal Police Office (BKA), the Federal Intelligence Service (BND), the Federal Police Headquarters and, for the Bundeswehr, the Federal Office for Military Counterintelligence (BAMAD) and the Cyber and Information Space Command (KdoCIR) - the Customs Criminal Investigation Office (ZKA) and the Federal Financial Supervisory Authority (BaFin) are also included as associated agencies.
ALLIANCE FOR CYBER SECURITY
The BSI initiative was founded in 2012 in cooperation with the industry association Bitkom. The Alliance for Cyber Security (ACS) sees itself as an association of all major players in information security in Germany. The initiative currently involves 6,700 companies, public authorities and other institutions. Its objective is the active exchange of experience on the digital threat situation. To this end, expert contributions are continuously shared via the ACS network. In addition, events are held on an ongoing basis to share industry-relevant best practices on the topic of cybersecurity.
UP KRITIS
UP KRITIS is a public-private cooperation between operators of critical infrastructures, their associations and the relevant government agencies such as the BSI. The latter provides all participating organizations with situation information and alerts on IT and OT (Operational Technology) security. UP KRITIS itself is organized into committees and working groups for the different KRITIS branches. The aim of the cooperation is to sustainably increase the resilience of critical infrastructures.
BSI FOR CITIZENS
The authority operates the "BSI for Citizens" platform specifically for the security needs of end users. There, the BSI team publishes recommendations and guides for the secure use of digital systems in private environments. Users also receive warnings about critical security vulnerabilities in operating systems and programs on PCs, tablets and smartphones. Further questions about cybersecurity can be answered by BSI experts via a service hotline, which is available for inquiries on weekdays.
BSI AS IT CENTER OF EXCELLENCE
In addition, the BSI has positioned itself as a partner organization and expert advisor for the federal government, the states and other administrative segments. The expert teams support public authorities, for example, in setting up, operating, maintaining and securing their IT infrastructure. However, the BSI's expertise also benefits the business community. By defining established minimum standards, best-practice models and mandatory regulations, the authority provides a guideline for the secure digitization of large and small organizations.
04
How does the BSI protect critical infrastructures?
The IT Security Act binds operators of critical infrastructures (KRITIS) to the BSI via a legal framework. For example, there is a legal obligation for KRITIS operators to regularly demonstrate the security of their IT infrastructure to the BSI. Furthermore, the BSI is also the central reporting point for KRITIS. If there are significant disruptions in IT, these must be communicated to the federal authority. Conversely, the BSI is responsible for collecting relevant information for cybersecurity in the KRITIS sector, evaluating it and forwarding it to the affected operators in the event of a potential threat situation. Furthermore, via the cooperation in UP KRITIS, operators of critical infrastructures have a possibility for the coordinated exchange of security-relevant data.
07
BSI: What you need to know
The Federal Office for Information Security (BSI) is a German federal authority whose responsibilities cover securing the digital infrastructure of the state, the economy and society in Germany. To this end, the BSI acts as a national think tank for all areas of cybersecurity, develops best practices and certificates for defending against cyberattacks and increasing IT resilience, and acts as a central reporting point for cyber incidents. To do justice to this broad range of tasks, the authority is divided into different, subject-specific committees and working groups in which more than 1,400 employees are active. In addition, BSI organizes various platforms and initiatives such as the Alliance for Cyber Security, UP KRITIS or BSI for Citizens, which are active in dedicated subject areas and aim to protect digital systems and build sustainable resilience.
Myra Security is also involved in the Alliance for Cyber Security in close collaboration with BSI. In addition, Myra technology is certified to the BSI standard ISO 27001 based on IT-Grundschutz. Furthermore, as one of the leading providers, we meet all 37 criteria of the BSI for qualified KRITIS security service providers.
Learn more about our certificationsFrequently asked questions about the BSI
The German Federal Office for Information Security (BSI) is a federal authority that deals with IT security issues for public administration, companies and private users. It pursues the self-defined goal of shaping "information security in digitalization through prevention, detection and response for the state, the economy and society." Since its foundation in 1991, the BSI has also established itself as a recognized center of excellence for information security issues. The security agency's core task is to defend against cyberattacks on government networks and the federal administration.
The BSI is the federal government's cybersecurity authority. It is part of the Federal Ministry of the Interior. Its headquarters are in Bonn, with another office in Freital, Saxony. At the top of the authority is the management with president and vice-president. The technical work of the BSI is organized into eight departments, each of which consists of up to three specialist areas. The divisions are in turn subdivided into various units.
The BSI has 1,441 employees (as of 2022), the majority of whom work at the headquarters in Bonn. The federal government's cybersecurity agency primarily employs specialists in the fields of computer science, physics and mathematics. BSI experts deal with all facets of information security. This includes hardware and software, IT management, operations or even the cybersecurity of citizens.