Reading Time: .
The Federal Office for Information Security (BSI) is one of the major cybersecurity think tanks in the world. These are the experts responsible for protecting Germany’s IT infrastructure.
The BSI deals with IT security issues for public administration as well as for companies and private users. As a top federal government agency, the BSI pursues the self-defined goal of maintaining cybersecurity “through prevention, detection and response for the nation, the economy and the public.” Since being created in 1991, the agency has also established itself as a center of excellence for all matters relating to cybersecurity. Today, the BSI has over 1,400 employees, the majority of whom work at its headquarters in Bonn.
Who does what?
The majority of the agency’s employees are specialists in the fields of computer science, physics, and mathematics. Divided into eight independent departments and subdivisions, the experts at the BSI focus on every facet of cybersecurity, including the areas of hardware and software, IT management, operations, and cybersecurity for the general public. Among the issues currently being dealt with are the secure expansion of the 5G mobile communications standard, artificial intelligence, and the protection of critical infrastructure (KRITIS).
BSI protects the German Federal Government’s IT infrastructure
The key task of the BSI is protecting the IT infrastructure of Germany’s federal government. Its security experts are constantly working to secure networks against new attack vectors. The primary goal is to secure digital communications and protect sensitive data records. Sensitive government secrets must not be allowed to fall into the wrong hands under any circumstances. In an emergency, human lives depend directly on the protection of this data, for example, when it concerns classified military information on Bundeswehr or NATO missions.
BSI for citizens
The agency operates the “BSI for Bürger” platform specifically for the security needs of end users. This is where the security experts issue recommendations and guides for the secure use of digital systems in the private sphere. Users also receive alerts about critical security vulnerabilities in operating systems and programs on PCs, tablets, and smartphones. Further questions on the subject of cybersecurity can be answered by BSI staff via a service telephone, available for inquiries on weekdays.
BSI as an IT competence center
In addition, the BSI has positioned itself as a partner and consultant for the federal government, the states and other administrative segments. The experts support public authorities in setting up, operating, maintaining and securing their IT infrastructure. However, the BSI’s expertise also benefits the business community. By defining established minimum standards, best practice models and mandatory regulations, the authority provides guidelines for the secure digitization of large and small organizations.
IT Security Act
For operators of critical infrastructure, for example, the BSI has presented a legal framework in the form of the IT Security Act for the digital protection of providers highly relevant to the general public. Operators of critical infrastructure, such as power plants, hospitals, and telecommunications companies, are required by law to regularly provide the BSI with verification of the security of their IT infrastructure. The BSI is also the intelligence unit for critical infrastructure.
If any major disruptions in IT occur, they must be reported to the agency. Conversely, the BSI is responsible for collecting and evaluating information relevant to cybersecurity in the sector of critical infrastructure and informing the operators concerned in the event of a potential threat situation.
In addition, the BSI’s IT-Grundschutz (“basic IT protection”) defines a series of security measures to assist government agencies and companies in implementing reliable standards of protection. The framework includes technical measures as well as organizational and personnel requirements.
For example, the requirements for IT-Grundschutz require a detailed IT structural analysis to document existing infrastructure and related processes. The BSI certifies successful implementation of basic protection in conjunction with the introduction of an information security management system (ISMS) by awarding the ISO 27001 certificate based on IT-Grundschutz. The certificate provides proof that the confidentiality, availability, and integrity of all information is ensured by suitable technical and organizational measures in the company.
IT-SiG 2.0 expands powers
The revised version of the IT Security Act (IT-SiG 2.0) gives the BSI a number of new powers, allowing the agency to assume a more active role overall in combating cyber incidents. Consequently, the BSI is now authorized to exercise powers of control and audit over the federal administration. In the future, the BSI will also be involved at an early stage in major federal government digitization projects.
It will also be able to access log data to defend against threats to the federal government’s communications technology. This data is stored for twelve months for this purpose. The new powers also include the active use of port scans and setting up honeypots to detect security vulnerabilities, malware, and cyberattacks. The aim is to identify threats to telecommunications companies and providers early on and, if necessary, to remedy them (on their own).
Myra Security: BSI-certified technology pioneer
The Myra DDoS protection solution is certified by the German Federal Office for Information Security (BSI) for Critical Infrastructure (KRITIS) according to ISO 27001 on the basis of IT-Grundschutz. Myra is also the world’s first and only BSI-certified DDoS protection provider that completely fulfills all 37 of the performance requirements. The high-performance technology analyzes web traffic on layers 3, 4, and 7 in real time and filters out harmful data streams fully automatically.