Sunita Ute Saxena is responsible for Public Safety, Governance and Critical Infrastructure at Deutsche Telekom Security GmbH. On 29 November, she will be speaking at the KRITIS Competence Group meeting in Cologne regarding the KRITIS Umbrella Act and the status of NIS2 transposition in Germany. She covers three questions about what this will entail:
Ms Saxena, industry-specific security standards (B3S) concretise the requirements for critical infrastructures. Is this particularly challenging in the dynamic IT environment?
Yes, the IT environment is a very dynamic field. Initially, for example, Section 8a of the BSI Act in conjunction with the KRITIS Act simply categorised hosting as a critical facility. This was later expanded to include virtual hosting and thus led to an overlap with the EU regulations on cloud infrastructure in accordance with Section 8c of the BSI Act. Furthermore, more and more new scenarios in the field of attacks mean that IT needs to be better protected and controlled, which is reflected in the so-called “intrusion detection” recently introduced by law.
What amendments in the act are resulting in the need to adapt these standards?
The above-mentioned topic of intrusion detection will be included in the next release of the “Datacenter & Hosting” industry standard. In addition, we may have to specify or possibly expand the scope of the industry standard, which previously only applied to data centres, hosting and content delivery networks (CDN). In addition, there are new systems in the NIS2 Implementation and Cybersecurity Strengthening Act (NISUmsuCG), such as managed security service providers, for which there has been no industry standard to date.
What changes do companies need to be prepared for?
The effort required to protect IT security will increase significantly, especially for companies that will fall within the scope of the NISUmsuCG for the first time. Due to the liability of managing boards, IT security will become a new priority for many companies.
Ms Saxena, thank you very much for the interview!
You can register now for the Kritis Competence Group meeting on 29 November in Cologne