Security
03.11.2023

3 Questions for Sunita Ute Saxena

Sunita Ute Saxena is responsible for Public Safety, Governance and Critical Infrastructure at Deutsche Telekom Security GmbH. On 29 November, she will be speaking at the KRITIS Competence Group meeting in Cologne regarding the KRITIS Umbrella Act and the status of NIS2 transposition in Germany. She covers three questions about what this will entail:

Ms Saxena, industry-specific security standards (B3S) concretise the requirements for critical infrastructures. Is this particularly challenging in the dynamic IT environment?

Yes, the IT environment is a very dynamic field. Initially, for example, Section 8a of the BSI Act in conjunction with the KRITIS Act simply categorised hosting as a critical facility. This was later expanded to include virtual hosting and thus led to an overlap with the EU regulations on cloud infrastructure in accordance with Section 8c of the BSI Act. Furthermore, more and more new scenarios in the field of attacks mean that IT needs to be better protected and controlled, which is reflected in the so-called “intrusion detection” recently introduced by law.

What amendments in the act are resulting in the need to adapt these standards?

The above-mentioned topic of intrusion detection will be included in the next release of the “Datacenter & Hosting” industry standard. In addition, we may have to specify or possibly expand the scope of the industry standard, which previously only applied to data centres, hosting and content delivery networks (CDN). In addition, there are new systems in the NIS2 Implementation and Cybersecurity Strengthening Act (NISUmsuCG), such as managed security service providers, for which there has been no industry standard to date.

What changes do companies need to be prepared for?

The effort required to protect IT security will increase significantly, especially for companies that will fall within the scope of the NISUmsuCG for the first time. Due to the liability of managing boards, IT security will become a new priority for many companies.

Ms Saxena, thank you very much for the interview!

You can register now for the Kritis Competence Group meeting on 29 November in Cologne

3 Questions for Sunita Ute Saxena

You might also be interested in

topDNS at the Nordic Domain Days 2024
Domains

topDNS at the Nordic Domain Days 2024

Meet topDNS, the initiative of the eco – Association of the Internet Industry aimed at combatting online abuse, at the Nordic Domain Days. On 13 and 14 May, registries, registrars, resellers, service providers and investors from the domain industry will gather again in Stockholm.
03.05.2024
Europe’s largest Association of the Internet Industry, eco, Joins Forces with GCA for a Secure Global Internet
Domains

Europe’s largest Association of the Internet Industry, eco, Joins Forces with GCA for a Secure Global Internet

Joining forces for Domain Trust and the protection of the Domain Name System (DNS): eco – Association of the Internet Industry and the Global Cyber Alliance inaugurate wide-ranging cooperation.
02.05.2024
eco Association and CSA: Publication of Legal Opinion on the Compatibility of DMARC with the GDPR 1
E-Mail

eco Association and CSA: Publication of Legal Opinion on the Compatibility of DMARC with the GDPR

In times of phishing attacks and spam, protecting email communication is more important than ever. DMARC reports are sent to domain owners as a detailed feedback mechanism that provides valuable information on how emails are handled by the various email providers. In our legal opinion on the compatibility of DMARC with the GDPR, we provide practical tips for the legally compliant implementation of DMARC.
29.04.2024