New game New chance. After many years of Union offensive thinking in the cyber world, which favored a digital counterattack in the event of foreign attacks, the red light of the coalition agreement actually says: “We fundamentally reject hackbacks as a means. cyber defense. You have to rub your eyes and keep looking. The unspeakable is finally off the table, the cyber defensive heart is happy. The Federal Ministry of the Interior (BMI) will probably look rather annoyed.
Manuel Atug is Head of Business Development at HiSolutions AG, specializing in Information Security and Critical Infrastructures. He is also one of the main BSI advisers for KRITIS and § 8a BSIG.
BSI in focus
No kidding, there is indeed a lot of good information in the Coalition Agreement as an expression of will, especially in the area of ​​computer security, which has long been poorly addressed. All government agencies are required to report known security breaches to the Federal Office for Information Security (BSI). This is what real vulnerability management looks like! Without “temporary detention” for exploitation by security authorities and intelligence services.
Even the BSI should become more independent and become more decoupled from the BMI. The details on this will certainly be very exciting. In the meantime, open source, open data and open access have also entered government circles and should be used more intensively to secure digital sovereignty. Is it Christmas again?
Do you already know the free iX-Bulletin? Subscribe now and don’t miss anything every month on the issue date: heise.de/s/NY1E Next issue will be on the cover topic for JanuaryiX: Server with ARM processors.
Love dating
And it’s even better: not just a right to encryption, an effective management of vulnerabilities in order to fill security gaps, and the “Security by Design / Default†specifications are targeted. Even the right to interoperability and portability should be taken into account.
After all, the security community receives a gift that is virtually essential for life because “identifying, reporting and closing security gaps.” [soll] be legally feasible in a responsible process, for example in computer security research. Cases such as the CDUconnect disaster or Modern Solutions Fail, in which the reported security breach was “rewarded” with a criminal complaint against security experts, may therefore be a thing of the past of an aging and failing policy. disappearance.
End the last bottleneck
The “fiber-to-the-home (FTTH) supply and the latest mobile communication standard†could become a reality for everyone in Germany. Finally, let’s hope for true digitization for the whole of Germany, and this “already†in 2021! And finally, a global follow-up report will be drawn up and will lead to an “independent scientific assessment of security laws and their effects on freedom and democracy” by the end of 2023 – another long overdue step.
THW will expand its cyber assistance skills. The concept of the freelance AG KRITIS cyber-aid organization is now at hand, which makes the author personally happy.
Apparently there must be a bit of the hype
Well, there is always something. No one in the coalition could talk about distributed ledger (DLT) technology or insanely unnecessary blockchains, and data retention is also back in the process. The SPD has existed for too long in Union circles. The rest, on the other hand, is impressive.
Will this departure really be one and not, as is so often the case, a breakdown? The coalition will have to prove it with action. The community is watching closely and are there with knowledgeable advice.
This commentary is the iX 1/2022 editorial, which will be released on December 16.
(for)
Disclaimer: This article is generated from the feed and not edited by our team.
