According to the most recent data thief, the interior Ministry has drafted steels an internal white paper, available to the ARD-capital Studio . The ideas are to be incorporated in an IT-security law.
By Michael Stempfle, ARD-capital Studio
citizens, state-owned enterprises and the economy to protect – the Federal government wants to be Minister Horst Seehofer with his bill all three requirements. Thus, the Minister of the interior, is more clearly than its predecessor, Thomas de Maizière, who wanted to protect with the first IT security law 2015 first and foremost, companies in the so-called critical infrastructure, for example, banks, transportation or energy companies.
Seehofer plans preventive and repressive measures, and uses a well-known Instrument: the so-called seal of approval. The idea: The Federal office for information security (BSI) for manufacturers of IT products requirements. It is a question of minimum requirements for safety. If the IT-products on the market, you should get BSI seal. The consumer should quickly be able to see whether the products meet minimum standards or not.
seal of quality have pitfalls
CCC expert Linus Neumann problems by means of voluntary guidelines for the manufacturer.
But may sound good with this idea, it has its pitfalls. This has shown the Directive, which already applies for a Router. “It has only lasted about two years until the Directive was created,” said Linus Neumann of the Chaos Computer Club. “And now, the specifications for the manufacturer are not even mandatory, but voluntary.” The manufacturers decide for themselves whether they follow the Directive or not.
The seal of approval from the Ministry of the interior planned to name only requirements. Seal of approval would not been independently reviewed, criticized it. Products that do not bear the seal, then continue on to the market. The Problem: Only if there were uniform EU requirements, could introduce the BSI for the manufacturer. However, so far the EU has not yet.
The Chaos Computer Club also refers to the importance of Updates in this context. There are always new products, new software versions and new vulnerabilities come out on the market. It is crucial in the view of the CCC, that security vulnerabilities are also fixed. The claim of the CCC: the manufacturer should be obliged to make such Updates, and. Devices should be repairable, there should be the possibility to drag the affected product from the market
Repressive
Federal interior Minister Seehofer wants to adapt the criminal law.
In addition, Seehofer is trying to adapt but also the criminal law and exacerbate. Severe cases of computer crimes such as attacks against companies in the critical infrastructure, or on behalf of a “foreign Power” should be defined in the law more clearly and in the context of the investigation procedure, then you better be punished.
In the fight against cyber-crime want to put the experts in the Federal Ministry of the interior, among other things, on an Instrument that is in the United States has long been common practice: The “Acquisition of the digital identity” of the accused. In simplified terms, that means that In the process, investigators take the Online profile of the accused, provided he agrees. Then the investigators will be able to communicate covertly with the contacts of the accused.
The Federal Ministry of the interior pulls in the key issues paper and concrete Lessons from the data theft, from 1. December 2018 peu à peu private data of politicians, journalists and Celebrities were illegally released. One of the problems that arose in the workup of the case: It lasted for many weeks, until the data could be deleted in the network.
in the Future, the Federal government wants to commit the Ministry of the interior Provider to delete data, which derive from criminal offences. Also Provider should be legally obliged to report Cybercrime-suspect cases. Foreign Internet service providers should be committed to the establishment of contact points.
protection of the state
The BSI is to be strengthened.
mainly the Federal office for security in information technology many of the new tasks gets to make the state strong. The BSI is increasingly expected to be a “right authority”, which can engage, for example, administrative offences and impose fines.
The office locations should be “in Danger” and more “rights” – especially compared to all of the companies that belong to the critical infrastructure.