IT protection for critical infrastructures
BSI certifies first KRITIS security standard
The German Federal Office for Information Security (BSI) has certified the suitability of the first industry-specific IT security standard. It concerns the nationwide protection of critical infrastructures.
In Germany, the IT Security Act was comprehensively expanded in summer 2015 with a view to such cases. Among other things, it now stipulates that operators of critical infrastructure (KRITIS) must provide the BSI with proof of compliance with state-of-the-art IT security every two years.
Water sector as a pioneer in IT security
In order to derive concrete and appropriate measures for the respective industry from this general requirement of the legislator, the KRITIS operators and their associations develop industry-specific security standards, the suitability of which must be determined by the BSI before publication.
BSI President Arne Schönbohm: "The sector-specific security standard for water/wastewater is the basis for more cyber security in this vital supply sector for the state, economy and society."
© Federal Office for Information SecurityThe review of a developed security standard by a federal authority is a first for the regulatory associations, said Otto Schaaf, President of the German Association for Water, Wastewater and Waste (DWA), during the publication of the KRITIS security standard for the water sector. It is the first and so far only sector-specific KRITIS security standard in Germany whose suitability has been determined by the BSI. It contains framework requirements for IT security that take into account the actual conditions in drinking water supply and wastewater disposal, a concrete procedure for risk analysis and a collection of possible security measures to reduce the identified risks.
According to the BSI, two industry standards for information and communication technology (data center & hosting and internet infrastructure), one standard for the food industry and one for the finance and insurance sector are currently being reviewed or created.
Cyber attack also penetrates Chernobyl exclusion zone
According to a Bitkom study, every second company has been the victim of a cyber attack in the last two years. The recent attacks by WannaCry and NotPetya made it clear just how much damage this can cause. But malware is not only a threat to a company's turnover and reputation. NotPetya first appeared in Russia and Ukraine and was soon discovered on computers at the damaged Chernobyl nuclear power plant, as reported by Heise magazine. Due to the computer failure, radioactivity had to be checked manually, as the magazine further reported, citing the exclusion zone administration.
You might also be interested in
Cyber attacks in the 1st half of 2017
Every third attack targets the manufacturing sector
According to Kaspersky, around one in three cyberattacks on computers for industrial control systems in the first half of 2017 targeted companies in the manufacturing sector. Ransomware such as WannaCry played a major role in this.
read more...Hackers prepare for sabotage of power plants
The sabotage of critical infrastructure such as power plants via the internet has been one of the major fear scenarios for years. According to the latest findings of security researchers, hackers are currently trying to collect the necessary...
read more...Siemens and ISA cooperate
In view of the threats to automation technology, the protection concepts for industrial plants must also be adapted. Siemens and the International Society of Automation (ISA) have therefore agreed on global cooperation in the area of cyber security.
read more...WannaCry, Petya - just the tip of the iceberg?
According to a report by Trend Micro, the number of ransomware families detected in 2016 rose dramatically by around 750% compared to the previous year. Industrial control systems could also increasingly become the focus of blackmailers, according...
read more...BSI warns of cyber attacks on smartphones and laptops
The German Federal Office for Information Security (BSI) discovers an average of three critical vulnerabilities in the most widely used software products every day. This also increases the risk of cyber attacks.
read more...Secure data at international level
The 'Industrial Data Space' is an important cornerstone for the digital economy - a virtual data space for the secure and standardized exchange of data. The initiative is now entering its second phase. The goal: international standardization.
read more...Review of the 'Forum Safety & Security 2017'
The topics covered at the WEKA trade media's 'Safety & Security Forum', which took place in Munich from July 4 to 6, 2017, ranged from product safety to protecting the entire production process. Conclusion: Safety in a company is a process that...
read more...Beverage industry neglects cyber security
How well protected is the beverage industry in the DACH region against cyber attacks? Copa-Data surveyed 228 companies from the industry on this topic - with some worrying results.
read more...Petya could be aimed at destroying data
Communication between victims and cybercriminals takes place via an ordinary email service, and unlocking the data is extremely complicated - according to Bitdefender, these are signs that the people behind Petya are not interested in extortion...
read more...