Privacy & Information Security Law Blog

On June 16, 2011, the German Federal Ministry of the Interior officially opened a National Cyber Defense Center as part of the comprehensive cybersecurity strategy that was adopted by the German federal government on February 23, 2011.  The Cyber Defense Center is intended to serve as a common platform for rapid information exchange and better coordination of protective and defensive measures against information technology security incidents.

The Cyber Defense Center was launched in April 2011 under the auspices of the German Federal Office for Information Security (the Bundesamt für Sicherheit in der Informationstechnik or “BSI”) and the direct involvement of the Federal Office for the Protection of the Constitution (the Bundesamt für Verfassungsschutz or “BfV”) and the Federal Office of Civil Protection and Disaster Assistance (the Bundesamt für Bevölkerungsschutz und Katastrophenhilfe or “BBK”).  The three authorities will contribute jointly to the permanent employees on the Center’s staff.  Currently, the German Federal Criminal Police, Federal Police, Customs Criminal Office, Federal Intelligence Service and Federal Armed Forces also participate as associated authorities.

At the heart of Germany’s cybersecurity strategy is the protection of critical infrastructures.  The Federal Ministry of the Interior’s Cyber Security Strategy for Germany defines “critical infrastructures” as “organizations or institutions with major importance for the public good, whose failure or damage would lead to sustainable supply bottlenecks, considerable disturbance of public security or other dramatic consequences.”  The following sectors have been identified as critical: energy, information technology and telecommunication, transport, health, water, food, finance and insurance, state and administration and media and culture.

The Cyber Defense Center’s mission is to evaluate IT security incidents quickly and comprehensively in order to develop recommendations for a coordinated response.  To achieve this goal, organizations will share information about security vulnerabilities in IT products and analyze IT security incidents and attacks.  All of the agencies’ involvement with the Center is based on existing statutory authority.