The Cyber Security Strategy for Germany (2016, EN) is the second national iteration since 2011 in cooperation with federal states and private industry.
It covers 9 of the 15 strategic goals in the ENISA self-assessment classification. These goals are: Cybercrime, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, R&D. It should be noted that education falls more broadly under digital literacy and plays a key role in the overall strategy.
The strategy outlines respective roles across the national cybersecurity ecosystem and internationally, from the federal government and its ministries, the National Cyber Security Council, National Cyber Response Centre, the Federal Office for Information Security (BSI) to initiatives such as Deutschland im Netz (Germany secure on the Internet).
EDUCATION AND TRAINING IN NATIONAL STRATEGY
|Education on Cybersecurity||
The German cyberstrategy defines education in its broadest definition as part of its Action Area 1: Remaining safe and autonomous in a digital environment - Promoting digital literacy among all users.
It underscores the fundamental importance of responsible behaviour in cyberspace and awareness of the opportunities and specific risks when using IT systems as an integral part of digital literacy. Thereby it mandates:
|Research on Cybersecurity||
The Federal Government has the mandate to expand course offerings in cybersecurity by establishing additional university chairs and supporting leading institutions in the field of STEM education, in particular in computer science, for example with regard to big data analyses, industrial software and IT security. In the process, the Federal Government will also support greater cooperation with private industry, for example in the form of foundations and externally funded teaching and research posts.
Advancing IT security research:
The Federal Government is expanding its research framework programme on IT security, Selbstbestimmt und sicher in der digitalen Welt 2015–2020 (Independent and safe in the digital world 2015–2020), closely linking it to other measures of the Cyber Security Strategy. Research on innovative IT security solutions such as Industry 4.0, medical technology and Mobility 4.0. See, for example, the Cybersecurity Training Lab established by Fraunhofer and a select group of universities.
A major measure is further strengthening centres of excellence for IT security research through centres that focus on current research topics, provide estimates and assessments for policymakers and develop concrete solutions. Examples cited in the strategy include:
Moreover, the results of government-funded projects to be applied and marketed in products and processes as quickly as possible. In the area of military applications of IT and cyber security, this is the task of the cyber cluster at the Bundeswehr University in Munich, with its Cyber Defence and Smart Data (CODE) research centre.
The commercial application and further development by businesses and start-ups of innovative ideas in the field of IT security should be an explicit goal of government investment to bring about the greatest possible economic benefit. Active technology scouting can help discover, introduce and further refine the latest technologies. Private venture capital investors can also play an important role in this regard.
|Higher Education Courses on Cybersecurity||
|Partnerships & IT/Cyber Clusters||
Center Digitisation.Bavaria (Zentrum Digitalisierung.Bayern / ZD.B) supporting the digital transformation of Bavarian industries and society with 1361 members from SMEs, research, large companies and other ecosystem players
Cool Silicon - start-ups
InnoZent OWL e.V., technology network for sustainable corporate development through re-search, co-operation and innovation
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|Latest Update & DIsclaimer||
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
|Report a cyber incident to national CERT/CSIRT||
CERT-BUND is the national accredited CERT for Germany. It provides information on risks and threats relating to the use of information technology and seeks out appropriate solutions. This work includes IT security testing and assessment of IT systems, including their development, in co-operation with industry.
CERT NRW (Computer Emergency Response Team Nordrhein-Westfalen) has been commissioned as a focal point for preventive and reactive measures related to security and availability incidents in IT systems by the Interior Ministry of North Rhine-Westphalia. It serves as an information interface between the authorities and institutions of the state administration, the technical expertise of IT.NRW and other German CERTs, in particular the federal and state governments as well as companies.
CERT-RLP depends organizationally to the highest authorities of the Rhineland-Palatinate state administration. Technically, this involves basically the appropriate subset of directly connected to the operated by the LDI nationwide RLP network organizational units.
CERTBw is responsible as the central service in the framework of the Cyber Defence for monitoring, maintaining and restoring the IT security in the Bundeswehr.
Bayern-CERT is primarily aimed at the authorities connected to the Bavarian Authority Network. It includes regular preventive security checks of central components (for example, penetration testing) as well as the advice of the security team and the Commissioner for IT security to the daily tasks of the Bayern-CERT.
Siemens-CERT is the central team for responding to potential security incidents and vulnerabilities related to Siemens products, solutions and services.
S-CERT is the computer emergency response team of the German Sparkassen-Finanzgruppe (Savings Banks Financial Group).
CSIRT-ECB (Computer Security Incident Response Team - European Central Bank)
ComCERT is the Computer Emergency Response Team for Commerzbank network and clients
RUS-CERT (Stuttgart University's Computer Emergency Response Team ) is responsible for the computer and network security in the Stuttgart University's IT infrastructure
KIT-CERT is the Computer Emergency Response Team for Karlsruhe Institute of Technology
DFN-CERT is the Computer Emergency Response Team of the German research network (DFN)
The National Cyber Security Strategy states that “Federal Government will regularly review whether the aims of the Cyber Security Strategy have been achieved under the overall control of the National Cyber Security Council and will adapt the strategies and measures to the given requirements and framework conditions.”
The Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of the Federal Republic of Germany, publishes annual cyber threat reports. The 2016 report stated that Russia and China are the leading sources of cyber attacks on Germany.
|Latest update & disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.