Germany Country Report - Enisa - Europa
Germany Country Report - Enisa - Europa
Germany Country Report - Enisa - Europa
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Germany</strong> <strong>Country</strong> <strong>Report</strong><br />
NIS national strategy, regulatory framework and key<br />
policy measures<br />
Overview of the NIS national strategy<br />
The German National Strategy for Critical Infrastructure Protection (CIP Strategy) of <strong>Germany</strong> was<br />
published already in June 2009 1 by the Federal Ministry of the Interior - Bundesministerium des<br />
Innern (BMI) and summarizes the objectives as well as the political-strategic approach as it is<br />
already common practice and pursued e.g. by the National Plan for Infrastructure Protection<br />
(NPSI) for the area of ICT.<br />
For the implementation of the National Critical Infrastructure Protection Strategy, an extensive set<br />
of instruments is available in the form of:<br />
� Programmes and plans (e.g. the National Plan for Information Infrastructure Protection<br />
(NPSI) and the related implementation plans as a strategic concept for IT infrastructure<br />
protection);<br />
� Specific recommendations for action, like for instance:<br />
o the national Baseline Protection Concept as a basic guidance to physical critical<br />
infrastructure protection;<br />
o the Risk and Crisis Management Guide for Critical Infrastructure Operators, or<br />
o the national special protection concepts as detailed recommendations for action for<br />
the protection of individual CI sectors and sub-sectors);<br />
� Standards, norms and regulations (e.g. the BSI Information Security Standards as a basic<br />
recommendation for action addressed to critical infrastructure operators.<br />
In <strong>Germany</strong>, critical infrastructure protection is a task to be performed jointly by the government,<br />
companies and/or operators and also by civil society. The guiding principles regarding critical<br />
infrastructure protection are, in particular:<br />
� Trusting co-operation between the state and business and industry at all levels; and<br />
� The requirement for, and suitability and proportionality of, the measures taken and the<br />
use of resources made for increasing the level of protection.<br />
As stated in the CIP Strategy, <strong>Germany</strong> acknowledges that for joint action to be successful,<br />
strategic guidelines are required which describe the basic philosophy, action and practices in all<br />
essential security-policy matters regarding critical infrastructure protection with reference to all<br />
relevant risks.<br />
Early 2011, <strong>Germany</strong> published its new Federal Cyber Security Strategy for <strong>Germany</strong> 2 . With the<br />
new German Cyber Security Strategy, the German Federal Government adapts measures to the<br />
current threats on the basis of the structures established by the CIP implementation plan and the<br />
implementation plan for the federal administration. The Federal Government will specifically focus<br />
on ten strategic areas:<br />
1. Protection of critical information infrastructures: main priority of cyber-security, extends<br />
the cooperation established by the CIP implementation plan;<br />
1 http://www.bmi.bund.de/cae/servlet/contentblob/598732/publicationFile/34423/kritis_englisch.pdf<br />
2 http://www.cio.bund.de/SharedDocs/Publikationen/DE/IT-<br />
Sicherheit/css_engl_download.pdf?__blob=publicationFile<br />
5