Konstantin von Notz, Vice-Chairman of the Greens and Chairman of the Parliamentary Control Committee (PKGr), also complains about significant deficits. “It’s bad for the protection of our digital infrastructures,” he says. In view of the increased threat situation, projects such as a “Kritis umbrella law” would have to be implemented with political priority. The Ministry of the Interior under Minister Nancy Faeser (SPD) is responsible for this.
Norbert Pohlmann, Professor of Information Security at the Westfälische Hochschule Gelsenkirchen and Managing Director of the Institute for Internet Security, is a little more confident: He attests that the operators of critical infrastructures in Germany have “a high level of IT security compared to other European countries”. The reason for this is the comparatively rigid legal requirements in this country. In addition to the requirements of the General Data Protection Regulation, for example, additional protection requirements apply to the operators of critical infrastructure, for example through the IT Security Act, emphasizes Pohlmann, who is also the board member for IT security at the Eco Association of the Internet Industry. With this set of rules, Germany is a role model for other countries in an EU comparison. As the BSI also points out, these requirements include implementing state-of-the-art IT protection measures – and demonstrating this to the supervisory authority every two years.