Abstract
Current German cybersecurity policy suffers from several gaps that this section examines in more detail. These gaps become apparent in international comparison and contrast with German officials' own claims that Germany’s cybersecurity policy is strategically comprehensive. First, Germany has not devised a clear concept for the goal, scope, and legal framework of "active cyber defence" measures. Second, a major question remains that of the overarching institutional architecture for cybersecurity, including the responsibilities of the individual security authorities in the cyber domain and their differentiation and cooperation. Third, the debate on how the state should deal with IT security vulnerabilities is still in its infancy. Fourth, an implementation concept for the politically undisputed increase in the liability of software manufacturers for vulnerabilities in their products is lacking. Fifth, a national and European industrial policy on cybersecurity, which is widely called for under the banner of “digital sovereignty”, is still largely undefined. Finally, Germany must define and assume a more comprehensive role in international efforts to maintain peace and stability in cyberspace.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The share of the IT security industry of the total ICT industry in Germany is around 10%.
References
Abel W, Schafer B (2009) The German constitutional court on the right in confidentiality and integrity of information technology systems—a case report on BVerfG, NJW 2008, 822. SCRIPT 6(1):106–123
Bundesministerium des Innern (2011) Cyber-Sicherheitsstrategie für Deutschland. Berlin
Bundesministerium des Innern (2016) Cyber-Sicherheitsstrategie für Deutschland. Berlin
Bundesministerium für Wirtschaft und Energie (2014) Der IT-Sicherheitsmarkt in Deutschland. Berlin
Bundesregierung (1999) Bericht der Bundesregierung zu den Auswirkungen der Nutzung kryptografischer Verfahren auf die Arbeit der Strafverfolgungs- und Sicherheitsbehörden (Ziffer 4 der Eckpunkte der deutschen Kryptopolitik vom 2. Juni 1999) “Verschlüsselungsbericht”
Bundesverfassungsgericht (2008) NJW. p 822
CDU/CSU, SPD (2018) Ein neuer Aufbruch für Europa. Eine neue Dynamik für Deutschland. Ein neuer Zusammenhalt für unser Land. Koalitionsvertrag zwischen CDU/CSU und SPD, vol 19. Legislaturperiode, Berlin
Diekmann G (2015) Digitale Souveränität - Positionsbestimmung und erste Handlungsempfehlungen für Deutschland und Europa. Bitkom, Berlin
ENISA (2014) Europe’s ICT sector—the need for coordinated and responsive EU policies (July 2014) [online]. Available: https://www.enisa.europa.eu/events/enisa-events/enisa-high-level-event-2014-and-ecsm-launch/eu-digital-security-policy Accessed: 20 Jun 2018
European Commission (2017) Title III of the Proposal for a Regulation on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (‘‘Cybersecurity Act’’), 2017-09-13, COM (2017) 477 final
Forschungszentrum Informatik, Accenture GmbH, Bitkom Research GmbH (2017) “Kompetenzen für eine Digitale Souveränität,” Bundesministerium für Wirtschaft und Energie (BMWi)
Gallagher S (2014) Photos of an NSA “upgrade” factory show Cisco router getting implant. Ars Technica (14 May 2014) [Online]. Available: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/. Accessed 31 Mar 2018
Gaycken S (2017) Recommendations for the development of vulnerability equities processes In: DSI industrial and policy recommendations, vol 7
Gerlach C (2015) Sicherheitsanforderungen für Telemediendienste – der neue § 13 Abs. 7 TMG. CR, p 581
Government of the United States (2017) Vulnerabilities equities policy and process for the United States Government
Grigsby A (2017) The end of cyber norms. Survival 59(6):109–122
Hathaway M, Klimburg A (2012) Preliminary considerations: on national cyber security. In: National cyber security framework manual, NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, pp 1–43
Herpig S (2017) Government hacking. Global challenges. Stiftung Neue Verantwortung Impulse, Oct 2017, pp 1–18
Hornung G (2008) Ein neues Grundrecht. Kommentierung zur BVerfG-Entscheidung. CR, p 299
Hornung G (2015) Neue Pflichten für Betreiber kritischer Infrastrukturen: Das IT-Sicherheitsgesetz des Bundes. NJW, p 3334
KPMG (2014) IT-Sicherheit in Deutschland - Handlungsempfehlungen für eine zielorientierte Umsetzung des IT-Sicherheitsgesetztes
Krempl S (2017) Staatstrojaner-Gesetz: Nächster Halt Bundesverfassungsgericht, Heise online (23 June 2017) [Online]. Available https://www.heise.de/newsticker/meldung/Staatstrojaner-Gesetz-Naechster-Halt-Bundesverfassungsgericht-3754891.html. Accessed 31 Mar 2018
Lachow I (2013) Active cyber defense: a framework for policymakers. Center for New American Security Policy Brief (Feb 2013)
Luiijf E, Healey J (2012) Organisational structures & considerations. In: National cyber security framework manual, NATO CCDCOE, Tallinn, pp 108–145
Masters J (2014) What is internet governance? Council on foreign relations (23 Apr 2014) [Online]. Available: https://www.cfr.org/backgrounder/what-internet-governance. Accessed 31 Mar 2018
Organization for Security and Co-operation in Europe (2016) Decision No. 1202—OSCE confidence-building measures to reduce the risks of conflict stemming from the use of information and communication technologies
Potter EH (2002) Cyber-diplomacy: managing foreign policy in the twenty-first century. McGill-Queen’s University Press, Quebec
Reinhold T, Schulze M (2017) Digitale Gegenangriffe. Eine Analyse der technischen und politischen Implikationen von “hack backs”, vol 1. Arbeitspapier der Stiftung Wissenschaft und Politik
Schallbruch M (2017a) IT-Sicherheitsrecht – Schutz kritischer Infrastrukturen und staatlicher IT-Systeme. Zur Entwicklung des IT-Sicherheitsrechts in der 18. Wahlperiode (Teil 1). CR 648–656
Schallbruch M (2017b) IT-Sicherheitsrecht – Schutz digitaler Dienste, Datenschutz und Datensicherheit. Zur Entwicklung des IT-Sicherheitsrechts in der 18. Wahlperiode (Teil 2) CR 799–804
Schallbruch M, Gaycken S, Skierka I (2018) Cybersicherheit 2018–2020: Handlungsvorschläge für CDU/CSU und SPD. DSI Industry & Policy Recommendations (IPR) Series, vol 1
Singelnstein T, Derin B (2017) Das Gesetz zur effektiveren und praxistauglicheren Ausgestaltung des Strafverfahrens NJW, p 2646
Spindler G (2016) IT-Sicherheitsgesetz und zivilrechtliche Haftung. CR 297
Tanriverdi H (2017a) Der gefährliche Wunsch nach digitalen Gegenangriffen (10 Jan 2017) [Online]. Available: http://www.sueddeutsche.de/digital/verfassungsschutz-der-gefaehrliche-wunsch-nach-digitalen-gegenangriffen-1.3327618. Accessed 07 Mar 2018
Tanriverdi H (2017b) Bundesbehörde diskutiert digitale Gegenschläge (21 June 2017) [Online]. Available: http://www.sueddeutsche.de/digital/it-sicherheit-bundesbehoerde-diskutiert-ob-sie-zurueck-hacken-soll-1.3554124. Accessed 07 Mar 2018
United Nations General Assembly (2013) Report of the group of governmental experts on developments in the field of information and telecommunications in the context of international security, A/68/98
United Nations General Assembly (2014) Revised draft resolution on the right to privacy in the digital age
United Nations General Assembly (2015) Report of the group of governmental experts on developments in the field of information and telecommunications in the context of international security, A/70/174
Verizon (2015) 2015 Data breach investigations report
Verizon (2017) 2017 Data breach investigations report, 10th edn
World Summit on the Information Society (2005) Tunis agenda for the information society
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2018 The Author(s)
About this chapter
Cite this chapter
Schallbruch, M., Skierka, I. (2018). Current Priorities and Gaps in German National Cybersecurity, Future Trends. In: Cybersecurity in Germany. SpringerBriefs in Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-319-90014-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-90014-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-90013-1
Online ISBN: 978-3-319-90014-8
eBook Packages: Computer ScienceComputer Science (R0)