display
Berlin (dpa) - The black-red government coalition has defended the planned second IT security law in the Bundestag against criticism from the opposition and business associations.
Federal Interior Minister Horst Seehofer (CSU) said the cyber threat situation in the country was “persistently high”.
The new law is now strengthening the legal framework for cybersecurity.
It is not only about the security of the 5G cellular network, but also about defending against dangers to the economy and the general public through better protection of the critical infrastructure.
In addition, companies that act in the public interest would be better protected.
The "IT-Sic 2.0" provides for a strengthening of the Federal Office for Information Security (BSI).
The office is to be increased in staff and receives far-reaching new competencies.
In future, the BSI can prescribe minimum standards for the protection of IT systems to the federal authorities and monitor compliance with them.
Operators of “critical infrastructures” are obliged to use systems for attack detection.
The law also provides for the introduction of a uniform IT security label for products, which the BSI is to issue.
This also strengthens consumer protection for everyone, said Seehofer.
display
In the legislative process, the industry association Bitkom criticized, among other things, that the BSI may in future grant individual companies technical access and instruction powers.
In the opinion of the association, however, it should not be possible for the BSI to establish the “state of the art”.
Instead, this must be done in close coordination and with the involvement of the industries concerned and according to transparent participation criteria.
The law also includes requirements for critical infrastructures such as the new super-fast 5G cellular network.
Manufacturers of components should therefore issue a declaration of their trustworthiness, the Ministry of the Interior should be able to prohibit their use.
There were long discussions about the regulation, also with a view to the possible involvement of the Chinese provider Huawei.
In the law, however, there is no blanket exclusion of Huawei or other controversial providers such as ZTE.
However, the high hurdles could massively hinder the use of components from China.
In extreme cases, the German network operators - Deutsche Telekom, Vodafone and Telefónica - would have to be forced to remove Huawei components from the network.
display
Critics consider the Chinese technology group Huawei to be a security risk.
They fear espionage or sabotage.
The company has consistently denied such allegations, arguing that there is no evidence to support the allegations.
The digital experts Joana Cotar (AfD) and Anke Domscheit-Berg (Linke) criticized the fact that the civil society organizations only had one day in the legislative process to comment on the draft law.
The chairman of the Digital Agenda Committee, Manuel Höferlin (FDP), called for the introduction of product liability for providers instead of a new BSI label.
Like the left, he pointed out a conflict of interest of the BSI.
The office should close security loopholes, at the same time secret services exploited these loopholes.
Against this background, the BSI must be outsourced from the Ministry of the Interior and transferred to a digital ministry.
The deputy group leader of the Greens, Konstantin von Notz, criticized the BSI being degraded to a kind of substitute secret service.
display
The Federation of German Industries (BDI) stated that for greater cybersecurity, the state and business must rely on more team play.
"The IT Security Act 2.0 is unsuitable for solving current and future challenges in the team game of cybersecurity."
The law obliges companies to implement organizational and technical cybersecurity measures.
"In order for these to work, companies should be given the opportunity to have the trustworthiness of employees who work in areas classified as particularly safety-critical."
© dpa-infocom, dpa: 210128-99-209630 / 2
Draft IT security law