Germany

Industrial Cybersecurity in Germany

Team

Stephan Gerling is Senior Compliance Manager, who works in the oil and gas industry more than 20 years now. A strong technical and electronical education in several roles is his background. He joined the German Army for more than 6 years as Navigation electronical expert for Helicopters. During this military time, he was in several […]

Marina Krotofil

Marina Krotofil is Senior Automation Security Engineer with the industry. For the past decade she has been focusing on advanced methods for securing Industrial Control Systems. Marina has discovered several novel attack vectors on cyber-physical systems and proposed security approaches from process control engineering discipilne. She specializes on incident response, forensic investigations, ICS malware analysis […]

Maite Carli García

Maite Carli is Communication Manager and General European Coordinator at the Industrial Cybersecurity Center. Specialized in administration of networks and communications, industrial critical infrastructures, industry 4.0, data analysis technologies in the Health sector and industrial cybersecurity, having done several advanced courses and a master. She has developed her professional career in the United Kingdom for […]

Marina Krotofil and Stephan Gerling, the Industrial Cibersecurity Center Coordinators in Germany (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.

They describe the level of sensitivity of industrial organizations in their country according to the following percentages:

They also affirm that the trend of recent years has slightly grown.

Germany counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik)
Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (Bitkom)
UP KRITIS (BBK - Bundesamt für Bevölkerungsschutz und Katastrophenhilfe)
Federal Ministry of the Interior

Among the main national laws and regulations affecting in this context in Germany, Marina and Stephan mentions:

IT-Sicherheitsgesetz

As industrial cybersecurity measures widely adopted by German organizations to protect industrial automation systems, Marina Krotofil and Stephan Gerling highlights the application of:

Industrial cybersecurity consulting / advisory
Implementation of safety management systems
Internal security audits
Network design and architectures
Conventional firewalls
Backups
Whitelisting
Antivirus

The CCI Coordinators in Germany characterizes the industrial cybersecurity situation in their country with the following SWOT analysis:

Weaknesses

Lack of operational technologies certifications, processes and professionals

Lack of specific industry cybersecurity legislation

Lack of a solutions and services catalogue of industrial cybersecurity

Lack of specific CERTs

Lack of financial investments into security projects

Strengths

Awareness, especially regarding industrial critical infrastructures

Frequent events and forums on industrial cybersecurity

In general, there is an strong awareness of security in critical infrastructures and ICS. The industry is currently conducting active conversations with the government about how to improve ICS security, including which new/additional regulations/laws are needed

Threats

High development of industrial applications without cybersecurity requirements

Slow Legislation

Slow legislation Shortage of local industrial cybersecurity professionals working for manufacturers

Shortage of specific industrial cybersecurity risk management tools/li>

Opportunities

Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

Advantage with the lessons learned from Smart Grid cybersecurity.

Strategic position in the industrial cyber security sector

Activities

XVI International Congress of experiences in Industrial Cybersecurity. Europe

As a fundamental part of its activity, the Industrial Cybersecurity Center (CCI) will hold its XVI Industrial Cybersecurity International Congress in Europe from September 28th to 30th (9:00 to 14:00 CEST), one of the benchmark events for the European market, and a meeting and exchange point of knowledge, experiences and relationships of all the actors […]

Cookie	Duration	Description
_GRECAPTCHA	180d	Cookie used by Google ReCaptcha anti-spam system, necessary to manage the spam filters all along this site.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
pll_language	365d	Cookie for custom language management.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Germany

Internacional

International

Industrial Cybersecurity in Germany

Team

Stephan Gerling

Marina Krotofil

Maite Carli García

Activities

XVI International Congress of experiences in Industrial Cybersecurity. Europe

Patrocinadores del Centro en el País

Bronze

Germany

Internacional

International

Industrial Cybersecurity in Germany

Team

Stephan Gerling

Marina Krotofil

Maite Carli García

Activities

XVI International Congress of experiences in Industrial Cybersecurity. Europe

Patrocinadores del Centro en el País

Bronze

Cookies