IT-SiG 2.0: IT Security Act 2.0 comes into force!

1 May 2023
| No comments
IT-SiG 2.0: IT Security Act 2.0 comes into force!

Share post

Now the time has come: the IT Security Act 2.0 will come into full effect on May 1st. This means that the transition period for the obligation to provide proof of attack detection for critical infrastructure KRITIS has expired. The law has been in force for 2 years, but only now in a tightened form. Now the suppliers of KRITIS also have an obligation and may still not know it. Information from RADAR Cyber ​​Security, Sophos, Rhebo.

Even a few days before the end of the transition period, there is still some ambiguity about what the IT Security Act 2.0 means in detail: Which requirements need to be implemented, which technologies are necessary, which measures have to be proven and who needs to feel addressed at all?

Who is meant?

The IT Security Act 2.0 has been in force for two years, the transition period for the obligation to provide evidence of attack detection ends on May 1st. This regulation thus reaches a new dimension. Firstly, the second version of the IT Security Act (IT-SiG for short) tightens the requirements considerably. Secondly, it significantly expands the group of facilities that are part of the critical infrastructure: The regulation applies not only to KRITIS operators themselves, but also to their suppliers. Thirdly, this now also includes companies of "particular public interest": Among other things, armaments manufacturers or companies with "particular economic importance" must implement certain IT security measures. Fourth, the state and regulatory authorities are given more powers: For example, the BSI can itself classify companies as KRITIS.

What is required?

In concrete terms, this means: KRITIS operators must have implemented systems and processes for attack detection by the deadline of May 1, 2023 at the latest, which are now explicitly part of the technical and organizational security precautions. These include, for example, a "Security Information and Event Management" (SIEM) or a "Security Operations Center" (SOC): With the defense center, also known as the "Cyber ​​Defense Center" (CDC), KRITIS operators can create a consistent security concept for their IT and implement OT infrastructure. Here technologies and processes are combined with the know-how of the experts who are responsible for monitoring, analyzing and maintaining the information security of a company.

In addition, the companies of particular public interest addressed are obliged to regularly submit a self-declaration: They must explain which IT security certifications have been carried out in the past two years and how they have secured their IT systems.

Legislative initiatives such as the IT Security Act 2.0 show that politicians have recognized the urgency of the task of resilience in today's digital age. Companies have a lot to do, even after May 1, 2023, according to Lothar Hänsler, Operations Officer of RADAR Cyber ​​Security.

More on the topic of Sophos and Rhebo

IT Security Act 2.0: Implementation aid for KRITIS organizations

IT Security Act 2.0: Implementation assistance for KRITIS organizations

IT Security Act 2.0: Operators of critical infrastructures (KRITIS) are legally obliged to take “reasonable organizational and technical precautions” to prevent cyber attacks. With the passing of the "IT Security Act 2.0" (ITSiG 2.0) in spring 2021, these obligations were tightened again.

From May 2023, the operators of critical infrastructures must implement these and, above all, have “attack detection systems” available. Sophos, as an APT response service provider (Advanced Persistent Threat) officially qualified by the BSI, has therefore created a solution brief for KRITIS that helps companies and organizations to adapt their security measures in good time in accordance with the new requirements. 144 million new malicious programs…

READ MORE

 

ITSiG 2.0: System for attack detection becomes mandatory for KRITIS - critical infrastructure

ITSiG 2.0: System for attack detection becomes mandatory for KRITIS

On April 23, 2021, the Bundestag passed the revised IT Security Act (ITSiG 2.0). ITSiG 2.0, the system for detecting attacks, is mandatory for KRITIS. Critical infrastructures have to set up a holistic system for attack detection within two years.

The supply chain becomes part of the IT Security Act. On April 23, 2021, the Bundestag passed the revised IT Security Act (ITSiG 2.0). In addition to extended powers for the Federal Office for Information Security (BSI), cyber security requirements are being tightened. Critical infrastructures such as energy suppliers and water suppliers and now also waste disposal companies and large companies with economic importance will be affected with the amendment…

READ MORE

 

More related articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

PR News
, , , , ,