Hogan Lovells 2024 Election Impact and Congressional Outlook Report
On 8 September 2021, the Federal Cabinet adopted the new strategy for cybersecurity 2021 presented by the Federal Ministry of the Interior, Building and Community (Bundesministerium des Inneren, für Bau und Heimat, BMI). The new strategy for cybersecurity replaces the 2016 German strategy for cybersecurity and describes the fundamental orientation of the Federal Government's cybersecurity policy for the next five years. It is the goal of the new strategy for cybersecurity to enable citizens to continue using digital technologies securely, freely and in a self-determined manner. The aim is to strengthen the digital sovereignty of the state, the economy, science and society, in particular through a high level of cybersecurity, i.e. the "abilities and possibilities of individuals and institutions to exercise their role(s) in the digital world independently, self-determinedly and securely".
In addition to the fields of action, the new strategy for cybersecurity provides for the first time for concrete guidelines, measures and goals by means of which, according to BMI, the challenges and risks of a digitalized world with technologies such as artificial intelligence and networked devices are to be mastered. BMI declares cybersecurity to be a task for society as a whole. The addressees of the new strategy for cybersecurity are in equal measure the state, the economy, science and society.1
The strategy for cybersecurity 2021 will at first retain the four fields of action of the strategy for cybersecurity 2016:
It is new that a total of four guidelines flank the four fields of action of the strategy for cybersecurity, which in turn are for the first time defined by 44 strategic goals. These guidelines are:
The 13 strategic goals of the second field of action are among the most interesting for companies. These include goals such as "Further improve the protection of critical infrastructures"8, "Protecting companies in Germany"9, "Cybersecurity certification"10 and "Promote research and development of resilient, secure IT products, services and systems for the internal EU market".11
The IT security of products plays an important role in this. By increasing the IT security of products and creating products to increase their IT security, the BMI aims for strengthening the following economic sectors and their supply chains: Mobility and automotive industry, energy industry, smart home or IoT and smart cities, industry 4.0, healthcare, finance and the IT security industry with the fields of biometrics, long-term security and quantum technology.12
In order to evaluate the achievement of the defined strategic goals within the fields of action and to make the implementation of the strategy for cybersecurity 2021 continuously traceable and verifiable through operational measures, the new strategy for cybersecurity also includes for the first time specific measurability criteria. Based on these evaluation criteria, the various departments responsible for implementation report to BMI on the progress made in achieving the strategic goals.13
For example, a decline in the number of private individuals affected by cyber attacks or the reach of the BSI's information services for consumers will serve as an indicator of success in implementing the goal of promoting digital skills among all users. The Federal Ministry of the Interior wants to see whether the goal of protecting companies in Germany is being achieved by the concrete demand for support programmes for the IT security of SMEs, by whether the number of users of the BSI's support services is increasing, and by the fact that the "Economic Protection Initiative" is establishing projects for the holistic protection of the value chain against the outflow of know-how and information.14
After BMI had already published a draft of the strategy for cybersecurity in June 2021, the inclusion of "digital sovereignty" as a guideline14 and the planned improvement of cooperation between the state, business and civil society16 were expressly welcomed by interest groups. On the other hand, the planned expansion of German security authorities' access to encrypted communication 17 and a possible weakening of security technologies in favour of state intervention possibilities18 as well as the expansion of surveillance powers at the expense of IT security, especially from the point of view that foreign intelligence services and cyber criminals could exploit security gaps, were criticised.19
Whether and how the strategic goals of the strategy for cybersecurity 2021 can be achieved in the coming years, despite or precisely because of the scope for action granted to the ministries, remains to be seen. In order to ensure an active exchange between government and industry in the meantime, the strategy for cybersecurity 2021 refers, among other things, to initiatives such as the "Initiative IT-Sicherheit in der Wirtschaft" (IT Security Initiative in the Economy) of the Federal Ministry for Economic Affairs and Energy (Bundesministerium für Wirtschaft und Energie, BMWi), the Alliance for Cybersecurity (ACS) or the "Cyber Alliance with Industry" launched by BMI and the Federation of German Industries (Bundesverband der Deutschen Industrie, BDI).20 We will continue to keep you up-to-date on current developments.
On November 4, Hogan Lovells will offer ACS members a webinar on "Standard and Requirements for Networked Consumer Products" (in German). You are a member? In this case, this webinar may be of interest to you. For more information and your option to register, please click here.
Authored by Nicole Böck.