Springe zum Inhalt
Schlüsseldienst für Mülheim

Schlüsseldienst für Mülheim

Fairer und schneller Service

  • Startseite
  • Blog
  • Impressum und Datenschutz

Kritis Ordinance 2.0: What Will Change For Operators?

März 9, 2022
Von In Uncategorized

Kritis Ordinance 2.0: What Will Change For Operators?

The Kritis regulation 2.0 sees an expansion of the affected sectors, stricter requirements for the operators and an even stronger role for the Federal Office for Information Security (BSI). The amendment means considerable additional work for old and new Kritis operators.

As always, the aim of the BSI is to protect the country’s critical structures against the growing threat from cyberspace. passesaway is to be achieved, among other things, by adjusting the threshold values, which many previously non-critical systems 2021 to Kritis operators. The energy, transport, information technology and telecommunications sectors, as well as finance and insurance, are particularly badly affected. The number of existing 1.600 According to current estimates, Kritis operator grows by further due to the change in the law .

Critical Regulation 2.0 defines new sectors

The BSI does not stop at adjusting the threshold values for the previous Kritis operators, but incorporates two further sectors: municipal waste disposal and the so-called „companies of particular public interest“ (UBI/UNBÖFI). In addition to the armaments industry, the latter also includes companies that process hazardous substances and are subject to the Major Accidents Ordinance. In addition, those companies in which disruptions (e.g. due to a passaway interruption in the supply chain) would have an impact on society as a whole also count from 2021 to the critical infrastructures.

While the exact definition of the threshold values ​​for the municipal waste disposal sector is still pending, the UBI/UNBÖFI are currently considered „Kritis Light“. This means that operators depending on the group from 2021, 2023 and 2024 are obliged to identify themselves at the BSI, to submit a self-declaration on IT security and to report faults immediately.

Stricter requirements and more obligations for operators

Kritis 2.0 establishes a new reporting obligation for so-called „critical components“, likewise software and hardware products, the failure of which would have a significant impact on a system. In the future, critical components may only be used with a guarantee of trustworthiness from the manufacturer.

The amendment now explicitly supplements the specification of “appropriate security” with the use of systems for attack detection. In this way, threats are to be detected during operation with the help of appropriate software solutions and eliminated in good time (Security Information & Event Management, SIEM for short).

The stricter requirements come with stronger sanctions. Kritis operators who do not comply with their obligation to provide information, do not report faults immediately, or do not implement the prescribed measures to protect their infrastructure, have had to

since January 1 with fines of up to 20 Calculate millions of euros.

BSI gains more powers

The updated Kritis regulation has not gone unchallenged. In particular, the passaway expansion of the BSI’s competencies caused resentment among the operators of the affected systems. As the central reporting point for security in information technology, the BSI will in future not only be able to collect and evaluate extensive data on incidents and attacks, but also to insist on the release of documents and the disclosure of sensitive information.

In addition, the Kritis Ordinance 2.0 makes the BSI the national authority for cyber security certification. From now on, the Ministry has the right (and the obligation) to check IT products for compliance with European standards, taking into account all supply chains, and to certify them accordingly or to prohibit their use.

How operators protect themselves

Despite all the dissatisfaction with the strict requirements: Kritis 2.0 is the federal government’s necessary answer to the growing Cybercrime threat and attacks on critical infrastructure elements. For operators, the amendment has also made it clear that more new regulations are to be expected in the future. In addition, it cannot be ruled out that more and more systems will fall under critical infrastructure in the future as a result of a renewed adjustment of the threshold values.

In order to be able to meet the strict requirements of the BSI, automated solutions will play an even more important role in the future. With SIEM solutions, supply chain controls and extensive reporting and information obligations, the new obligations provide for security precautions at a significantly higher level than before. For Kritis operators, in many cases, passesaway means additional personnel expenditure that can only be compensated for with the help of automated solutions for basic IT protection.

Identity and rights management as basic protection

Automated solutions that lay a stable foundation for the IT security of critical infrastructures are often used for identity – and rights management. With the help of identity and access management, also known as IAM, Kritis operators can manage many of the threats and vulnerabilities defined by the BSI (such as data misuse by employees or unauthorized access) without great human effort.

IAM solutions like Tenfold serve as a central platform for managing users and access rights. They reduce both the manual effort and the error rate enormously, since both the assignment and the withdrawal of authorizations are role-based and therefore automatic. Automated documentation also makes it possible to trace at any time which employees had access to sensitive data and when.

The complete protection of the identities also gives Kritis operators a decisive advantage with regard to the new regulation, as it facilitates the implementation of security concepts and software applications based on these identities. Following the amendment, the BSI is currently developing specific recommendations for the security of procedures for implementing IAM solutions.

24752Source.

Source

NachrichtenJetRead MoreSicherheit, 2.0, change, for, kritis, Nachrichten, operators?, ordinance, what, will?

change kritis operators? ordinance
Verfasst von:

Alle Beiträge anzeigen

Schreibe einen Kommentar Antworten abbrechen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Search

Recent Posts

  • [Untersuchung] Welcher Polnische Europaabgeordnete Ging Aka Qua Freier Arbeitskraft Hinaus Aserbaidschan-Studienfahrt
  • [Meinung] Mission Von Seiten Wales An Alte Welt: „Unsereiner Eintrudeln Wiederholt“
  • [Interview] Durchsichtigkeit-Aktivist Verspricht Beule Vonseiten EU-Akten
  • Die EU übergibt Zuvor Dem Migrationsgipfel Boote Welcher Libyschen Küstenwache
  • [Feature] Fußballteam Selbstmorde Pro Tag – Spaniens Keinesfalls Allesamt So Beschaulichkeit weltweite Seuche

Archives

  • Februar 2023
  • Januar 2023
  • Dezember 2022
  • November 2022
  • Oktober 2022
  • September 2022
  • August 2022
  • Juli 2022
  • Juni 2022
  • Mai 2022
  • April 2022
  • März 2022
  • Februar 2022
  • Januar 2022
  • Dezember 2021
  • November 2021
  • Oktober 2021

bundesrepublik dasjenige ddorf-aktuell dessen dieser dänemark: düsseldorf einander erklÄrt: französische förderation gegenseitig grande hauptstadt hinaus internetzeitung italien jener kamp-lintfort krauts königreich moers: nation neuesten neukirchen-vluyn: newspaper ostmark republik russische schweden seiten seitens spanien statt stelle tages: ukraine unter vonseiten welche welcher welches woche [meinung] [ticker]

Logo  

Schlüsseldienst Kontaktdaten

Standort
@Mail
+99 999 999 99

Recent Posts

  • [Untersuchung] Welcher Polnische Europaabgeordnete Ging Aka Qua Freier Arbeitskraft Hinaus Aserbaidschan-Studienfahrt
  • [Meinung] Mission Von Seiten Wales An Alte Welt: „Unsereiner Eintrudeln Wiederholt“
  • [Interview] Durchsichtigkeit-Aktivist Verspricht Beule Vonseiten EU-Akten
  • Die EU übergibt Zuvor Dem Migrationsgipfel Boote Welcher Libyschen Küstenwache
  • [Feature] Fußballteam Selbstmorde Pro Tag – Spaniens Keinesfalls Allesamt So Beschaulichkeit weltweite Seuche

Categories

  • Uncategorized

Stolz präsentiert von WordPress | Theme: BusiCare Dark von SpiceThemes

Generated by Feedzy
Cookie-Zustimmung verwalten
Um dir ein optimales Erlebnis zu bieten, verwenden wir Technologien wie Cookies, um Geräteinformationen zu speichern und/oder darauf zuzugreifen. Wenn du diesen Technologien zustimmst, können wir Daten wie das Surfverhalten oder eindeutige IDs auf dieser Website verarbeiten. Wenn du deine Zustimmung nicht erteilst oder zurückziehst, können bestimmte Merkmale und Funktionen beeinträchtigt werden.
Funktional Immer aktiv
Die technische Speicherung oder der Zugang ist unbedingt erforderlich für den rechtmäßigen Zweck, die Nutzung eines bestimmten Dienstes zu ermöglichen, der vom Teilnehmer oder Nutzer ausdrücklich gewünscht wird, oder für den alleinigen Zweck, die Übertragung einer Nachricht über ein elektronisches Kommunikationsnetz durchzuführen.
Vorlieben
Die technische Speicherung oder der Zugriff ist für den rechtmäßigen Zweck der Speicherung von Präferenzen erforderlich, die nicht vom Abonnenten oder Benutzer angefordert wurden.
Statistiken
Die technische Speicherung oder der Zugriff, der ausschließlich zu statistischen Zwecken erfolgt. Die technische Speicherung oder der Zugriff, der ausschließlich zu anonymen statistischen Zwecken verwendet wird. Ohne eine Vorladung, die freiwillige Zustimmung deines Internetdienstanbieters oder zusätzliche Aufzeichnungen von Dritten können die zu diesem Zweck gespeicherten oder abgerufenen Informationen allein in der Regel nicht dazu verwendet werden, dich zu identifizieren.
Marketing
Die technische Speicherung oder der Zugriff ist erforderlich, um Nutzerprofile zu erstellen, um Werbung zu versenden oder um den Nutzer auf einer Website oder über mehrere Websites hinweg zu ähnlichen Marketingzwecken zu verfolgen.
Optionen verwalten Dienste verwalten Anbieter verwalten Lese mehr über diese Zwecke
Einstellungen ansehen
{title} {title} {title}