German States Prepare Upgraded Cybercrime Infrastructure

Germany’s Federal Office for Online Security (BSI) revealed the signing of a new agreement with the Rhineland-Palatinate Secretary of State that creates the framework for tighter cybersecurity cooperation between agencies. The relationship, they hope, will be the first steps towards a fully functioning state cyber security infrastructure. The agreement, signed in late September but only recently announced, is currently only a formal declaration of intent, but marks a new era in combating internet crime, authority figures jointly announced.

BSI President Arne Schönbohm explained that as a national cyber security agency, they follow the direction of the Federal Government. The Federal Government, in turn, aims to create a sustainable cybercrime defense infrastructure in German states. State Secretary Randolf Stich spoke on more specific issues: ever-evolving cybercriminals, the Wannacry attack that affected computers in more than 150 countries, and darknet crime.

The collaboration will initially focus on three key areas of internet security:

• A closer role in exchanging information with the CERT-Bund and responding to computer emergencies in kind;
• Rhineland-Palatinate’s handling of computer and network security issues alongside the BSI’s Mobile Incident Response Teams (MIRTs);
• Building the framework for a countrywide information security headquarters. While this partnership is with Rhineland-Palatinate, the government believes it will be a springboard from which other states will learn and prepare for attacks on critical infrastructure.

As emphasized by BSI President Arne Schönbohm, the BSI planned to help each state build their own internet crime agency, for lack of an all-inclusive term. He explained that every state should effectively have their own cybersecurity infrastructure that resembled the BSI in operation and scope. Yet, the states will need to develop a self-sufficient agency and network. Together, he explained, the entire country could be strengthened.

Currently, the BSI provides technical assistance to government agencies on request. According to the BSI Act, the BSI also supports the Federal Intelligence Service (BND) in order to prevent cybercrime or investigate threat actors.

State Secretary Randolf Stich explained that much of the threat came from “very well connected criminals” who operate on the darknet. The only way to deal with these types, he added, is to do so in collaboration with Federal, State, and public IT entities. The three sectors need to be networked. And collaborating with BSI, the State Secretary announced, was “an important first step.”

The BSI will not only be providing assistance to state authorities; the Federal agency will be gathering information on local attacks in the state and on sensitive operators of critical infrastructure. According to the State Secretary, this will allow the BSI to provide support to entities in the best way possible, providing accurate advice that may differ from entity to entity.