Long-lasting and high-frequency cyber attacks require a rethink of IT security in the municipal sector. At the same time, new requirements must also be compatible with modern working methods such as remote work. But what does a future-proof solution look like and with which security levels and guidelines must it be compatible in Germany?
In October 2023, many local authorities in NRW suddenly stop working Hackers had gain access to the regional IT systems and encrypt data on a large scale. As a result, 72 municipalities were partially completely offline – some are still not fully operational even today. Apart from this IT super-GAU, statistics show IT security incidents in authorities every day. Many of them can be avert. But once the attackers are successful, this means enormous downtime and costs.
From “Public” to “Strictly Confidential” – Classifications for the KRITIS sector
It is clear that IT security in the municipal environment must be further increase. What must not be forgotten, however, is that employees must not be restrict in their daily work. In Yemen Phone Number List order to achieve this, one must first look at how authorities, offices and companies with confidentiality requirements classify their data. This has a direct impact on the level of secrecy required in each case. The following four levels of secrecy are frequently use.
Only by classifying data can appropriate security measures be taken. This ensures that sensitive information can only be view by those people who are authorize to do so and who need this information to perform their duties.
Which official secrecy levels exist in Germany
In Germany, the Security Clearance Act ( SÜG) in paragraph 4, some “General principles for the protection of classified information” that apply to the federal government, its subordinate authorities and also companies that are subject to secrecy. In paragraph 2, they specify four levels of secrecy. These are in ascending order:
VS-For Official Use Only (VS-NfD) if access by unauthorized persons could be detrimental to the interests of the Federal Republic of Germany or one of its states.
>VS-Confidential if access by unauthorize persons could cell phone number listing be detrimental to the interests of the Federal Government or its states.
>Secret if access by unauthorized persons could endanger the security of the Federal Republic of Germany or one of its states or cause serious damage to their interests.
>Top secret if their knowledge by unauthorized persons could endanger the existence or vital interests of the Federal Republic of Germany or one of its states.
VS-NfD is the level of secrecy that is most commonly used at the municipal level. Here, employees in public administration work with confidential citizen information that must be transmitt securely at all times. This applies not only in the authority, but also when the relevant clerk is working from home.
New VS-NfD regulations for remote work
After all, the topic of “remote work” in particular is no longer a borderline case. Flexible working is now the order of the day in authorities and the KRITIS sector in general. However, the necessary security must not suffer under any circumstances. The importance of appropriate protective mechanisms is also shown by Bulk Database the federal government’s resolutions on the Schengen Information System (SIS) from last year. Since March 2023, affected authorities have had to implement the corresponding technical requirements for remote work activities when dealing with VS-NfD and use a BSI-approve solution. For many district offices and other authorities that work with this system to search for people and objects in the Schengen area. This mark the beginning of a conversion of their remote work and IT processes to the new requirements.
Technical requirements for VS-NfD
In order to ensure VS-NfD-compliant work, the IT infrastructure of the respective authorities and companies must meet certain technical requirements. The Federal Ministry for Economic Affairs and Energy (BMWi) has issue precise regulations and requirements for this. Which are set out in a leafletare recorde.
