CEBIT 2015
CEBIT 2015: Chinese-German Cyber Security Standards
China and Germany have expressed their cooperation in regard to data security at the start of the IT trade fair, CeBIT, with China as its partner country this year.
While international rules on data security and the protection of intellectual property for all countries are common sense, different views on Cyber Security (e.g. Security Controls, Security Standards and Industrial Policy) are still a challenge for Germany China Policies. While Germanyaims to protect critical infrastructures and citizens’ data privacy, China’s approach is also to control all information on networks and beyond.
Relevant Standards and Initiatives:
- For the European Union the Digital Agenda sees Internet trust and security as vital to a vibrant digital society, and sets out actions to improve cyber security readiness. These include the establishment of a well-functioning network of CERTs (Computer Emergency Response Teams) at national level covering all of Europe; the organization of cyber-incidents simulations and the support to EU-wide cyber security preparedness. Moreover, the policy on Critical Information Infrastructure Protection (CIIP) aims to strengthen the security and resilience of vital ICT infrastructure by stimulating and supporting the development of a high level of preparedness, security and resilience capabilities, both at national and at EU level.
- Germany’s Federal Government on 17 December 2014 approved draft legislation to improve the security of information technology systems, the IT Security Act, proposed by Federal Minister of the Interior. This is one of the first concrete steps in implementing the Federal Government’s Digital Agenda as describes above.
Cyber security threats have a global impact and could stop vital services and critical infrastructures within hours remotely. Global initiatives regarding data security have been started, but China-Germany Policies for secure digital cooperation are not yet in place and the aims of digital agendas are partly divergent. As a result, each CEO is still responsible for managing information risks (Availability, Business Continuity, Confidentiality and Integrity) and implementing sufficient controls to protect intellectual property and business continuity. Business requirements to secure restricted data might rarely been met due to ineffective security controls. Only a risk based approach starting with a risk assessment could evaluate effective and efficient mitigating controls.
If you have any questions, please feel free to contact us.
Philipp Rothmann, IT Services Office Gummersbach
P +49 (0)2261 8195 221