Threats to the German government’s IT infrastructure continue to grow and the current security situation is tense, Thomas de Maizière, the country’s interior minister, has told an IT security conference in Bonn.
But the necessary measures to battle the growing threats, he added, are being hindered by the diverse structure of the government’s information technology.
According to an interior ministry report obtained by Handelsbatt, one of the problems is that the federal government often buys hardware and software from vendors without clear manufacturing and delivery procedures. Another problem is the lack of centralized responsibility for the more than 1,300 data centers and server rooms used by 150 different federal agencies.
After a long debate, the federal ministries have agreed to a set of new measures, which they will soon send to the parliamentary budget committee for approval. The Bundestag, the lower house of parliament, has called on the federal government to streamline and modernize its IT systems with the aim of improving security and lowering costs.
The goal is to approve the new IT security concept by 2016 and implement the overhaul of the government’s massive computer operations by 2022.
Government sources have told Handelsblatt that Germany’s federal IT security is wanting and that targets have not been met
The current fragmentation causes several deficiencies, Mr. de Maizière said. Greater centralized control, he argued, would ensure higher security and provide shorter reaction times in a crisis.
Mr. de Maizière said the Bundestag’s data network was recently the target of a massive hacker attack, adding that the computer systems of numerous government ministries, federal agencies and research centers face constant threats.
“We have daily attacks from all directions,” Johann-Dietrich Wörner, the head of the DLR German Aerospace Center said.
According to the implementation plan for IT security currently under consideration, hardly any agencies or ministries fulfill the necessary requirements.
The BSI Federal Office for Information Technology Security will report on the varying quality of governmental IT security at the end of May.
The plans call for the government’s larger computer data centers to be combined into one new federal data center beginning next year, with data centers of other federal ministries to follow. The only exceptions will be the security authorities, the foreign and defense ministries, as well as the pensions administrator and the Federal Labor Agency. All of these authorities, however, will be subject to additional IT security requirements.
A key task is the construction of a federal data cloud that will allow German government agencies to use standard software. Procurement will also be centralized, however.
The government is also establishing an IT council staffed by deputy ministers, who will coordinate with the chancellery and interior ministry to handle “fundamental IT questions on a politically strategic level,” according to the report. A permanent group of IT representatives will supplement the new body.