Germany Bolsters Cybersecurity: New Rules for Healthcare Facilities, NIS-2 Deadline Looms
Germany is bolstering its cybersecurity measures. The Bundesrat has proposed new rules for critical healthcare facilities, following a significant disruption at Berlin's airport due to a cyber-attack. The NIS-2 directive's implementation is overdue, with Germany facing EU infringement procedures.
Hesse's Interior Minister, Roman Poseck, revealed that a cyber-attack on a service provider caused substantial disruptions at Berlin's airport. This incident underscored vulnerabilities in Germany's infrastructure. To address these concerns, the Bundesrat proposed improvements to obligations for important healthcare facilities regarding cybersecurity.
The NIS-2 directive, set to be implemented by 17 October 2024, will affect around 29,500 companies in sectors like energy, health, transport, and digital services. Affected companies must report cyber-attacks within 24 hours, provide an interim report after 72 hours, and submit a final report within a month. They are also required to establish protective measures such as risk analyses, emergency plans, and encryption solutions.
The Federal Office for Information Security (BSI) will gain more supervisory powers and can impose fines for serious violations. The Federal Network Agency, 'Bundesnetzagentur', will also have additional surveillance authority and the power to enforce these stricter regulations. The number of ransomware attacks, where attackers encrypt data or systems to extort companies, has increased, with a rise in suspected state actor-driven attacks.
Germany's new cybersecurity measures aim to protect critical infrastructure and improve response times to attacks. The NIS-2 directive's implementation is crucial for enhancing the country's cyber resilience. With the deadline looming and EU infringement procedures underway, Germany is working to strengthen its cybersecurity posture.
