German government launches national IT security plan

The German government aims to counter the alarming rise in computer viruses with a national IT security plan that includes the establishment of a computer emergency response center.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

The new plan, unveiled Thursday in Berlin by Interior Minister Otto Schily, comes as Germany and many other industrialized nations struggle to come to grips with attacks on IT systems in both the public and private sectors.

The statistics speak for themselves.

The number of new viruses and worms in the second half of 2004 more than quadrupled from the same period the year before to 7,300 worldwide, according to Schily. The damage from phishing attacks, which aim to steal passwords or credit card numbers, is estimated at around €2.5 billion ($3.1 billion) globally, he said.

"We must deal with threats of a new quality and quantity," Schily said at a news conference. His comments were confirmed by a ministry spokeswoman.

The German government's "National Plan to Protect IT Infrastructures" has three major focuses: early prevention, swift response and security standards. The Federal Office for Security in Information Technology (BSI) will play a key role. It will be responsible for developing and implementing new security standards in the public sector, and publishing guidelines for the private sector.

BSI will also house the computer emergency response center, which will collaborate with providers of IT security services in the private sector. Among the planned tasks of the center: sending e-mail alerts about potential threats and responding to attacks with hotline technical support.

Germany is a country still not fully aware of all the harm associated with viruses, worms, and phishing attacks, despite the growing number of reported incidents in recent months, Schily said.

More than two thirds of Germany's critical infrastructure -- such as energy, telecommunications, and finance -- is owned and operated by companies in the private sector, according to the minister. But the commitment of many of these companies to security is worrying, he said, adding that some wait until they have an acute problem before taking steps to improve their IT security.

Numerous companies and, in particular, consumers still underestimate the need to safeguard their systems, Schily warned.

Germany's national IT security plan -- which Schily called the first of its kind in the European Union -- emphasizes prevention as the best means for organizations, companies and consumers to protect their systems, the minister said, adding that other member states may now be encouraged to follow with a plan of their own.

The German IT security plan is available in German on the ministry's Web site at: http://www.bmi.bund.de/cln_028/nn_122688/Internet/Content/Common/Anlagen/Nachrichten/Pressemitteilungen/2005/08/Nationaler__Plan__Schutz__Informationsinfrastrukturen,templateId=raw,property=publicationFile.pdf/Nationaler_Plan_Schutz_Informationsinfrastrukturen.