Skip to main content

Germany Tightens IT Security

Information technology emerged a few decades ago and has been evolving ever since. With its highly complex nature, new challenges have arisen. Critical vulnerabilities and weaknesses in standard IT infrastructures have increased massively, a clear call to action for Germany’s Federal Office for Information Security (BSI).

Introducing a new law

In response to a growing cyber-threat, Germany approved the IT Security Act - the so-called IT-Sicherheitsgesetz - in July 2015, with 2 years time to adapt to the rules and regulations. Seldom has the passage of a law had such current significance!

The internet is an indispensable part of many areas of life. This brings benefits, but also raises legal issues, and those running websites now have to be mindful of this new law.

The IT Security Act introduces the legal obligation of software updates.

The new law comes with an increase in requirements especially for websites. The changes implemented by the IT Security Act aim at making infrastructures safer and providing advantages for users. And if the legislation and regulations are infringed, the person operating the website may be faced with warnings, or even fines.

Why did lawmakers vote it through?

The new law for improving the security of IT systems aims to prevent the takeover of systems by unauthorized entities. It has one prime objective: protecting personal data. Recent cyber-attacks have exposed the vulnerability of key systems and shown the severe implications of such attacks for “operators of critical infrastructures.” For systems to be secure, IT infrastructures have to be up-to-date with the latest technology at all times.

Who does the IT Security Act apply to?

The strict cyber-security law requires that operators of critical infrastructures implement specific security standards and report security incidents or else face penalties.

Who are “operators of critical infrastructures”?

Operators of critical infrastructures provide services of general interest. Most of the obligations deriving from the new law fall with sectors whose facilities are of high importance and whose outage or impairment would cause significant supply shortfalls or even endanger public security.

The relevant sectors include:

  • Energy
  • Water
  • Transportation and traffic
  • Health care

And also:

  • Information technology
  • Telecommunications

Safeguarding information technology has become mandatory, the purpose being to force companies and organizations to protect their systems from cyber-attacks.

What does this mean for website owners?

The takeaway is that with this new law, if you own or run a website, you must ensure that it is running up to date software and is secure at all times or face legal consequences. This means adopting sufficient measures against unauthorized access at both technical and organizational levels.

"Operators of telemedia services, such as website providers, now have to implement reasonable and state-of-the-art security measures to prevent unauthorized access to their IT operations and to ensure that these IT operations are protected against attacks. For the time being, no notification requirements exist."  The German IT Security Law - Fact Sheet

The BSI often finds that outdated and vulnerable software versions are used. One easy, effective and fundamental measure for staying on top of maintenance is updating software regularly and as soon as possible. Providers should keep this in mind at all times to prevent repercussions.

Use supported software at all times

TYPO3 CMS has clearly defined update and support cycles. It is backed both by its developer and service provider communities, as well as a commercial entity, TYPO3 GmbH, which backs the CMS with further special services.

The community supports every Long Term Support (LTS) version for three years after release with security and bug fix releases. A new, stable, major version of TYPO3 CMS is released every 18 months. This means that there are always two stable versions being maintained, currently that’s versions 7 and 8.

Extended Long Term Support for outdated TYPO3 versions

TYPO3 CMS version 6 was officially marked unsupported by the community on March 31st, 2017 when TYPO3 CMS 8 LTS was released. If you’re still running TYPO3 CMS version 6 it doesn’t have to be a problem, though. TYPO3 GmbH offers peace of mind through its Extended Long Term Support (ELTS) program. ELTS is available for the most recent unsupported LTS version. Once TYPO3 CMS 9 LTS is released in October of 2018, ELTS for version 7 will begin and ELTS for version 6 will wind down six months after that on March 31st, 2019.

Unlock and sustain business value by choosing TYPO3 CMS and the option of prolonging your website’s lifespan by opting for TYPO3 GmbH ELTS. This way, you’ll also be establishing legal standards for your business! Get in touch with us if you'd like to know more.