TYPO3 Blog

Information technology (IT) has become the backbone for commerce today. As reliance on IT grows, the number and severity of cyber-related security incidents have skyrocketed. Though it’s difficult to quantify the impact of such failures, one thing’s for sure: cybercrime is growing much, much faster than anyone anticipated and causing lots of damage across the economic landscape.

A clear call for action! In response to this growing threat, the need for a cyber security framework within and beyond country borders has grown, bringing new rules and regulations forth.

Governments and industries across the world are revamping their IT security laws in response to increased data breaches. And these new regulations on data, cyber and information security will be a game changer.

Hereabouts - that’s in Europe and in Germany - three relevant laws have recently been passed to meet the call for more IT security. More often than not, regulatory frameworks lag behind the latest developments. This means that when legislators finally act, companies and institutions must be fully aware of newly implemented regulations.

3 laws to boost the level of IT security in the EU and in Germany

For the first time, two sets of EU-wide rules and regulations regarding cybersecurity were passed 2016. Moreover, Germany also approved the IT Security Act - the so-called “IT-Sicherheitsgesetz” - in 2015, with 2 years time to adapt to the rules and regulations. Seldom has the passage of three laws had such current significance!

EU: General Data Protection Regulation (GDPR)

  • Approved by the EU Parliament: April 2016

  • Due to come into full effect: May 2018
    This law is directly binding and applicable for all EU member states. Member states have a two-year transition period.

  • Regulates:
    This law is a framework for data protection and an important change in data privacy regulation. The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizen’s data privacy and to reshape the way organizations across the region approach data privacy.
    This regulation will reshape the way companies and institutions, with operations in Europe, engage with data breaches and their clients and users in general. It also addresses the export of personal data outside the EU.

  • Information in German:
    The EU provides most official publications in German too, this one’s called “Datenschutz-Grundverordnung (DSGVO)”. Read more about the new European IT security law.

EU: Directive on security of network and information systems (NIS Directive)

  • Came into effect: August 2016

  • Due to come into full effect: May 2018
    The NIS Directive must be implemented into national laws across the EU by May 9th, 2018 and EU member states have 6 months more to identify operators of essential services.

  • Regulates:
    The directive sets out security requirements and incident notification rules. The Directive on security of network and information systems (NIS Directive) was the first piece of cybersecurity legislation passed by the European Union (EU) and is a key component of the EU’s overall strategy to prevent and respond to the growing number of cyber disruptions and attacks.
    The directive aims at achieving a high common standard of network and information security across all EU member states and creating an overall higher level of cyber security, by forcing companies and organizations to protect their systems and information from cyber-attacks.
    The NIS Directive provides guidelines for two types of entities:
    >>> essential service operators within the energy, transport, banking, financial market infrastructure, health, drinking water, and digital infrastructure sectors.
    >>> key digital service providers (search engines, cloud computing services and online marketplaces) will also have to comply with the security and notification requirements under the NIS Directive.

  • Information in German:
    Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik = BSI) provides detailed information on this new law too. Read more about the so-called “Gesetz zur Umsetzung der NIS-Richtlinie” in German here: new European IT security law.

The NIS Directive significantly affects key digital service providers!

Germany: IT Security Act

  • Took effect: July 2015

  • Came into full effect: June 2017

  • Regulates:
    For details on this law, read this article of ours, published in September 2017.
    In summary, the IT Security Act introduces the legal obligation of software updates!

  • Information in German:
    Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik = BSI) provides information about the new German law here: IT-Sicherheitsgesetz.

Securing information systems is essential to keep the (online) economy running and to ensure prosperity!  

Use up-to-date software and extensions (a.k.a. plugin, add-on or module) at all times

Keeping your operating system and applications up to date is one of the best ways to protect yourself from being hacked. Hackers, malicious programs or viruses all use weaknesses (so-called vulnerabilities) that they exploit to access your computer and your software. Protect yourself by keeping your operating system and applications updated.

TYPO3 CMS has clearly defined update and support cycles

TYPO3 CMS is backed by its community, its service providers, and also by a commercial entity, TYPO3 GmbH, which backs the CMS with further special services.

TYPO3 CMS provides updates for the latest and immediately previous version of their operating system, but not for older versions. This means that there are always two stable versions being maintained, currently that’s Long Term Support (LTS) version 7 and 8. For detailed information check out the TYPO3 roadmap or contact your service provider.

It’s very important that you also regularly download and install updates for extensions (also known as plugins or modules) as they are vulnerable software too.

Extended Long Term Support for outdated TYPO3 versions

TYPO3 CMS version 6 was officially marked unsupported by the community in March 2017, when TYPO3 CMS 8 LTS was released. If you’re still running TYPO3 CMS version 6 it doesn’t have to be a problem, though. TYPO3 GmbH offers peace of mind through its Extended Long Term Support (ELTS) program. ELTS is available for the most recent unsupported LTS version. Once TYPO3 CMS 9 LTS is released in October of 2018, ELTS for version 7 will begin and ELTS for version 6 will wind down six months after that on March 31st, 2019.

Learn more about TYPO3 GmbH Extended Long Term Support

Unlock and sustain business value by choosing TYPO3 CMS and the option of prolonging your website’s lifespan. This way, you’ll also be establishing legal standards for your business!

Mathias Schreiber

About the Author

Mathias Schreiber

CEO TYPO3 GmbH, Düsseldorf, Germany

More posts by Mathias Schreiber

Comments

No comments

Write comment

Feedback