Germany’s IT Security Law: Beware the Regulatory Remedy

Germany’s IT Security Law: Beware the Regulatory Remedy

In 2015, the upper house of the German parliament approved the IT Sicherheitsgesetz or IT Security Law. The act obliged more than 2,000 designated “operators of critical infrastructure” to implement a range of new information security standards within a two year period or face government sanctions. Time is almost up for those organisations in the crosshairs, but will legislation be the cure-all for ICS cyber security woes? We spoke with Roger Cumming, the former Deputy Director for CPNI and a veteran of the industrial control systems landscape, to find out what he thought about the German initiative and why legislation should be treated with caution rather than a panacea. 


Please note: That all fields marked with an asterisk (*) are required.