IT Security Act 2.0 comes into force: KRITIS companies must ensure anomaly detection

IT-SiG 2.0 - Extended precautionary obligations for CRITIS operators and companies of special public interest

The IT Security Act 2.0 was approved by the Federal Council. The BSI is thus granted more far-reaching powers, in addition to which extended precautionary duties apply to KRITIS operators and companies of special public interest. The requirements must be implemented within one year. What exactly does this mean for CRITIS organisations?

Measures for the detection of anomalies in systems

In the area of OT security, most investments still flow into network segmentation and firewalls, which deny a view of the plant and thus control over communication. Certainly, these investments in IT security are still necessary, but they are no longer sufficient. Attack detection systems work according to a different principle than conventional security technologies. The key point is an active solution approach that searches for suspicious actions in one's own network and uncovers compromises.

If a network is infected unnoticed, for example via an infected programming computer, the attacker can move further in the network (lateral movement) and manipulate or leak data at will. Even the reloading of malicious code would not be prevented by a firewall, since the connection to the Internet is established from the internal zone. From the point of view of IT security, the BSI has given an important impulse in favour of the operator with the BSI CS 134: The IT Security Act 2.0 deliberately goes a step further here and designates systems for the active search for unknown attack patterns as an obligation for the sectors mentioned.

Implement the requirements of the new IT Security Act immediately with Active Cyber Defense!

Our Active Cyber Defense (ACD) service, a 24/7 threat hunting and incident response service, is one of the services that companies can use to meet the precautionary obligations required by the IT Security Act 2.0.

• ACD: Our service for early attack detection

ACD monitors entire networks and actively searches for unauthorised intruders and suspicious activity. For example, it identifies anomalies such as attackers communicating with a Command & Control Server. Such attacks usually remain undetected for a long time without appropriate detection measures. On average, it takes six months for companies to identify attacks of this kind on their networks. With the ACD service, companies close this critical area in their IT security. Especially the communication with command & control servers of cyber criminals, which attackers use to coordinate attacks, is the focus of our ACD service.

• ACD meets the immediate reporting obligation

In the event of a suspicious action that requires action, the Active Cyber Defense team immediately notifies the client. This allows a direct response to the situation - in the case of an IT disruption caused by cybercrime, a direct report to the BSI is possible. Thus, with secion's ACD service, companies fulfil the legal requirement to implement a system for the early detection of attacks.

• Implement the legal requirements immediately with ACD!

According to IT-SiG 2.0, CRITIS companies must take precautions to defend against cyberattacks within one year by implementing systems for attack detection. With ACD, you and we can meet the requirements in a fraction of the time: the implementation of our Active Cyber Defense Service usually takes 3-7 days, depending on the number of your Internet accesses or company locations.