Cybersecurity in municipal administrations

Internationally known Prof. Dr. Dennis-Kenji Kipker, co-founder of the cyberintelligence.institute and sought-after consultant, analyzes why cybersecurity for Germany is so complicated, and sheds light on the cybersecurity challenges in municipal authorities. The podcast was recorded a few weeks before the final transition of the NIS2 directive into German law.

Duration:

24 min

Guest in this episode:

Prof. Dr. Dennis-Kenji Kipker

co-founder cyberintelligence.institute

Transcript

Keywords

IT Security law, IT security regulation, resilience, hybrid threats, municipal administration, NIS2

‍

Summary

Internationally known Prof. Dr. Dennis-Kenji Kipker, co-founder of the Cyber Intelligence Institute and sought-after consultant, analyzes why cybersecurity for Germany is so complicated, and sheds light on the cybersecurity challenges in municipal authorities.

The podcast was recorded a few weeks before the final transition of the NIS2 directive into German law.

‍

Takeaways

Municipal entities, especially data centers, in Germany are very vulnerable.

The Federal Government of Germany allows too many exemptions and special provisions in its IT security regulations.

Some entities, which should be deemed critical, don’t even have to comply to minimum standards.

Municipal cybersecurity is a case for ensuring basic rights of the citizens and public welfare.

A strategy isn’t worth its paper if it’s not implemented.

Germany has a problem with diffusion of responsibility involving 77 actors. This complexity must be reduced.

The position of the Federal CISO needs a clear definition of scope, tasks, rights and responsibilities.

Just as in companies, responsibilities on municipal level must be clearly defined and supported by budget and staff.

Municipalities must start learning the basics of cybersecurity and must get an understanding for its relevance.

The fear of presumable complexity can be dissolved by prioritizing the tasks at hand.

Municipal administration should use the existing chances of further training and education.

‍

Sound Bites

The federal government is struggling with really investing in cybersecurity.

The German cybersecurity architecture is a hidden object picture of responsibility diffusion.

The main problems are a lack of leadership, insufficient coordination, and a lack of centralized strategy and implementation.

Employees in municipal administration must realize that multi-factor authorization is not about the 30 seconds they need more for logging in but about them being in a critical supply function for the public.

A committee itself doesn’t make us cyber secure.

‍

Chapters

00:00 Introduction

01:30 Report of the Federal Audit Office on the cybersecurity of municipal administrations

05:19 The German problem of diffusion of responsibility

06:31 The many exemptions and special provisions in the German NIS2 transition law

09:22 Finding consensus in a federal structure

13:28 From business cybersecurity to municipal cybersecurity

18:00 Building cybersecurity in municipal administrations

22:37 The role of the actors the like Cyber Intelligence Institute

23:55 Fare-Well