Cat­a­logue of IT se­cu­ri­ty re­quire­ments

The Bundesnetzagentur has published a catalogue of security requirements under section 11(1a) of the Energy Act (EnWG). The requirements, drawn up in consultation with the Federal Office for Information Security (BSI), serve to ensure protection against possible threats to telecommunications and electronic data processing systems that are vital for secure network operation.

The IT security requirements aim to ensure the

  • availability of the systems and data to be protected,
  • integrity of the systems and the information processed
  • confidentiality of the information processed

Electricity and gas network operators are required to implement a minimum level of IT security. The core requirement is the establishment of an information security management system (ISMS) with certification to DIN ISO/IEC 27001 by 31 January 2018.

Network operators are required to email the contact details of their IT security coordinator to the Bundesnetzagentur by 30 November 2015 using the following form:

IT security coordinator contact details (German language only)