Consultation on the catalogue of security requirements pursuant to section 109(6) Telecommunications Act
New security catalogue with updated requirements for all networks and services
date of issue 2019.10.15
The Bundesnetzagentur has started a consultation on a draft revision of the catalogue of security requirements for operating telecommunications and data processing systems and for processing personal data.
It is essential to protect information and communication systems against threats. The updated security requirements for telecommunications networks and services play an important role in this," said Jochen Homann, Bundesnetzagentur President.
The ongoing development of mobile radio networks means more speed, efficiency and effectiveness in economic and regulatory processes, and more comfort and convenience in the private sector. However, we will only succeed in this if we ensure we have an appropriate risk management from the very beginning, for instance through the use of suitable encryption methods. The updated security catalogue allows us to ensure through the technical specifications that are required of telecommunications networks that a high level of confidentiality, integrity and availability of communication is guaranteed," explained Arne Schönbohm, BSI President.
Joint draft of the revised security requirements
The Bundesnetzagentur has updated the security requirements together with the Federal Office for Information Security (BSI) and the Federal Commissioner for Data Protection and Freedom of Information (BfDI). Security requirements have been specified in particular for the operators of public telecommunications networks with a higher level of risk.
The consultation gives manufacturers, associations of public telecommunications network operators and associations of providers of publicly available telecommunications services the opportunity to comment on the draft. The Bundesnetzagentur published the key points setting out the additional security requirements for telecommunications networks in March this year. A public consultation in this regard was held in Bonn in June.
Specific security requirements
The draft specifically provides for
- critical components to be certified;
- proof of trustworthiness to be obtained from manufacturers and suppliers;
- product integrity to be ensured;
- security monitoring to be introduced;
- only trained and qualified personnel to be employed in security-related areas;
- sufficient redundancy to be available; and
- the avoidance of monocultures.
Security requirements are to be revised periodically
The applicable security requirements are to be revised periodically in agreement with the BSI and the Federal Commissioner for Data Protection and Freedom of Information to meet the latest security situation and state-of-the-art technology. The draft catalogue of security requirements and information on the consultation can be found on the Bundesnetzagentur website under www.bundesnetzagentur.de/sicherheitsanforderungen.
Comments may be submitted until 13 November 2019 to the following email address email@example.com or by post to:
Bundesnetzagentur für Elektrizität, Gas,
Telekommunikation, Post und Eisenbahnen
Referat IS 17
An der Trift 40