Federal Office for Information Security



The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.

BSI's predecessor was the cryptographic department of Germany's foreign intelligence agency (BND). BSI still designs cryptographic algorithms such as the Libelle cipher and initiated the development of the Gpg4win cryptographic suite.

Similar agencies
The BSI has a similar role as the
 * Computer Security Division (CSD) of Information Technology Laboratory (ITL) of NIST (United States)
 * CESG (United Kingdom)
 * ANSSI (France)
 * National Cybersecurity Institute (INCIBE) (Spain)

Unlike those organizations, BSI is focused on IT security rather than being part of an organisation with a more general IT standards remit. BSI is separate from Germany's signals intelligence, which is part of the military and the foreign intelligence service (BND).

Responsibilities
The BSI's scope of duties is defined by the German Federal Office for Information Security (BSI Act). The aim of the BSI is the promotion of information and cyber security in order to enable and promote the use of secure information and communication technology in government, business and society. For example, the BSI develops practice-oriented minimum standards and target group-specific recommendations for handling IT and Internet security.

The BSI is also responsible for protecting the IT systems of the federal government. This involves defending against cyber attacks and other technical threats against the IT systems and networks of the federal administration. Once a year, the BSI reports on this to the Committee on Internal Affairs of the German Bundestag.

The tasks of the BSI include:
 * Protection of federal networks, detection and defense of attacks on government networks
 * Testing, certification and accreditation of IT products and services
 * Warning of malware or security holes in IT products and services
 * IT security consulting for the federal administration and other target groups
 * Information and raising awareness of the public and the economy on IT and Internet security
 * Development of uniform and binding IT security standards
 * Development of cryptographic systems for the federal IT

The BSI is the central certification body for the security of IT systems in Germany (computer and data security, data protection). Testing and certification is possible with regard to the standards of the IT-Grundschutzhandbuch, the Green Book, ITSEC and the Common Criteria.

The BSI is a national authority in the field of cryptography, which draws up recommendations and technical guidelines for cryptographic procedures and is involved in the development of international cryptographic standards.

IT Baseline Protection Catalog
The IT Baseline Protection Catalog, or IT-Grundschutz, is a collection of enterprise security guidelines established by the office, which serve to identify and combat security-relevant vulnerabilities in IT environments. With introduction and catalogs, the collection comprises more than 4,800 pages and serves companies and authorities as a basis for obtaining certification according to IT-Grundschutz. By obtaining certification, a company demonstrates that it has taken appropriate measures to protect its IT systems against IT security threats.

Nationales Cyber-Abwehrzentrum
Nationales Cyber-Abwehrzentrum (National Cyber Defence Centre), Cyber-AZ is a cooperative institution of German authorities at federal level for the defense of electronic attacks on IT infrastructures of the Federal Republic of Germany and its economy. It was launched on April 1, 2011 and is located at the BSI.

The center is a core element of the Cyber Security Strategy adopted by the German government in 2011. It aims to optimize operational cooperation and coordinate protection and defense measures. This is based on a holistic approach that brings together the various threats in cyberspace: Cyber espionage, cyber spying, cyber terrorism and cyber crime. The goal is a rapid exchange of information, rapid assessments and concrete recommendations for action derived from these.

Alliance for Cyber Security
The Alliance for Cyber Security, or Allianz für Cyber-Sicherheit, is an initiative of the German Federal Office for Information Security (BSI). It was launched 2012 in public–private partnership cooperation with the German Association for Information Technology, Telecommunications and New Media (Bitkom). As a members-only association major players in the field of cyber security in Germany aim to provide up-to-date and valid information on threats in cyberspace and supports the exchange of information, experience and best practices between participants. More than 6,800 institutions as of 2023 belong to the Alliance for Cyber Security, including 180 partner companies and 110 multipliers. Participation is free of charge and can be applied for by any German institution.

UP KRITIS
The UP KRITIS (UP stands for implementation plan) is a public-private cooperation between operators of critical infrastructures (KRITIS), their various associations and the responsible governmental agencies such as the BSI. It addresses eight of the nine critical infrastructure sectors. The sector "state and administration" is covered by the UP BUND and activities on state and municipal level. The goal of the UP KRITIS cooperation is to maintain the supply of critical infrastructure services in Germany. All organizations based in Germany that operate critical infrastructures in Germany, national professional and industry associations from the KRITIS sectors and the responsible authorities can participate in UP KRITIS upon application.

BSI for citizens
The tasks of the BSI include informing and sensitizing citizens to the safe use of information technology, mobile communication media and the Internet. The BSI therefore offers online content specially tailored to the needs of citizens (BSI für Bürger). The website covers topics and information on IT and Internet security in a way that is understandable even for technical laypersons. In addition to providing information, the BSI also offers specific and actionable recommendations, for example on topics such as e-mail encryption, smartphone security, online banking, cloud computing or social networks. Private users can also contact the BSI by phone or e-mail with their questions on IT and Internet security issues. In addition, the BSI offers a free warning and information service called "Bürger-CERT", which informs citizens and small businesses quickly and competently about weaknesses, security gaps and other risks and provides practical guidance.

Leadership

 * 1991–1992: Otto Leiberich
 * 1993–2003: Dirk Henze
 * 2003–2009: Udo Helmbrecht
 * 2009–2015: Michael Hange
 * 2016–2022: Arne Schönbohm
 * 2023–present: Claudia Plattner