Rainer Knirsch


BSI confirms new standard for critical infrastructures

Since 2016, the federal government of Germany has been regulating the cyber security of critical infrastructures with the IT Security Act. Security experts from more than ten companies have developed a new security standard under the chairmanship of Deutsche Telekom. The BSI confirms today: The new standard "Industry-specific security standard for IT security" (B3S for short) meets the high requirements of the legislator. There is now a new benchmark for the IT security of data centers or server farms.

BSI confirms standard - new benchmark for the IT security of data centers.

BSI confirms standard - new benchmark for the IT security of data centers.

The IT Security Act requires that the security of critical infrastructures must be state of the art. Standard market security measures should ensure a high level of protection for operators such as Deutsche Telekom. Therefore legislators give industry companies the opportunity to jointly describe these measures in a standard. After verification and approval by the German Federal Office for Information Security (BSI) it becomes binding. Every two years operators of a critical infrastructure must prove in the certification process that they meet the standard. 

B3S is based on the previous standards ISO 27001 and ISO 22301, which are already the set of rules for data center security and resilience. The central question is always: What are the consequences of a failure and what must the operator do about it? While the two ISO standards consider risk primarily through economic considerations, B3S goes further and takes far more into account the effects on society after an incident, as required by the safety law. B3S therefore goes beyond existing standards and takes the security of critical infrastructures to a higher level. The new standard also specifies existing security measures in areas such as fire protection, video surveillance, energy supply and access. So far there has been more scope for operators here.

IT companies that are not covered by the IT Security Act due to their size or activities can also implement the new standard. The industry is counting on B3S to continue to ensure greater security in IT as a whole. Further information can be found under the following link (in German).

Frau arbeitet im Serverraum.

Governance Security

Learn how Deutsche Telekom is protecting IT systems and networks and thus our customers and their data.