Marina Krotofil and Stephan Gerling, the Industrial Cibersecurity Center Coordinators in Germany (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.

They describe the level of sensitivity of industrial organizations in their country according to the following percentages:

They also affirm that the trend of recent years has slightly grown.

Germany counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

• Federal Office for Information Security (BSI - Bundesamt für Sicherheit in der Informationstechnik)
• Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (Bitkom)
• UP KRITIS (BBK - Bundesamt für Bevölkerungsschutz und Katastrophenhilfe)
• Federal Ministry of the Interior

Among the main national laws and regulations affecting in this context in Germany, Marina and Stephan mentions:

• IT-Sicherheitsgesetz

As industrial cybersecurity measures widely adopted by German organizations to protect industrial automation systems, Marina Krotofil and Stephan Gerling highlights the application of:

• Industrial cybersecurity consulting / advisory
• Implementation of safety management systems
• Internal security audits
• Network design and architectures
• Conventional firewalls
• Backups
• Whitelisting
• Antivirus

The CCI Coordinators in Germany characterizes the industrial cybersecurity situation in their country with the following SWOT analysis: