News

Summary of all statements and requirements of the BSI for secure remote maintenance

"Remote maintenance access is a necessary evil in the automation network, which usually opens up several potential gateways for attackers and malware. It is therefore understandable that operators are looking for suitable standards and best practices that offer a kind of guideline for secure remote maintenance. The German Federal Office for Information Security (BSI) has published a document with requirements for the secure implementation of remote maintenance solutions in the industrial sector for precisely this purpose. The BSI is the central organization for recommending solutions in the field of IT security and has already published several publications on secure remote maintenance access in the past." - www.sichere-industrie.de

The CVE program accepts CERT@VDE into the CVE community.

direct download of the german press release

direct download of the english press release

To german press release on vde.com

To english press release on vde.com

To the press release on cve.mitre.org (external)

A current progress report

"A list of ICT products and services relevant for the implementation of the EU Cybersecurity Act (CSA, Regulation EU 2019/881) is to be defined by June 28 of this year as part of the EU Commission's ongoing Union Rolling Work Programme (URWP) and is eagerly awaited by companies as well as associations and authorities. Nevertheless, the last few months since the CSA came into force on June 27, 2019 have been quiet, at least in terms of public discussion. However, this does not mean that the first structures for implementing the CSA and developing the corresponding certification schemes are not already being created in the background."

The article presents the current developments regarding the implementation of the EU CSA.

You can find this article by our Legal Advisor Dr. Dennis-Kenji Kipker at Springer-Verlag.

The Indo-German discussion paper "Securing the Internet of Things Together" was published at the 7th Annual Meeting of the Indo-German Working Group on Quality Infrastructure in New Delhi on January 16, 2020.

Dr. Dennis-Kenji Kipker:

"The study on the IT security of IoT devices presented in India in January deals with the legal framework, standardization requirements and certification issues that must be applied to secure and networked products in a global comparison."

Critical examination of the common remote maintenance method via a VPN tunnel

"use of VPN (virtual private network) is now one of the most widely used technologies for integrating remote maintainers into the operator network. As with other common remote maintenance solutions, the aim is to give maintenance personnel access to one or more remote target systems. A VPN infrastructure often already exists for normal enterprise operation, e.g. for home offices or mobile employees. At first glance, it seems obvious to use it to map a remote maintenance connection to your system directly. However, it is worth taking a closer look here, as this uncomplicated method is often not the one that offers you optimum IT security.Translated with DeepL.com (free version)." - www.sichere-industrie.de

Article from the trade journal DuD 1/2020

"The Cyber Security Law of the People's Rebulbic of China ("CSL"), which came into force on June 1, 2017, established the legal basis for cyber security and data protection. The purpose of the law is to protect network security, maintain cyberspace and national security, safeguard public interests and protect the legitimate rights and interests of citizens, legal persons and other organizations."

"Coming into effect on 1 June 2017, the Cyber Security Law of the People´s Rebulbic of China (the "CSL") established the legal foundation of cybersecurity and data protection. The purpose of the law is to protect network security, maintain cyberspace and national security, safeguard public interests, and protect the legitimate rights and interests of citizens, legal persons and other organizations."
Source: Aufsatz DuD 1/2020

Mr. Jihong CHEN, Ms. Lu HAND and Dr. Dennis-Kenji Kipker published an article on this topic in the journal Datenschutz und Datensicherheit (DuD) 1/2020. The complete article is available here as PDF.

IT security updates will become an objective legal obligation for consumer products from next year, regardless of the individual contract design

"Within the next two years, two new EU directives will have a significant impact on consumer protection law once they have been transposed into national law. The Directive on certain aspects of contracts for the supply of digital content (DID Directive)1 and the Directive on certain aspects of contracts for the sale of goods (SC Directive)2 aim to make cross-border trade in (digital) goods and digital media easier, more transparent and more secure."

An overview of the upcoming EU Directives DID and WK by our Legal Advisor Dr. Dennis-Kenji Kipker is available here as a PDF

1 Directive (EU) 2019/770 of the European Parliament and of the Council of May 20, 2019 on certain aspects of contracts for the supply of digital content and digital services

2 Directive (EU) 2019/771 of the European Parliament and of the Council of 20 May 2019 on certain aspects of the sale of goods, amending Regulation (EU) 2017/2394 and Directive 2009/22/EC and repealing Directive 1999/44/EC.