Information Security

Support with the implementation of the IT security catalogue of the Bundesnetzagentur.

implementation of an IT security management system (ISMS) according to ISO/IEC 27001

The Energy Industry Act of the 7 July 2005, last amended the 31 August 2015, sais in §11 passage 1a:

(1a) The working of a secure power grid includes especially an adequate protection against dangers for telecommunicational and electrical Data processing systems, which are necessary for a secure mains operation. The regulatory authority provides therefore in consultation with the federal office for Security in information technology a catalogue of safety requirements and makes it public. The catalogue of safety requirements also includes arrangements for regular inspections of the implementation of the safety requirements. An adequate protection of the working of a power grid will be on hand if that catalogue of safety requirements is followed and the operator documents this. The compliance can be controlled by the regulatory authority. For this purpose the regulatory authority can decide detailed assignments about the format, plot and design of the documentation according to Sentence 4.

The Bundesnetzagentur has now published these requirements in a document, called „IT-Sicherheitskatalog“ on the 12 August 2015.

The main aspects of the IT security catalogue are:

  • An Information security management system ISMS according to ISO/IEC 27001 has to be established,with the help of which the protection targets are defined, telecommunication and IT systems for network control, that have to be considered are identified, the risks detected and the necessary safety requirements are decided.
    Therefore one can compose  „Leitfaden zur Informationssicherheit von Netzleitsystemen für Energieversorgungsunternehmen basierend auf ISO/IEC 27002“ at the sectoral complements in ISO/IEC TR27019.
  • Securing of an orderly working of the telecommunication and data processing systems that are relevant for the net control
  • Providing a plan of the network structure for a clear view on the technologies for net control that are used
  • Identification where safety is needed in the systems that are included in the plan of network structure
  • Naming a contact person for IT security to the Bundesnetzagentur. That person shall be able to inform the Bundesnetzagentur immediately about
    • The status of implementation of the IT security catalogue
    • Security occurences and their consequences, cause and arrangements to repair and avoid them

Furthermore the contact person for IT security shall secure that the grid operator is properly fastened onto systems for management reports and warning messages.

  • The provided ISMS has to be certified on its conformity with the requirements of the IT security catalogue on the basis of the ISO/IEC 27001.
  • The deadlines are the 30 November 2015 for the naming of a contact person for IT security to the Bundesnetzagentur and the 31 January 2018 for certifying.

We offer you support on the implementation of the requirements of the IT security catalogue:

Pos. 1 Attendence and expertise support on the implementation of an information security management system for the systems of the net control with

  • Determination protection targets
  • Identification of TK and EDV systems for network control, that have to be considered
  • Identification of risks
  • Propositions for safety precautions
  • Control of existing safety precautions
  • Implementation and continuation of the business processes for information security of your company
  • Implementation of a software tool for process control and documentation
  • Attendence to the certification of the provided information security management system due to an accredited company

Pos. 2 Order us as contact person for IT security for the Bundesnetzagentur in terms of the requirements of the IT security catalogue of the Bundesnetzagentur

  • Coordination, Administration and Communication of IT security
  • named contact person for the Bundesnetzagentur
  • Information research and transfer about warning messages of critical infrastructures

Gerhard Jost is appointed as an expert for electricity and gas

The certification program of the German regulation authority for network providers called “Bundesnetzagentur” demands the support of an expert with professional experience in energy distribution for the auditors of information security management systems certifying these following the requirements of the “IT-Sicherheitskatalog der Bundesnetzagentur”.

Gerhard Jost is appointed as an expert for electricity and gas by a certification company early 2017. Since then he supports the auditors with his expertise at the certification audits.

Gerhard Jost is auditor  ISO/IEC 27001

After five day training certified bei IRCA and proving his know-how in an exam at “isits  International School of IT Security AG” in Bochum Mr. Gerhard Jost was handed out the rightstanding certificate by TÜV Rheinland in summer 2016. This entitles him to conduct audits of information security management systems ISMS after ISO/IEC 27001 .

IRCA means International Register for Certificated Auditors.

You are interested in our services for the implementation of the IT security catalogue of the Bundesnetzagentur? Then contact us via our contact form. We will gladly offer you an adequate tender.