Dr Hendrik Hoppenstedt, Minister of State in the Federal Chancellery, explained at the Potsdam Conference for National Cybersecurity what protective measures the German government intends to take given the “extremely heightened” relevance of the topic. Before the end of this legislative period, he said, the "Security Act 2.0" will be proposed to the Bundestag, which is intended to act as an extension of the first IT security law that came into force in 2015. Among other things, it is planned that in the future "further parts of the economy will be subject to reporting requirements and minimum standards obligations, as some sectors of the critical infrastructure already are." The primary focus, he said, is on companies in which there is a special public interest.
Hoppenstedt also announced the establishment of an "Agency for Disruptive Innovation in Cybersecurity and Key Technologies" (ADIC) based on the U.S. model DARPA, as a step to "close the gap in research into future-changing technologies." The agency, he said, is intended to promote risk-taking in Germany and thus reduce dependence on foreign players. The ADIC's research will essentially be carried out in the "interest of the security authorities".
Finally, the Minister of State addressed the much-discussed further expansion of cyber defense competencies. The planned "authority for active cyber defense measures" is intended to build up capabilities at the security authorities that will allow active countermeasures in cases of massive IT attacks against German targets. " Possible active measures include, for example, redirecting attack traffic, deleting data, but also blocking and shutting down the attacker's IT infrastructure," Hoppenstedt explained.