This post is also available in: heעברית (Hebrew)

Germany’s cabinet approved a new cyber security strategy due to a growing number of attacks, especially from China and Russia.

The strategy calls for the creation of a mobile Quick Reaction Force that will be a part of the Federal Office for Information Security (BSI), and similar teams within the federal police and domestic intelligence agency that are able to respond to cyber threats against government institutions and critical infrastructure.

The new strategy also calls for greater cooperation and information sharing between the public and private sectors on cyber threats, much alike to the United States’ cyber defense strategy. A special focus is protecting critical infrastructure, including energy and water supplies and transportation.

Interior Minister Thomas de Maziere was quoted on dw.com, saying that an increasing number of cyber attacks originate from outside Germany’s borders, mainly directed from China and Russia. He also cautioned against the use of “bots” that manipulate social media to influence opinion. He called on all political parties to commit not to use such tactics in the upcoming national elections.

German Chancellor Angela Merkel had recently warned that Russia could try to influence the elections through cyber warfare and disinformation, an assertion that comes after Washington blamed Moscow for interfering in the US election.

Attacks on IT systems take place on a daily basis and also seem to be less attractive targets. Webchecks are a suitable means to determine the current security of a web application. Information security web checks are used to assess the successes of an intentional cyber attack on their own systems, thereby checking the effectiveness of the existing security measures as well as to derive further necessary security measures.

The BSI recently published a Practical Guide on “Information Security Web Checks”, aimed at IT security officers and IT managers in companies, government agencies and other institutions. According to the BSI website, the guide describes a structured, practice-oriented approach to IT penetration testing on web applications. The guide supports penetration testers to make web checks as efficient and effective as possible. In addition, IT managers can use the guide as an aid to formulate specific requirements for an external service provider and thus to find a penetration tester suitable for their purposes.