Requirement to report cyber-attacks to include LNG terminal operators

Following the attacks of the Nord Stream pipelines in September, the German government wants to expand the requirement for operators of so-called critical infrastructure (kritis) to report attempted attacks and operation disruptions, newspaper Handelsblatt reports. Liquefied natural gas (LNG) terminal operators as well as owners of shore stations for connecting submarine cables to land-based telecommunications networks should also be included in the obligation to report operation disruptions, according to a draft regulation from the interior ministry (BMI). This is being discussed with scientists and companies involved.

The interior ministry called for tighter security regulations for all sectors considered critical infrastructure following explosions in the Nord Stream 1 and 2 gas pipelines. Interior minister Nancy Faeser aims to present a so-called kritis umbrella law for all operators soon, to better protect the most important sectors. Companies recognised as kritis – which include facilities in the energy, transport, water, food, government and administration, health, information technology and telecommunications sectors – are required to report to the Federal Office of Information Security (BSI) whenever an attack, incident or IT disruption is carried out against them. However, a lack of IT specialists is becoming a cyber security risk for German energy industry companies, according to newsletter service Tagesspiegel Background Cybersecurity.