National Cyber Defense Center, created in 2011. It is managed by representatives from core agencies and associate agencies. The three core members are the Federal Office for Security in Information Technology (B.S.I.), the federal office of the domestic intelligence agency (Verfassungsschutz) and the Federal Office for Population Protection and Catastrophe Aid (B.B.K.). The satellite agencies include: the foreign intelligence agency (B.N.D.), military intelligence (M.A.D.), customs police (Zollpolizei) and the police (Bundeskriminalamt). Customs police only showed up once, the auditors said.
Süddeutsche Zeitung said they, NDR and WDR have seen a classified audit of it from the German Federal Court of Auditors (Bundesrechnungshof) that is highly critical: not only is the new center unsuited to bundling the necessaries for cyber defense, it’s not even doing a good job as an information disseminator. The auditors said they thought creating an institution like this was not justified if its only defined work process was a daily briefing and if “recommended actions on a political strategy level” were only issued once a year in an annual report.
The auditors said they were not blaming the dozen or so I.T. experts working for the Cyber Defense Center. They were blaming the politicians.
In February 2014, the Süddeutsche said, the politicians responded to the federal auditors’ (repeated, apparently this is not the first) written criticisms. The way the center is set up, with core members and associate members, should be examined.
The interior ministry said they thought the auditors were wrong about the perceived need for defined work processes, because what to do was decided at the daily briefings. Also, they said, the Cyber Defense Center’s spokesman informed the Cyber Security Council (??) about the danger level. The Federal Office for Security in Information Technology has an I.T. situation room and the federal government’s computer emergency team; both would be able to inform the Cyber Defense Center in the case of an emergency. The auditors said a Cyber Defense Center should have its own competencies.
(Knots ee own AWL ah SIGH bah OB vair TSEN troom.)