By 2022, the federal government, states and municipalities should be able to offer all administrative services for their citizens digitally – networked and united in the so-called "portal network". It provides the technical platform through which the administrative processes then run.
A goal that can be called "timely", "long overdue" or "commendable" depending on the assessment. Because these administrative processes regularly work with sensitive personal data, the question naturally arises:
How (data) secure is that?
In order to be able to give a reassuring and satisfactory answer to this question for all sides, the "IT Security Regulation Portalverbund" created especially for this major project prescribes so-called "penetration tests".
This means: IT security service providers certified by the federal government or federal state must: regularly, namely at the time of introduction and then again after three years at the latest, but "in case of major changes" even before, simulate an attack on the administration portals and their various components and try to cause damage there. If the experts detect weak points there, they can be corrected and the security level can be significantly increased.
Attacks can have devastating consequences
Having the pentests carried out is not only supposedly annoying "protocol" because the regulation provides for it. On the contrary: How devastating attacks can turn out, for example, the ransomware attack on the district of Anhalt-Bitterfeld from July 2021 shows. About a year later, the consequences are still not completely eliminated there. "Until even the employees no longer notice anything, I assume that we still have two months to do," said Landrat Andy Grabner in July 2022.
To ensure that something like this no longer happens to you, TWINSOFT comes into play here! With many years of experience in the field of IT security and pentesting, we are the ideal contact for your authority, your municipality or your federal state. Just contact us here without obligation.
