Timeline
From 1991 to 2022 – milestones in time - about the development of the BSI and the growing cyberspace at all.
1991 bis 2015
image / video 1 / 2
2016 bis 2023
image / video 2 / 2
10 years ACS 6,620 participants | In 2022, the Alliance for Cyber Security celebrated its tenth anniversary.
|
Publication Cyber Security for SMEs | The brochure Cyber-Sicherheit für KMU offers SMEs an easy-to-understand introduction to improving their cyber security level. It starts with the most important basics of IT security — concisely presented in form of 14 questions. |
Publication Cyber Security Space Infrastructures | As a federal cyber security authority, the BSI is also responsible for the cyber security of satellite infrastructures, especially in the context of the growing dependence on satellite services. A first important step is starting its on the cyber security of satellites and associated infrastructures. PDF publication: Cyber-Sicherheit für Weltrauminfrastrukturen |
Employer branding campaign #TeamBSI | The employees of the BSI share the enthusiasm for one topic: Cyber security. The employer-branding-campaign #TeamBSI (page is only available in German language) is starting to attract more employees to shape secure digitisation in Germany. |
Cyber attack on German petroleum traders | In March 2022, a cyber attack took place on a German oil trader with a Russian parent company. Multiple virtualised server systems failed and the attackers were able to penetrate deep into the company’s systems and extract a large voulme of data from different storage systems, mail servers, and hard disk images. |
Attack on companies' satellite communication | In February 2022, due to a cyber-attack in Europe, a satellite service failed, through which, among other things, processes for the fault clearence for wind turbines in the electricity sector are maintained by means of satellite communication solutions. As a result of the attack, around 5,800 wind turbines could no longer be serviced via remote maintenance. |
Assessment of the situation in Ukraine | Following the Russian attack on Ukraine, the BSI continuously assesses the situation with regard to information security and calls on its target groups to review their IT security measures and to adapt to the given threat situation. |
Grant of the first 'IT-SiK' | In February 2022, the first IT-Sicherheitskennzeichen (IT Security Label) was awarded to an e-mail provider. Consumers can scan the QR code of the label with their smartphone and receive information about the product’s IT security properties. Manufacturers and service providers can use the label to highlight the IT security of their products on the market. |
Vulnerability Log4Shell | The critical vulnerability (Log4Shell) in the widespread Java library Log4j lead to an extremely critical threat. The BSI increased the cyber security alert to the red warning level red. The reason for this assessment was the very wide distribution of the affected product and the associated effects on countless other products. |
First cooperation agreement 'BSI/Bundesland' | The cooperation agreement stands for the common goal of strengthening cyber and information security in Lower Saxony and beyond. Several fields of cooperation were identified. In addition to mutual support for prominent cyber security incidents, internships to improve the links between the partners, among other things, were agreed. |
Opening of the Saarbrucken office | The BSI further intensifies its activities in the field of AI and takes on new tasks with the opening of the new BSI office. In addition to expanding technical considerations on AI security, the BSI develops the technical foundations for digital consumer protection in the field of AI. |
IT-SiG 2.0: New task 'DVS' | The IT Security Act 2.0 (IT-SiG 2.0) comes into force. The BSI receives, among other things, the task of digital consumer protection (DVS) and consumer information in the area of information security, in particular through independent and neutral advice and warning at the federal level. |
Campaign „einfachaBSIchern“ | The campaign #einfachaBSIchern ("simlpy secured") raises awareness among consumers of risks in everyday digital life and shows ways they can safely use the internet. Through videos and advertisements, the campaign promotes the BSI’s services on topics such as online shopping, remote work, online gaming, social media or smart home. |
Vulnerability in Exchange | With a security update, Microsoft closes four critical vulnerabilities in the Exchange server that were exploited in combination for targeted attacks. Due to the wide spread of vulnerable servers and the ease of use with exploit kits, the BSI classifies the situation as extremely critical. This is the second highest of the possible crisis levels. |
30 years BSI / First digital congress | With more than 8,000 participants, the BSI archieved a record-setting at the 17th German IT Security Congress. The event took place digitally for the first time in February 2021. Under the congress motto 'Germany. Digital. Secure. 30 years BSI' the BSI celebrated its 30th anniversary at the same time. |
Publication AIC4 | The criteria catalogue AIC4 (Artificial Intelligence Cloud Service Compliance Criteria Catalogue) specifies minimum requirements for the secure use of machine learning methods in cloud services. |
Infrastructure Emotet smashed | At the end of January 2021, the General Prosecutor’s Office Frankfurt am Main — Central Office for the Fight against Internet Crime (ZIT) — and the Federal Criminal Police Office (BKA) together with law enforcement authorities in other countries succeeded in an internationally coordinated measure to take over and dismantle the infrastructure of the Emotet malware. |
New IT-Grundschutz BSI Standard 200-4 (1. CD) | If a crisis or emergency occurs in an organisation, it requires quick action. The new BSI Standard 200-4 provides practical instructions for setting up a Business Continuity Management System (BCMS). |
Artificial intelligence | The BSI and Fraunhofer IAIS sign a cooperation agreement for the joint development of testing procedures in the field of artificial intelligence. The cooperation enables experts to work together intensively to establish technical product and process testing of AI systems in industry. |
University Hospital Cyber Attack | On 10 September 2020, an IT security incident occurs at the University Hospital Düsseldorf (UKD). In accordance with BSI Act, the UKD informs the BSI about the incident. The BSI supports with a mobile response team. |
Germany's EU Council Presidency | Germany takes over the Presidency of the Council of the European Union for six months and for the 13th time. In addition to dealing with the coronavirus pandemic and its manifold effects, digitisation is a declared focus of the German Council Presidency. |
Corona-Warn-App | The Corona-Warn-App offers the highest level of IT security. The BSI accompanied the development of the app in an advisory capacity, through code reviews and penetration tests of the code provided for the front end and back end, for example. |
First Cyber Security Directors' Meeting | At the initiative and invitation of the BSI, numerous heads of Europe's cyber security authorities meet for the first time for an informal exchange in the run-up to the Munich Security Conference (MSC). In cooperation with the MSC, the BSI offers the authorities represented an exclusive framework for exchanging views at management level on current national and European cyber security challenges. |
The 1,000th employee | The 1,000th employee starts working for the BSI in January 2020. The BSI has been assigned a large number of new posts as well as numerous new functions in recent years. |
5G | The Federal Network Agency launches consultation on the draft of the revised security requirements specification for the operation of telecommunications and data processing systems and for the processing of personal data. The requirements have been updated together with the BSI and the Federal Commissioner for Data Protection and Freedom of Information. In particular, security requirements were specified for operators of public telecommunications networks with increased risk potential |
Second BSI Office in Freital | With its Freital office, the BSI benefits from its proximity to the innovation cluster in the Dresden region and the resulting synergy effects. The goal and aspiration of the BSI is to create a uniform level of IT security throughout Germany. |
National Liaison | With the opening of its own liaison offices in Hamburg and Stuttgart, the BSI expands its National Liaison Service. Together with the liaison offices in Berlin and Wiesbaden, the information and support services for companies, authorities, municipalities and other organisations are thus more firmly anchored in the regions. In the course of this, the BSI also expands the cooperation with the federal states: memoranda of understanding for deeper cooperation are signed with11 federal states. |
Federal Government networks (NdB) | The Federal Government network infrastructure (NdB) goes live. It is used by federal authorities in Germany for secure data exchange. |
#Collection 1 | A hacker posts links on Twitter to download larger data collections, set up like an Advent calendar. Along with well-known persons in the public eye, German politicians at all levels of government are affected by the material published. |
Emotet malware | Fake e-mails in the name of colleagues, business partners or acquaintances and malware that paralyses entire company networks: Emotet is considered one of the most dangerous malware threats worldwide. |
Digital consumer protection | The coalition agreement of the Federal Government states that 'consumer protection is to be established as an additional function of the BSI'. As a manufacturer-independent and competent technical body, the BSI supports consumers in the risk assessment of technologies, products, services and media offerings. |
NIS Directive | The EU Network and Information Security Directive (NIS Directive) comes into force on 30 June 2017. It expands the supervisory and enforcement powers of the BSI over critical infrastructures and strengthens cooperation with the federal states. |
Updating IT-Grundschutz | Following a revision of the complete methodology, the new IT-Grundschutz offers beginners and advanced users a modular and flexible method for increasing information security in public authorities and companies. New content specifically supports small and medium-sized enterprises and public authorities. |
Ransomware WannaCry | The "WannaCry" ransomware triggers cyber security incidents with high damages. This malware is special because it can spread itself without any further action on the part of the user. |
Smart Meter Gateway | Under the supervision of the BSI, the 'key ceremony' for the Smart Metering Public Key Infrastructure was carried out on 13 December 2016 at the T-Systems Trust Center with high-level security precautions. The BSI develops requirements for trustworthy product components (Smart Meter Gateway with integrated security module), their secure IT operation (administration) and for the trustworthy communication infrastructure (Smart Metering PKI). |
Dismantling the Avalanche bot infrastructure | The BSI supports the analysis and dismantling of the Avalanche botnet infrastructure. Among other things, it provides the technical basis for identifying the infrastructure and the malware used. |
President Arne Schönbohm | Arne Schönbohm is appointed BSI President. |
IT Security Act enters into force | A amendment to the original BSI Act, the 'Act on increasing the security of IT systems (IT Security Act)' enter into force. The focus is on strengthening the IT security of operators of critical infrastructures. |
NSA Affair | The Washington Post and Guardian newspapers publish secret documents that shows American and British intelligence agencies are monitoring global telecommunications and the Internet. The resulting 'NSA Affair' triggers political debate about cyber security and the practices of intelligence services in particular. Top German politicians were also monitored. |
Founding of the Alliance for Cyber Security (ACS) | In cooperation with the Federal Association for Information Technology, Telecommunications and New Media (BITKOM), the BSI founds the Alliance for Cyber Security. It aims to increase cyber security for companies in Germany. |
Electronic health insurance card | The technical guidelines of the BSI, the guarantee of IT security and the trustworthiness of technical components through certification in line with coordinated protection profiles contribute to the security standard of the electronic health card (eKG). |
Cyber Response Centre | Under the auspices of the BSI, the new Cyber Response Centre serves as a joint platform for several security authorities to quickly exchange information and better coordinate protection and defence measures against IT security incidents. |
Federal government cyber security strategy | The Federal Cabinet agrees the Cyber Security Strategy for Germany. |
German electronic identity card | With electronic proof of identity, the new identity card makes it possible for individuals to securely identify themselves to authorised companies and authorities on the internet. The BSI establishes the necessary security standards and ensures the quality of the technical processes. |
Stuxnet | Malware specialised in process control systems becomes known for the first time in the form of Stuxnet. Industrial plants and critical infrastructures are particularly at risk. |
President Michael Hange | Michael Hange is appointed BSI President. |
Amendment of the BSI Act | The Act to strengthen security in federal information technology enters into force. The BSI may now pass on warnings about malware and vulnerabilities in IT products and services to the public. The BSI also becomes the central reporting office for IT security for the federal authorities and is responsible for the security of the federal government's IT. |
Zeus | The Zeus trojan, which is primarily used to spy on private and financial data, is discovered for the first time. |
iPhone | Apple launches the first iPhone and lays the foundation for the triumphant advance of the smartphone. |
Electronic Passport | The newly introduced electronic passport has an integrated RFID chip that stores facial image and personal data, plus fingerprints since 1 Nov. 2007. The BSI develops protocols and technical guidelines that support the security objectives. |
President Dr. Udo Helmbrecht | Dr Udo Helmbrecht is appointed BSI President. |
BSI für Bürger (BSI for citizens) | The information service 'BSI for Citizens' started in March 2002 with the slogan 'Into the internet - securely!' as a CD-ROM and has been available as an Internet service since 2003. |
Central IT security service provider for the federal government in Germany | On 1 August 2001, new organisational, personnel and technical framework conditions for the further development of the BSI into the central IT security service provider of the federal government come into force. |
"Love Letter Worm" | The "Love Letter" worm with the subject line ("I love you") spreads en masse via e-mail and causes an estimated $10 billion of damage worldwide. |
"Year 2000 Problem" | The computer problem, also known as the 'millennium bug', was primarily caused by the two-digit year numbers used within computer systems until then. The catastrophic scenarios feared at the turn of the year did not occur -- in part due to the extensive precautionary measures taken by manufacturers and users. |
Common Criteria | Version 1.0 of the Common Criteria for Information Technology Security Evaluation (briefly, Common Criteria) is published in January 1996. They are still available in Version 3.1 today -- an internationally recognised standard for testing and evaluating the security properties of IT products. |
IVBB | The Federal Cabinet lays the foundation for the expansion and operation of the IVBB Berlin-Bonn Information Network (IVBB), a communications infrastructure for reliable and confidential voice and data communication between the highest federal authorities and constitutional bodies in Berlin and Bonn. |
CERT | The first Computer Emergency Response Team (CERT) is set up in the BSI, to respond to IT security incidents more rapidly. |
Launch of IT-Grundschutz | In cooperation with leading business enterprises, the BSI conceives and publishes the IT-Grundschutz Manual. It becomes established as the standard work for IT security management in Germany over the coming years. |
President Dr. Dirk Henze | Dr Dirk Henze is appointed BSI President. |
Birth of the WWW | Researchers at the CERN European Organization for Nuclear Research) in Geneva present their idea of the World Wide Web to the world. The world's first website info.cern.ch is published on 6 August 1991. |
D-Netz | The first digital mobile network is set up in Germany with the D-Netz. |
Founding of the BSI by Dr Otto Leiberich | The BSI starts operations on 1 January 1991 (BSI Establishment Act). |
