The National IT Crisis Response Centre (IT-KRZ), which is formed by theNational IT Situation Centre and CERT-Bund, is a special organisational structure within the BSI for responding to and managing serious cyber security incidents and IT crises.

The team of crisis specialists at the National IT Crisis Response Centre analyse and assess the situation in hand on the basis of all of the available information. In addition, the IT-KRZ coordinates all the other crisis management organisations involved -- such as affected public authorities, service providers, or critical infrastructure.

Organisational structure

Serious cyber security incidents and IT crises often share a number of common features, such as the exceptional complexity of the underlying circumstances.

• Does a given incident involve a technically advanced attack?
• Is it a public-interest incident that requires a high degree of coordination?
• Or is it the result of a technical defect that has caused all the corresponding security systems to fail?

These and other questions are answered for each and every IT security incident to ensure that steps appropriate to the context can then be initiated. For its part, the National IT Crisis Response Centre deploys a flexible organisational structure that is capable of handling a variety of situations on the ground. This structure can expand to include predefined escalation levels, adjust the inclusion of domain specialists as appropriate to the situation in hand, and provide the HR resources needed to ensure continuous crisis management. Standardised procedures and regular drills also play a part in ensuring a smooth transition from routine daily business to the IT-KRZ's special organisational structure.

Equipment and infrastructure

To safeguard its responsive capabilities even in a crisis, the National IT Crisis Response Centre has a specialised set of equipment and infrastructure at its disposal. Alongside standard solutions for ensuring site security, facility availability, and technical workplace equipment (including energy), the IT-KRZ can also make use of numerous redundant communication channels that are provided by the National IT Situation Centre. This ensures the effective communication of situational data as well as timely warnings about cyber security incidents.

National IT Crisis Management

National IT Crisis Management forms part of the National Crisis Management system operated by the Federal Ministry of the Interior, Building and Community. In the event of serious cyber security incidents and IT crisis situations -- especially those affecting the Federal Administration -- the BSI's National IT Crisis Response Centre assumes a central and coordinating role.
Essentially, this role is assigned to the BSI by the following:

• The Federal Implementation Plan (UP Bund)
• The Cyber Security Strategy for
  Germany.

The IT-KRZ's coordination of multiple departments and public authorities to manage serious cyber security incidents and IT crises is a complex task that requires continuous adjustment and ongoing drills and exercises with national and international partners.