By receiving and evaluating the latest observations and incidents, the National IT Situation Centre maintains a constant, 24/7 focus on the current cyber security situation. This gives the BSI a comprehensive picture of the corresponding situation in Germany at all times. Thanks to this well-equipped centre, the BSI’s experts can identify threatening situations (such as malware attack waves) early on and mount prompt, coordinated responses.

Is this an attack?

Just another exciting day in the BSI’s central control room: A new kind of malware is flagged up, setting various analysis systems in motion. The first users affected begin reporting irregularities. What are the software’s goals? What damage is to be expected? Who is likely to fall victim to a corresponding cyber attack? The National IT Situation Centre concentrates the BSI’s broad-based expertise in one place to coordinate the responses mounted by Germany's national cyber security authority. Skilled IT specialists from a wide variety of fields work together to analyse threats and develop countermeasures. Since cyber threats do not heed national borders, a set of established processes are also used to share current information and assessments with both national and international partners.

Responding appropriately once a situation is identified

While insights are utilised directly to protect government networks, appropriate recommendations are also prepared for a wide variety of target audiences. Effective distribution networks ensure that these can be sent promptly to the right recipients. At the same time, public warnings are issued and the gerneral public is nformed. Alongside IT professionals working on critical infrastructure or within the federal administrations, smallerscale business and consumers also be provided with suitable information to help them protect their systems. Depending on the threat situation and the scale of the incident, other actors such as the Mobile Incident Response Team (MIRT) or the National cyber response centre may be brought in.

In particularly serious cases, the National IT Situation Centre expands to become a National cyber response centre. Here, specialists from many different disciplines work closely together to de-escalate the crisis and restore a normal state of affairs as soon as possible.

From the National IT Situation Centre to the specialists

Once the initial response has been carried out, the new insights become part of the BSI’s long-term projects. Can these results be incorporated into IT-Grundschutz recommendations? Do Technical Guidelines und Certification processes need to be modified? What information needs to be added to consulting processes, and where? The continuous stream of new insights gleaned from the situation monitoring conducted by the National IT Situation Centre is instrumental to the BSI’s role as Germany's cyber security architect.