The subject of cyber security is closely linked to digital developments. In order to address the challenges involved, we need to take a society-wide approach.

That is why, since 2016, the Federal Office for Information Security (BSI) has been organising a dialogue characterised by its participatory, multi-stakeholder approach. This enables the complexity of perspectives on the subject of cyber security to be replicated as broadly and realistically as possible, while also giving all parties involved the opportunity to share and contribute ideas on equal terms.

Aims of the dialogue

In the "Dialogue on Cyber Security" project, organised civil society shares ideas with representatives from science, culture and the media, businesses and the government, as well as the BSI. The term "organised civil society" is used to describe the areas of society that lie between the government, economic and the private sectors. It encompasses the full scope of civic engagement within a country - e.g. in associations, foundations, unions and in various forms of initiatives and social movements. This includes all activities that are not profit-oriented and free from party political interests.

This dialogue opens up discourse groups that were previously closed off. The discussions between social groups provides space for participants to develop sustainable courses of action and solutions in the field of cyber security. The BSI strives in particular to intensify the dialogue with organised civil society, identify the issues and needs of various social groups (organised civil society, science, culture and the media, businesses and the government) at an early stage and gain insights that drive its own work forward.

Think tank workshop "Secure Information Society" as a dialogue platform

The new project is based on a dialogue model that was developed by stakeholders from all social groups during the previous project "Establishing a Community Dialogue" (2018/2019). The annual think tank workshop "Secure Information Society" forms the heart of this discourse. At this event, various discourse groups can share ideas in an atmosphere of trust, incorporate different perspectives into their discussions and work together to develop solutions.

From 19th to 20th of September 2022 the annual workshop took place in Leipzig. For more information please visit the project's website.

Working collaboratively in "workstreams"

During the think tank workshop, projects known as "workstreams" are designed for collaborative work. Participants are invited to contribute their ideas on issues and problems for these workstreams. In this process, proposed solutions are developed and tested - from studies to real laboratories, from concepts to IT implementation. The range of topics and products for possible workstreams is very broad. The participants of the think tank workshop work together to decide which ones should be implemented. On average, a workstream lasts three to nine months, and so the results are presented at the annual think tank workshop the following year.

At the 2021 think tank workshop, participants selected the following issues to be tackled in the workstreams:

• Digital expiration date
• Dos and Don'ts of sustainably secure products
• Effective IT security awareness
• Update4School - data collection on digital education

The results of the workstreams can be found on the project's website.

Workstreams 2022/2023

Two new topics were chosen during this year's workshop:

1. UpSchooling
   This workstreams evolves from the previous workstream "Update4School". With the help of a toolbox students, teachers and other volunteers will be enabled to educate children and young adults about the topic of cyber security in school.
   The aim of the workstream "UpSchooling" is to contribute to information security with a prevention program in digitalization. The goal is to sensitize and educate young adults about the topic of cyber security and the risks in a digital environment. Furthermore students shall be enabled to use different prevention methods for their personal security and are able to utilize guidance and recommended courses of action in case of cyber security incidents.

2. BuntesBugBounty
   This workstream is supposed to push on a national bug bounty program for key open source software used in the federal administration.
   Bug bounty programs are well established concepts for fixing security vulnerabilities. Within the workstream participants discuss and exchange ideas about the basics and the necessities of a program that is tailored to the German security scene. In a participatory workstream there is space for exploration and experiments. However, the goal is that the workstream’s findings can help to provide support for the potential introduction of a bug bounty program in the federal administration.

More information about the current and the previous workstreams can be found on the project's website.

Project monitoring by a dialogue committee

The entire dialogue process is overseen by a dialogue committee comprising five members and five representatives from each particular social group. The dialogue committee accompanies the process from the stakeholders‘ perspective for a period of two years and ensures that their perspectives, expectations and needs are taken into account.

If you are interested or have any questions, please contact the project contractors (nexus Institute & iRights.Lab) at the following e-mail address: projekt-digitalegesellschaft@bsi.bund.de