Statement on the intensification of the IT Security Act (IT-Sicherheitsgesetz)

, Leipzig
  • The German Government extends the IT Security Act to a total of 918 critical infrastructure
  • Frank Stummer of Rhebo sees this as a sensible step to enforce the responsibility of companies of the industry 4.0 and the Industrial Internet of Things (IIoT)
  • The imperative for new IT security concepts and a sufficient IT security score of companies is also increasingly recognized by insurance companies

Berlin/Leipzig, Germany, 6th June 2017 – With the expansion of the IT Security Act, which has been in force since May 2016, the German Government and the German Federal Ministry for Information Security (BSI) are responding to the recent downtimes in several companies caused by the Ransomware WannaCry and Uiwix. The newly introduced BSI-KRITIS regulation increases the number of critical infrastructure sectors covered by the IT Security Act from 730 to 918. The regulation also clarifies the criteria by which a company is defined as a critical infrastructure.

Dr. Frank Stummer, co-founder of Rhebo GmbH, welcomes the decisive step taken by the German government: »With WannaCry the necessity of a secure IIoT has finally reached the awareness of the public as well as management boards. As a member of the TeleTrust Federal Association for IT Security and the BSI Cyber Security Alliance, we have been pointing to the risks of Industry 4.0 and IIoT for quite some time and see our advice confirmed by the unusually fast action of the German Government.«

With the IT Security Act and the BSI-KRITIS regulation, which will enter into force this month, critical infrastructure companies are even more strongly obliged to protect themselves against cybercrime and IT-related operational disruptions and downtimes.

The objective of the legal framework as well as technology standards must be to increase the IT security score of companies. For companies, this not only means to safeguard a failure-free operation. IT security scores will also increasingly tip the scales for insurance services, such as cyber security policies.

Dr. Frank Stummer: »The security of office-IT and ICS particularly in critical infrastructure is not only a question of operational safety. It is also an aspect of the internal security of a country. In addition, it is not unlikely that the requirements of the IT Security Act will become binding for other types of companies in the future. In discussions with insurance companies, we have found a great interest in developing strategies and guidelines that ensure a high IT security score for companies. It’s up to the industry now to finally act on their responsibility.«


About Dr. Frank Stummer

Dr. Frank Stummer is co-founder and business developer at the German technology company Rhebo. He promoted at Fraunhofer Institute for Systems Engineering and Innovation Research before setting up his first company for network security, ipoque, in 2006 and successfully leading the company as a CFO.


About Rhebo

Rhebo is a German technology company specializing in the reliability of industrial control systems by means of surveilling the entire data communication. Its founders, Klaus Mochalski (CEO), Martin Menschner (CTO) and Frank Stummer (Business Development), each have more than 10 years of experience in the development and marketing of network management and IT security technologies. Klaus Mochalski and Frank Stummer were previously founders in the management of IT security companies ipoque, and Adyton Systems, which together now have more than 150 employees. During the same period, Martin Menschner was the responsible CTO at Adyton Systems as well as project manager for ipoque in the areas of network security and deep packet inspection.



Rhebo GmbH
Kristin Preßler (Head of Marketing)
Spinnereistr. 7
04179 Leipzig
Phone +49-341-393-790-180
Mobile: +49-162-1002085