Germany’s Federal Office for Information Security (BSI) is the national cybersecurity authority and charged with promoting IT security in that country. BSI is first and foremost the central IT security service provider for the federal government in Germany and also offers services to IT manufacturers as well as private and commercial users and providers of information technology.

In September, 2019, ISA hosted Arne Schonbohm, President, Federal Office for Information Security; and staff, Ewa Lux, Executive Staff and Florian Thurner Senior Advisor, Int. Relations, at a Salon Dinner in Washington DC. Discussion topics touched on multiple cybersecurity issues that both Germany, and Europe, and the United States are confronting including the need for expanded international cooperation across government and industry, building trust, and balancing regulation with pro-market incentives.

Arne Schoenbohm at ISA Salon Dinner

In late 2017, ISA worked with BSI and its president, Arne Schönbohm, to plan the development of a version of the Cyber-Risk Oversight Handbook tailored to the unique policy environment of Germany. In October 2017, a workshop comprised of a mix of boards of directors, senior management, chief information security officers and IT managers, was held to adapt the handbook for use in Germany. The handbook, Managing Cyber Risk: A Handbook for German Boards of Directors, was published in the Spring of 2018 and is available for download here.

ISA has hosted Schönbohm during multiple visits to the United States, allowing him to gain a better understanding for how American business are addressing cybersecurity issues. He has met with senior leaders from the National Association of Corporate Directors and the Center for Audit Quality; as well as engaging in candid, off-the-record dinner with industry executives, including from the defense and manufacturing sectors on cybersecurity matters of mutual concern.

Our relationship with Schönbohm predates his tenure as BSI president. Schönbohm previously served as president for the Cyber Security Council of Germany and in 2014 he and ISA President Larry Clinton signed an agreement for the two associations to work together on cybersecurity issues.

The two organizations pledged to work for a European version of the Cybersecurity Social Contract developed by the ISA, in which governments provide economic incentives for private companies to go beyond what they regard as commercially appropriate levels of cybersecurity. Read ISA-CSCG joint position policy paper (pdf).

Members of the CSCG include large and medium-sized companies, operators of critical infrastructure, as well as experts and policymakers in cybersecurity. Through its members, the association represents 1.6 million workers in the German economy and 1.8 million members of other associations and clubs.