In recent years, there has been an increase in IT security incidents affecting municipal administrations in Germany. Cities, districts, and municipalities provide many public services. Nowhere do citizens contact the public sector as directly as in the municipalities. If IT security incidents occur here, the damage is noticeable for the inhabitants. In the worst case, municipal administration functions only to a very limited extent in the event of such incidents. For German cyber security policy, the protection of municipal institutions is therefore an important strategic task.
By the subsidiarity principle, municipalities are initially responsible for their information security. The current German approach to promoting information security and resilience of municipalities provides for a support function of the federal and state governments. The federal and state governments want to set incentives that motivate municipalities to improve their resilience.
The analysis shows that support services from the federal and state governments are available differently depending on where a municipality is located.
The further development of the approach should above all take into account the concrete needs of the municipalities. In addition, certain practice-tested services should be made available to all municipalities. An important aspect is to increase the transparency of the offer for the municipalities and to offer reliability of the services. These services need to be systematically linked to increase effectiveness.
Improving the resilience of municipalities requires cooperation between the federal, state, and municipal levels. A prerequisite is a regular exchange between the different actors. This builds trust between the respective decision-makers to enable improved cooperation.
Read the full title: “Municipal Information Security and Resilience“ here as a PDF.
Please note, to date the paper is only available in German.
