The Cyber Security Network is a voluntary association of qualified experts in incident handling who are prepared to provide their individual expertise and know-how in the interest of remedying IT security incidents and to assist in improving the IT security situation in Germany. The Network assumes responsibility for carrying out reactive tasks with the aim of identifying and analysing IT security incidents in order to limit the damage they cause and avert any further damage. The support offered may differ depending on the type of incident and the target group in question.

Watch the video below for a brief introduction to the Cyber Security Network:

The qualification programme ensures that digital first-aiders and incident experts handle incidents to the same high standards of quality every time. In addition, the BSI provides an attestation or a personal certification to confirm that digital first-aiders and incident experts are suitably qualified.

Any experience gained from handling incidents is shared with a view to consolidating expertise or expanding and keeping it up to date. The qualification programme will be continuously extended based on the latest findings made when analysing incidents, plus the information obtained during this process will help to build a picture of the situation. This will enable new recommendations and preventive measures to be targeted even more precisely to the actual situation and the Cyber Security Network to keep optimising the support services it offers.

The organisational structure of the Cyber Security Network

The Cyber Security Network is the first and central point of contact for both experts and other parties concerned. The operative arm of the Cyber Security Network deals with registrations and answers all questions related to process and the organisation itself. A coordination office within the BSI takes care of strategic orientation and framework conditions for the Cyber Security Network. This office is supported by a round table consisting of incident experts and representatives from public authorities, educational institutions and various interest groups. See the figure below for an overview of all the different roles involved in the Cyber Security Network:

Following an IT security incident, the parties concerned should get in touch with the contact point to seek first-aid support from qualified members of the Cyber Security Network (digital first-aiders, incident experts or IT security service providers running a team of incident experts).

Trainers and auditors assist with the qualification concept and safeguard the quality of the support services that are provided by giving training or approving audits.

The Cyber Security Network has close ties to the Alliance for Cyber Security, complementing the services offered by the Alliance with its reactive services.

Qualification in the Cyber Security Network

The training concept provides the framework for qualifying digital first-aiders and incident experts as well as quality requirements for auditors and trainers. A basic training course teaches a first-aid programme that is enough to provide members with basic support. Digital first-aiders can learn the content of the first-aid programme by attending an online course or through self-study of the "Leitfaden zur Reaktion auf IT-Vorfälle für Digitale Ersthelfer" [Guide to Responding to IT Incidents for Digital First-aiders] (the online course should be available from March 2021). Qualified auditors confirm that the digital first-aiders have gained the requisite skills during an auditing workshop and issue an attestation if the audit is passed. Digital first-aiders are then permitted to register with the Cyber Security Network (CSN). Once registered, digital first-aiders receive a first-aid pack to help with their work in the Cyber Security Network.

There is also a three-day advanced training course, during which qualified trainers teach additional incident handling content for incident experts.

It is down to trainers and training providers to design their own advanced training course for incident experts, which is based on the content defined in the curriculum (link below). A standardised training programme creates a broad foundation for providing a qualification programme for incident experts.

Providers within this programme may be associations, universities or IT/information security training providers. These organisations train digital first-aiders, members, students, but also company employees on how to best support the parties concerned when handling incidents within the Cyber Security Network.

A list is currently being drawn up of all those registered with the Cyber Security Network as providers of the advanced training course for incident experts.

The Cyber Security Network is taking advantage of the snowball effect in its efforts to train as many incident experts from different fields as possible. The idea is to furnish Germany with an extensive network of incident experts in no time at all.

The qualification training programme is based on a curriculum whose subject areas are presented in a "Leitfaden zur Reaktion auf IT-Vorfällen- für Vorfall-Experten" [Guide to Responding to IT Incidents for Incident Experts]. The Cyber Security Network also supplies training providers with an exercise pack containing a number of initial suggestions for practical exercises. The organisational framework conditions to bear in mind when designing the advanced training course are defined in a "Leitfaden für Trainer und Schulungsanbieter" [Guide for Trainers and Training Providers].

Training providers for the advanced training course

An information pack for training providers will be sent to interested training providers on request.

If you are interested in providing an advanced training course for the Cyber Security Network, please contact the Cyber Security Network via e-mail.