In an open letter to the German government, more than 60 individuals, companies and associations from civil society and business are speaking out against the "Cybersecurity Strategy for Germany 2021". SerNet GmbH is among the first signatories and supports the action.
The signatories of the open letter "call on the federal government to postpone the adoption of the cybersecurity strategy to the next legislature or at least to cancel the expansion of powers for the security authorities without replacement. Crucial parts of the strategy have long been highly controversial within the German government and have received massive criticism from representatives of German industry, academia and civil society."
The Interior Ministry's nearly 130-page draft Cybersecurity Strategy 2021 was not submitted until June 9, just before the end of the current legislative period, and experts were invited to comment until June 16.
Criticized - in addition to the questionable timing a few months before the federal election - are the numerous proposed measures "that would push surveillance by German security authorities at the expense of IT security" and lock it in for many years to come, such as circumventing secure encryption. Also flagged are the required powers for active cyber defense, the planned expansion of the Central Office for Information Technology in the Security Sector (ZITiS) while at the same time lacking control and protection measures and without adequate expansion of parliamentary oversight.
The open letter states very clearly, "If the strategy is adopted in its current form, it would cement a cybersecurity policy for years to come for which there is insufficient support in business and society and whose measures have little prospect of improving IT and cybersecurity in Germany. The trench warfare over the direction of national cybersecurity policy would thus be perpetuated - to the detriment of security in Germany."
Among others, the Süddeutsche Zeitung ("Open letter against Seehofer's cybersecurity strategy") and Netzpolitik.org ("For a Real Cybersecurity Strategy Without New Surveillance Measures") already reported on the Open Letter.
SerNet supports the start-up competition of the Georg-August-Universität Göttingen for 2021 again: LIFT-OFF supports founders through an intensive accompanying program. The best projects will be presented at a public award ceremony. This will take place on Thursday, 10.06.2021 from 18:00. Registration is possible via: https://eveeno.com/lift-off-2021
With the LIFT-OFF program, the University of Göttingen has been encouraging people interested in founding a company and active founders to realize their own business idea since 2017. Various events and workshops as well as mentoring in the field of entrepreneurship prepare the first steps towards founding a company. In this year's award ceremony, student and academic teams will present their ideas and start-up projects live on the digital stage. Afterwards, the award ceremony will take place in the categories "Start-up Potential" and "Science". Dr. Johannes Loxen, founder and CEO of SerNet GmbH served on this year's jury: "There were many powerful entries this year - and we found deserving winners." An audience award per category will also be presented, which can be voted on live.
SerNet is looking forward to having accompanied the start-up competition in 2021 as well, and to the further exchange with the participants and other interested parties.
With immediate effect SerNet leaves Gaia-X, the European infrastructure project, after getting notice about new membership of companies that do not meet key European values and do not share the ideas of open standards, open source and a free and open internet. Being in the same association together with those companies damages SerNet's reputation and is in conflict with SerNet's code of conduct and many measures regarding social responsibility.
Gaia-X does not meet the goals of its own statutes anymore and this is why SerNet will leave the organisation asap.
The SerNet organizing committee has presented the program for this year's sambaXP. It is the 20th conference in the "samba eXPerience" series. Like last year, it will take place purely virtually via Zoom. The presentations are aimed at both developers and users. Tickets can be booked via the conference website at https://sambaXP.org. Participation in sambaXP and the IO Lab is free of charge.
Workshops and lectures at sambaXP 2021
sambaXP starts on May 4th with the traditional workshop day. This year Stefan Kania will deal with the topic "Setting up Samba as a print server" from 3 pm to 9:30 pm CEST. The participation fee for this is 50 euros. A free two-hour workshop on "Integrating SAMBA+ AIX into an existing AD domain" will be offered by Björn Jacke from SerNet.
To enable as many people as possible worldwide to participate, the presentations will also start at 3 pm (CEST) on May 5. Nadine Dreymann from the organizing committee of SerNet: "Last year we saw excellent results with the virtual conference and were able to bring participants and speakers from different time zones together." Jeremy Allison, chairman of sambaXP, kicks things off with his talk on using samba code in Google Chromebooks. This year's topics include development insights such as "Samba AD DC Cockpit UI" and "Reverse engineering the Windows SMB server," as well as application experiences "Troubleshooting clustered Samba in Enterprise environments" and "Experience running a clustered Samba gateway for CERNBox."
SerNet's Samba team also contributes current topics to the program:
- Stefan Metzmacher: Samba Multi-Channel/io_uring Status Update.
- Ralph Böhme: The New VFS
- Volker Lendecke: Socket activation for Samba's RPC services
Details on all presentations can be found on the conference page.
A Microsoft-sponsored SMB Interoperability Lab (IO Lab) will also be held online from Wednesday to Friday (May 5, 3 pm to May 7, 9 pm CEST). In the IO Lab, participants* will collaboratively test their implementations of SMB3, identify and troubleshoot issues in a collaborative environment. SMB implementations that are still in the development phase are also welcome. The IO Lab is sponsored by Microsoft and conducted in Microsoft Teams.
verinice 1.22 is here! The new version of the ISMS tool comes with a number of new features, including the BSI's IT-Grundschutz compendium in the 2021 edition. The verinice.TEAM has also worked on providing additional modules that allow verinice to be customized depending on the deployment scenario.
Numerous major and minor optimizations characterize the new version of the open source tool for managing information security. For example, verinice 1.22 is delivered with VDA ISA / TISAX versions 4 and 5 and the reporting form according to BSIG 8b for security incidents. Users can either obtain it from the verinice.SHOP or download it from the repository for Pro customers. The most important new features of verinice 1.22 (and the update 1.22.1) are documented in the release notes.
Additional modules for verinice
Another change is the central provision of additional modules via the verinice.SHOP. Users can access the modules as supplements for verinice and use them as needed for working with the ISMS tool. These include (German only) minimum standards issued by BSI and IT-Grundschutz profiles. The following additional modules are available as fee-based add-ons: Risk Catalog and Risk Catalog Plus (ISO 27001 / ISO 27019), Data Protection Module and Industry Standard B3S Hospital.
The PCI DSS module has also recently been added. This requirements catalog maps the Payment Card Industry Data Security Standard (PCI DSS) in verinice. The use of the module with verinice is possible from version 1.22 in the ISM perspective.
B3S Hospital & verinice
The "Industry-Specific Security Standard for Healthcare in Hospitals" (B3S Hospital, German only), which is available for verinice, is aimed specifically at healthcare providers. verinice is already in use as a reliable solution in the healthcare industry (e.g. Universitätsklinikum Halle, Charité Universitätsmedizin Berlin). The combination with the industry standard now specifically supports clinics and hospitals in meeting requirements from the Patient Data Protection Act (PDSG) and improving their IT security or introducing information security management by the deadline of 01.01.2022. For this purpose, verinice, verinice.PRO and the add-on module B3S Hospital are also qualified for funding from the Hospital Future Fund (KHZF).