heise PlusAbo
Anzeige

After cyber attack: SĂĽdwestfalen-IT wants to reform itself profoundly

The attack on SIT affected 1.6 million citizens. The new management is now planning an internal reform and is making a demand to politicians.

listen Print view
Policewoman in an operations control center with a map on the monitor

(Image: Gorgev/Shutterstock.com)

3 min. read
c't Magazin
By

The new management of SĂĽdwestfalen-IT (SIT) is calling for far-reaching consequences following the devastating cyberattack on the municipal IT service provider. In an interview with c't, Managing Director Mirco Pinske said that the company must change its organizational structure in order to be able to react more quickly to challenges. Pinske also called on the German government to oblige local authorities to comply with the NIS2 directive. Pinske took over the management of SIT in February 2024, around three months after the cyber attack.

The attack on SIT was the most far-reaching in the public sector to date: the administration of over 70 cities and municipalities was paralyzed and a total of 1.6 million citizens were affected. It was not until eleven months after the attack that SIT was able to report a return to "normal mode".

Local politicians decide

As a lesson from the attack and the costly reconstruction of the IT infrastructure, SIT Managing Director Mirco Pinske is calling for a reform of the IT service provider's organizational structure, among other things. "Many decisions that are made by the management in many other organizational forms must be made by an association committee at SIT," said Pinske in an interview with c't. You can read the full interview in the c't newsletter D.digital.

Like other municipal IT service providers, SIT is organized as a special-purpose association. At SIT, fundamental decision-making powers such as defining the strategy lie with the association's assembly. This comprises 119 representatives of the member municipalities, for example district councillors and mayors. Another body, the Administrative Board, decides, for example, on the "security standards to be observed by the association members" according to the articles of association (PDF).

The portfolio is to shrink

In the area of IT security, SIT has taken numerous measures to minimize the likelihood of another outage. For example, VPN access was standardized across the association and secured with multifactor authentication, as the company reported at the end of October. Further investments in IT security "in the high 6-digit range" are planned for 2025. It was also recently announced that SIT has also drawn personnel consequences of the incident.

Videos by heise

Pinske also wants to reduce the variety of applications offered by SIT to reduce the attack surface and speed up any recovery. There are currently 160 applications in operation, he said in the interview. He also called on politicians to oblige local authorities to comply with the NIS 2 directive: "Only then will the corresponding funds for IT security be prioritized." The German Association of Towns and Municipalities has spoken out against such an obligation.

(cwo)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten