Claudia Plattner has been President of the BSI since July 2023. Born in Mainz, she has 20+ years’ experience in IT at several companies and institutions and holds a degree in mathematics. Most recently, she served as the Director General for Information Systems at the European Central Bank and previously held a senior position as Chief Information Officer (CIO) of DB Systel GmbH, the internal IT service provider of Deutsche Bahn. 

Ms Plattner, what role does the BSI play when there’s a critical IT security incident? 

Claudia Plattner: At times like these, our Situation Room becomes the hub to which all the key information flows. The first question we ask is “What’s happening?” To answer that, above all else we need the right people who have drilled the situation, structures and processes.

Does artificial intelligence also play a part in these processes and structures? 

Yes, of course. For example, AI can sift through a massive amount of data and pinpoint a few anomalies that need closer inspection by a person to understand the situation and make informed decisions.

Let’s look more generally at the influence of AI on cybersecurity.

AI is raising the stakes in the battle between attackers and defenders, but with a strong and agile response, we can keep it a level playing field. 

What do you mean? 

For example, AI can write code that could lead to smarter and better malware, but it can also write code that is fundamentally more secure and thus less susceptible to attack. AI can help cybercriminals move around within networks with more purpose and keep them under the radar, but it can also assist in detecting intruders more quickly, intelligently and automatically. The list goes on. AI can better identify system vulnerabilities, which can be beneficial to attackers and defenders alike.

So, AI is already playing a crucial role, but let’s look towards the future. What are your thoughts on quantum computing? 

Quantum computing will have a huge impact on cryptography, which is all around us in the digital world. Every time we enter data on any website. It’s impossible to communicate digitally without encryption and this is shaking up the status quo, but I’m positive that we can solve that with algorithms. There are plenty of clever people around the world working on this, which is why we’ll have post-quantum algorithms that can withstand quantum computers.  

The EU has recognised that there are significant and systemic issues when it comes to cybersecurity.

Claudia Plattner, President, BSI

If that’s the case, where’s the challenge? 

That’s in migrating the systems. To put it bluntly, we have to change the internet and the digital world itself. Anyone who knows how difficult it is to make even small changes to IT systems will be well aware of what we are facing. We need to get started now on prioritising and preparing because we have no idea if D-Day will be in five years, or ten years from now. 

The European Union’s NIS2 Directive comes into force before then.

The EU has recognised that there are significant and systemic issues when it comes to cybersecurity. There are too many companies and institutions out there, which are critical for our coexistence, well-being and democracy, with cybersecurity that is simply not up to scratch. 

In Germany, it’s the BSI that is responsible for enforcement. How will you handle the penalties and fines that have increased significantly? 

We are committed to focusing on working on this together. Companies have to get on top of cybersecurity and we want to help them do so. We take our role as a supervisory authority very seriously, but it’s much more important that we can offer support. A cyberattack can threaten a business’s very existence and we want to protect them from that.