CyberRisks: Lawyer for IT security & cybersecurity
IT Security Act, NIS2, CRA, BSIG + trade secrets
Lawyer for IT security: Lawyer Jens Ferner is a specialist lawyer for criminal law and a specialist lawyer for information technology law with specialist knowledge in the field of IT criminal law (“cybercrime”) and IT security law (“cybersecurity”). The topic is dealt with holistically, because where cybersecurity and cybercrime used to stand side by side, today the area of cyber risks unites all sub-areas. That is why we offer scientific analysis of the topics of cyberwar & disinformation, practical skills in digital evidence and legal handling of the entire complex of cyberrisks.
IT specialist lawyer Jens Ferner advises companies on all aspects of IT security law, including NIS2, CRA, BSIG and trade secrets. His former profession as a software developer and Unix system developer also contributes to his legal advice, as does the fact that he is experienced in dealing with ransomware and cyber extortionists. Attorney JF is university-certified in Cybersecurity & Crisis Communication and is currently additionally certified in Strategic Crisis Management.
Specialist lawyer for criminal law and specialist lawyer for IT law Jens Ferner | Contact us
- IT security law from a specialist lawyer for IT law & specialist lawyer for criminal law – with direct experience in cybercrime and certification in all aspects of cyber security and crisis communication
- Cyber crisis: Legal support in the event of a security incident and in particular a hacker attack on the company
- Liability of board members and management and cybersecurity in employment law
- Contractual design around cyber security and critical components
- Advice on IT security law for pen tests, software development and hardware components such as semiconductors (IT Security Act, NIS2, CRA, BSIG, NIS2UmsuCG)
- Dealing with cybercrime in the company
- Trade secrets & industrial espionage
- Digital evidence
Your opponents – my clients
There are plenty of lawyers at desks in suits, but I offer something different: I have been advising both hackers and companies that have been hacked for over a decade. From individual cyber blackmailers to organized ransomware groups abroad, I know all the scenarios and how to personally deal with those who fear companies. I can help you with eloquent cybersecurity advice and professional cybercrime experience where others lose their bearings.
First aid on the subject of cyber attacks
On the subject of hacking here (partly on our German site):
- Hackangriff bzw. Cyberangriff – Was tun?
- Datenleck: Herausforderungen für Unternehmen
- IT-Sicherheit im Arbeitsrecht
- Wie schütze ich mich vor einem Hackangriff?
- Was ist ein sicheres Passwort?
- Phishing-Seiten-Installation am Beispiel ZPhisher
- Bin ich von einem Hackangriff betroffen?
- Online-Betrug & Fake-Shops: Was tun?
- Glossar zum Cybercrime mit klassischen Angriffsszenarien
- Strafbarkeit der Suche nach Sicherheitslücken
- Unser Hacker-Guide: Russland, Iran, Nordkorea und China
- Unser Ransomware-Guide:
IT security law (cybersecurity)
In the area of cybersecurity, the BSI Act, the technical standards of the BSI and the IT Security Act, which has been implemented since 2015 and implements the European requirements in the form of the NIS(2) Directive, are of primary importance at national level.
Lawyer for IT security: Lawyer Jens Ferner, a specialist lawyer for information technology law, works as a defense lawyer and lecturer in the field of IT security, complementing his work in the areas of cybercrime, software law and IT employment law. Criminal defense lawyer and specialist lawyer for IT law Jens Ferner supports companies in the areas of liability, criminal liability and legal protection.
With regard to the NIS Directive, it should be noted that IT security is also a topic of major importance at European level. The “Network and Information Security Directive” (“NIS Directive”) is primarily intended to create a uniform standard across Europe. After this project had languished for years, the breakthrough came in 2016. However, the German legislator had already passed the IT Security Act in preparation for this, which had already implemented parts of the NIS Directive.
As a result, Germany has a tiered security concept in the area of cybersecurity, which provides for different framework conditions depending on the service. There are different services, some of which are expressly provided for, but which are also a de facto result and for which there are separate security levels. In the meantime, the NIS2 directive is about to be adopted.
Lawyer Jens Ferner: Cybersecurity
As a specialist lawyer for information technology law, he focuses on IT security, IT criminal law & cybercrime. We offer comprehensive legal expertise in the areas of IT law, IT security, cybercrime & data protection law as well as extensive technical experience as a programmer, Linux system administrator & security consultant including knowledge in the areas of network security, IT forensics & IT risk management.
Cybersecurity: Graduated legal security concept
There are different levels in the concept of IT security law in Germany:
- Critical services (KRITIS), which are described in the directive as “essential services”;
- digital services, including online marketplaces, online search engines and cloud computing services, although there are exceptions for micro-entrepreneurs;
- Telemedia in general, for which general security requirements have been set out in the Telemedia Act since the IT Security Act.
IT security law has been the unrecognized focal point of digitalization for many years – specialist lawyer for IT law Jens Ferner has been working in this field for decades. Formerly as a software developer who trained other programmers in secure programming – today as a lawyer for IT security law. In 2023, Attorney JF completed an advanced training course on IT security at the Fernuni-Hagen.
While KRITIS has a preventive obligation to take security measures, digital services have to act more retrospectively and are generally required to maintain stricter security and to set up concepts for emergencies, while at the weakest level telemedia are generally required to comply with common security standards.
Cyber risks: Cybercrime & IT security
As a specialist lawyer for IT law and criminal law, I specialize in cybercrime, cybersecurity and digital forensics. I advise IT companies, defend hackers, analyze legal developments and give specialist lectures on the pressing issues of digital law enforcement. My expertise ranges from classic IT security advice – from ransomware attacks to NIS2 compliance – to the legal processing of security incidents, protection of secrets and e-evidence. I guide companies through the legal challenges of cyber defense and litigation.
Today, I prefer to speak holistically of cyber risks, because the digital threat continues to evolve: cyberwar, disinformation and the increasing connection between cybercrime and geopolitical conflicts influence not only criminal law and IT security, but also media law. These interfaces are my clear focus – with a view to the factual and legal consequences of global cyber attacks and the manipulation of digital spaces.
- Training for lawyers: IT forensics & digital evidence
- Advice for companies: IT security law, cyber defense, compliance
- Research & Publications: Cybercrime, cyberwar, digital disinformation
Cyber risks: Legal foundations of IT security in Germany and Europe
A brief overview of the legal situation in cybersecurity(also on LinkedIn):
- BSI Act (BSIG): The BSI Act used to define the role of the Federal Office for Information Security (BSI). Today, it is the cornerstone of legally standardized IT security in Germany and will be transformed into THE IT security law in Germany in the course of #NIS2 implementation. You can find out more about the BSI Act from me here.
- IT Security Act: The IT Security Act was not a stand-alone law, but an article law with which the BSI Act was noticeably “beefed up” in 2015 and the Telemedia Act was expanded to include the aspect of IT security. You can find out more about the IT Security Act from me here. The IT Security Act has been further strengthened by the IT Security Act 2.0.
- NIS(1) Directive: You will find a comprehensive discussion of the NIS(1) Directive here. The implementation of the NIS2 Directive will follow soon.
- NIS2 Directive and law implementing the NIS(2) Directive – our article on the NIS2 Directive and the (failed) NIS2UmsuCG on the NIS2 Directive.
- DORA: IT security in the financial sector, described here!
- Cyber Resilience Act (CRA): Europe-wide regulation of the security design of products, especially hardware.
- General Data Protection Regulation: Articles 25 and 32 of the General Data Protection Regulation stipulate that providers must ensure that data is protected when it is collected and processed.
- Telecommunications-Telemedia Data Protection Act: The TDDDG requires you to secure your services in accordance with the state of the art – remember that this also applies to communicating software that is built into hardware (“Internet of Things”). Incidentally, this used to beSection 13 (7) TMG.
- Product safety: The current Product Safety Act provides for the basic safety of products. In future, the Product Safety Ordinance will apply here. The new Product Liability Directive should also be mentioned.
At least a few sentences on standards in IT security are necessary, focusing on two starting points:
- With the IT baseline protection catalogs, the BSI offers a guide that serves as a foundation for practical use.
- The BSI’s offer ultimately implements the ISO 27000 standards, and the keyword “Information Security Management” provides a suitable entry point.
State hackers at a glance
The most significant international actors include state actors from Russia, China and Iran. These countries use various tactics to promote their geopolitical interests and undermine the stability of European democracies.
In addition to the main actors named below, there are also other countries and non-state actors that attempt to influence elections in Europe. These include, for example, groups acting on behalf of governments or in their own interests to advance certain political agendas. These actors use a variety of methods, including cyberattacks, disinformation, economic pressure and diplomatic maneuvers to achieve their goals. The European Union and its Member States face the challenge of recognizing and countering these threats in order to protect the integrity of their democratic processes.
Russia
Russia is known for its extensive disinformation campaigns and cyberattacks aimed at weakening trust in democratic processes. Some of the best-known examples include influencing the 2016 US elections and attempts to influence the Brexit vote. Russian actors often use social media platforms to spread false information and deepen social divisions.
China
China is increasingly relying on cyberattacks and disinformation campaigns to expand its influence in Europe. Chinese hacker groups are known for conducting industrial espionage and stealing sensitive information that can then be used to influence political decisions. China is also trying to manipulate public opinion in Europe by spreading pro-Chinese narratives in the media.
Iran
Iranian actors also use disinformation campaigns and cyberattacks to pursue their geopolitical goals. These campaigns are often aimed at destabilizing the policies of the US and its allies in Europe. Iranian hacker groups use similar techniques to their Russian and Chinese counterparts.
North Korea
North Korea is another international actor trying to influence elections and political processes worldwide, including in Europe, through cyber activities. While North Korea is less of a focus compared to Russia, China and Iran, there is still significant activity emanating from North Korean actors. North Korea also uses disinformation to further its geopolitical goals and foment political unrest. While there are fewer documented cases of direct election interference by North Korea, the regime still uses cyber operations to exert political pressure and protect its interests, for example by publishing compromising information about political candidates or spreading propaganda.
