Germany (DE)

The Cyber Security Strategy for Germany (2016, EN) is the second national iteration since 2011 in cooperation with federal states and private industry.

It covers 9 of the 15 strategic goals in the ENISA self-assessment classification. These goals are: Cybercrime, citizen awareness, critical information infrastructure protection, national cyber contingency plans, international cooperation, incident response capability, institutionalised form of cooperation between public agencies, baseline security requirements, R&D. It should be noted that education falls more broadly under digital literacy and plays a key role in the overall strategy. 

The strategy outlines respective roles across the national cybersecurity ecosystem and internationally, from the federal government and its ministries, the National Cyber Security Council, National Cyber Response Centre, the Federal Office for Information Security (BSI) to initiatives such as Deutschland im Netz (Germany secure on the Internet). 


Education on Cybersecurity

The German cyberstrategy defines education in its broadest definition as part of its Action Area 1: Remaining safe and autonomous in a digital environment - Promoting digital literacy among all users

It underscores the fundamental importance of responsible behaviour in cyberspace and awareness of the opportunities and specific risks when using IT systems as an integral part of digital literacy. Thereby it mandates:

  • Integrating digital education firmly in the educational system, from school and the dual system of vocational education and training, to university, continuing professional training and general adult education. 
  • Giving federal states the primary responsibility for schools and universities. The end target is ensuring that by the time young people finish school, they all have the basic technical understanding and fundamental skills to use information and communications technology safely. 
  • Tasking the Federal Government with aligning the dual system of vocational education and training more closely with the needs of digital society, amending training regulations accordingly. 
  • Ensuring that vocational training centres for multiple employers offer high-quality continuing training in this area as they are being equipped for the digital age with necessary investment in equipment having a high funding priority. The Federal Government will also work with trade and labour unions as well as employers to create more flexible and individual digital continuing training.
Research on Cybersecurity

The Federal Government has the mandate to expand course offerings in cybersecurity by establishing additional university chairs and supporting leading institutions in the field of STEM education, in particular in computer science, for example with regard to big data analyses, industrial software and IT security. In the process, the Federal Government will also support greater cooperation with private industry, for example in the form of foundations and externally funded teaching and research posts.

Advancing IT security research:

The Federal Government is expanding its research framework programme on IT security, Selbstbestimmt und sicher in der digitalen Welt 2015–2020 (Independent and safe in the digital world 2015–2020), closely linking it to other measures of the Cyber Security Strategy. Research on innovative IT security solutions such as Industry 4.0, medical technology and Mobility 4.0. See, for example, the Cybersecurity Training Lab established by Fraunhofer and a select group of universities. 

A major measure is further strengthening centres of excellence for IT security research through centres that focus on current research topics, provide estimates and assessments for policymakers and develop concrete solutions. Examples cited in the strategy include:

Moreover, the results of government-funded projects to be applied and marketed in products and processes as quickly as possible. In the area of military applications of IT and cyber security, this is the task of the cyber cluster at the Bundeswehr University in Munich, with its Cyber Defence and Smart Data (CODE) research centre. 

The commercial application and further development by businesses and start-ups of innovative ideas in the field of IT security should be an explicit goal of government investment to bring about the greatest possible economic benefit. Active technology scouting can help discover, introduce and further refine the latest technologies. Private venture capital investors can also play an important role in this regard.


Higher Education Courses on Cybersecurity
  • Mannheim University of Applied Sciences – Bachelor Degree in Cyber Security. Year established: 2018. Student intake: 45. European Credit Transfer System (ECTS): 210. Focus: System security, network security, component security, SW security; internships.
  • University of Bonn - Bachelor Degree in Cyber Security. European Credit Transfer System (ECTS): 180. 
  • University of Passau – Master in Computer Science. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security
  • IUBH University of Applied Sciences - Master Degree: Computer Science in Cyber Security
  • SRH Berlin University of Applied Sciences - Master in Cyber SecurityEuropean Credit Transfer System (ECTS): 180-210, depending on course options. Focus:  Implementing security systems and measures in different business environments, blockchain, DevSecOps, information security, security technologies, IT security management, data analysis. Business processes and legal challenges of data protection. 
  • Brandenburg University of Technology: Master in Cyber Security. Focus: Principles and methods of cybersecurity and practical knowledge of their applications. Design, implementation and management of cybersecurity concepts for the protection of IT systems and critical infrastructures.
  • Academic Institute: Master in Cyber Psychology of Online Communication Student Intake: 50. European Credit Transfer System (ECTS): 90. 


Partnerships & IT/Cyber Clusters

BSI - Federal Office for Information Security

Cyber-Sicherheitsrat Deutschland e.V. - Hubs on health, energy, start-ups and artificial intelligence

TeleTrust IT Security Association

bwcon: Baden-Württemberg: Connected e.V. Network of research institutes and industrial clusters

Center Digitisation.Bavaria (Zentrum Digitalisierung.Bayern / ZD.B) supporting the digital transformation of Bavarian industries and society with 1361 members from SMEs, research, large companies and other ecosystem players

Bayern Innovativ - Cybersecurity

Cool Silicon - start-ups

InnoZent OWL e.V., technology network for sustainable corporate development through re-search, co-operation and innovation

EU Cyber Professional Register for national stakeholders

The CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest Update & DIsclaimer 

January 2021

The information contained here is based on desk research carried out by, including the ENISA interactive maps on national strategies and educational courses. 


Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

Report a cyber incident to national CERT/CSIRT

CERT-BUND is the national accredited CERT for Germany. It provides information on risks and threats relating to the use of information technology and seeks out appropriate solutions. This work includes IT security testing and assessment of IT systems, including their development, in co-operation with industry.

CERT NRW (Computer Emergency Response Team Nordrhein-Westfalen) has been commissioned as a focal point for preventive and reactive measures related to security and availability incidents in IT systems by the Interior Ministry of North Rhine-Westphalia. It serves as an information interface between the authorities and institutions of the state administration, the technical expertise of IT.NRW and other German CERTs, in particular the federal and state governments as well as companies.

CERT-RLP depends organizationally to the highest authorities of the Rhineland-Palatinate state administration. Technically, this involves basically the appropriate subset of directly connected to the operated by the LDI nationwide RLP network organizational units.

CERTBw is responsible as the central service in the framework of the Cyber ​​Defence for monitoring, maintaining and restoring the IT security in the Bundeswehr.

Bayern-CERT is primarily aimed at the authorities connected to the Bavarian Authority Network. It includes regular preventive security checks of central components (for example, penetration testing) as well as the advice of the security team and the Commissioner for IT security to the daily tasks of the Bayern-CERT.
Team Email:
Telephone: 089/7624-1777

Siemens-CERT is the central team for responding to potential security incidents and vulnerabilities related to Siemens products, solutions and services.

S-CERT is the computer emergency response team of the German Sparkassen-Finanzgruppe (Savings Banks Financial Group).

Deutsche Bank Cyber Threat Response Team

CSIRT-ECB (Computer Security Incident Response Team - European Central Bank)

ComCERT  is the Computer Emergency Response Team for Commerzbank network and clients

RUS-CERT (Stuttgart University's Computer Emergency Response Team ) is responsible for the computer and network security in the Stuttgart University's IT infrastructure

KIT-CERT is the Computer Emergency Response Team for Karlsruhe Institute of Technology

DFN-CERT is the Computer Emergency Response Team of the German research network (DFN)

Overall assessment

The National Cyber Security Strategy states that “Federal Government will regularly review whether the aims of the Cyber Security Strategy have been achieved under the overall control of the National Cyber Security Council and will adapt the strategies and measures to the given requirements and framework conditions.”

The Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of the Federal Republic of Germany, publishes annual cyber threat reports. The 2016 report stated that Russia and China are the leading sources of cyber attacks on Germany.

Latest update & disclaimer

January 2021

The information contained here is the result of desk research carried out by 


Contact us for more info


Germany (DE) | Cyber Range & Capacity Building in Cybersecurity


The website encountered an unexpected error. Please try again later.