Demand 11: Protection of Critical Infrastructures
Nowadays, critical infrastructures are often easily accessible from the internet. Since security flaws are unavoidable, this may permit attacks. The security of critical infrastructures must be ensured by competent and transparent [add "independent"??] audits and tests.
Our detailed demands:
- Entities running critical infrastructures must be required by law to protect these against cyber attacks.
- They must be required by law to implement and operate only secure systems.
- They must not rely on state authorities for the protection of the infrastructures.
- Whenever possible, critical infrastructures -- such as nuclear power plants -- must be separated [airgapped?] from the public internet.
Demand 12