Information technology emerged a few decades ago and has been evolving ever since. With its highly complex nature, new challenges have arisen. Critical vulnerabilities and weaknesses in standard IT infrastructures have increased massively, a clear call to action for Germany’s Federal Office for Information Security (BSI).
In response to a growing cyber-threat, Germany approved the IT Security Act - the so-called IT-Sicherheitsgesetz - in July 2015, with 2 years time to adapt to the rules and regulations. Seldom has the passage of a law had such current significance!
The internet is an indispensable part of many areas of life. This brings benefits, but also raises legal issues, and those running websites now have to be mindful of this new law.
The IT Security Act introduces the legal obligation of software updates.
The new law comes with an increase in requirements especially for websites. The changes implemented by the IT Security Act aim at making infrastructures safer and providing advantages for users. And if the legislation and regulations are infringed, the person operating the website may be faced with warnings, or even fines.
What the new law for improving the security of IT systems aims to prevent, is the loss of control over important IT systems. It has one prime objective: protecting personal data. Recent cyber-attacks have shown not only how vulnerable important systems are, but also how severe implications can be for so-called “operators of critical infrastructures”. For systems to be secure, IT infrastructures have to be up-to-date with the latest technology at all times.
The strict cyber-security law orders operators of critical infrastructures to implement specific IT security standards, and also introduced the obligation to report serious IT security incidents or face penalties.
Operators of critical infrastructures provide services of general interest. Most of the obligations deriving from the new law fall with sectors whose facilities are of high importance and whose outage or impairment would cause significant supply shortfalls or even endanger public security.
The relevant sectors include:
- Transportation and traffic
- Health care
- Information technology
Safeguarding information technology has become mandatory, the purpose being to force companies and organizations to protect their systems from cyber-attacks.
Basically, the new law means that running a website with outdated software is a legal issue. With the coming into force of the IT Security Act, website operators have to ensure that websites are safe at all times. This means adopting adequate technical and organizational measures against unauthorized access of any kind, and also preventing disturbances.
Operators of telemedia services, such as website providers, now have to implement reasonable and state-of-the-art security measures to prevent unauthorised access to their IT operations and to ensure that these IT operations are protected against attacks. For the time being, no notification requirements exist.
The BSI often finds that outdated and vulnerable software versions are used. One easy, effective and fundamental measure for staying on top of maintenance is updating software regularly and as soon as possible. Providers should keep this in mind at all times to prevent repercussions.
TYPO3 CMS has clearly defined update and support cycles. It is backed both by its developer and service provider communities, as well as a commercial entity, TYPO3 GmbH, which backs the CMS with further special services.
The community supports every Long Term Support (LTS) version for three years after release with security and bug fix releases. A new, stable, major version of TYPO3 CMS is released every 18 months. This means that there are always two stable versions being maintained, currently that’s versions 7 and 8.
TYPO3 CMS version 6 was officially marked unsupported by the community on March 31st, 2017 when TYPO3 CMS 8 LTS was released. If you’re still running TYPO3 CMS version 6 it doesn’t have to be a problem, though. TYPO3 GmbH offers peace of mind through its Extended Long Term Support (ELTS) program. ELTS is available for the most recent unsupported LTS version. Once TYPO3 CMS 9 LTS is released in October of 2018, ELTS for version 7 will begin and ELTS for version 6 will wind down six months after that on March 31st, 2019.
Unlock and sustain business value by choosing TYPO3 CMS and the option of prolonging your website’s lifespan by opting for TYPO3 GmbH ELTS. This way, you’ll also be establishing legal standards for your business! Get in touch with us if you'd like to know more.