When the European Parliament presents laws on information technology (IT) security to vote on in a few months, there is a bit of Bad Nauheim in it: Because Steffen Maurer, the IT security chief of the domestic IT service provider movetech, participates in the expert forum, which works behind the scenes for the basis of the draft law.

A few days ago, the international expert forum, which includes representatives from the universities of Madrid and Southampton, met for the fourth workshop in Brussels. “We are working on preparing a paper for the commission that will focus on the concerns in IT security of small and medium-sized companies,” explains Steffen Maurer. The 30-year-old knows that there are still a lot of problems. The current issue is therefore to determine the status quo in order to find solutions based on it. “There is still a lot of enlightenment to be done.”

That starts with the delimitation, says Maurer. “Data protection—that is, protection against misuse of data—has long been an accepted and separate field in companies. IT security, i.e. protecting the infrastructure from attacks or theft, is often part of the IT administration work area,” says the IT specialist, describing the dilemma: “But IT administration and IT security serve opposing tasks: The administrator has to ensure that a system works smoothly, the IT security has to uncover the errors in the system, that is, to work against the system.” Here, the role of movetech is clearly defined: The Hessian experts are supposed to demonstrate in practice how IT security works, or how possible weak points can be found to make them more secure.

“Theory is one thing, but it creates a different feeling when the whole group experiences how a website could be scrutinised by a hacker and—at least in theory—be hijacked,” says Mauer. And the European experts were surprised by that.

The workshop, which is to serve as the basis for the draft law, is organised by the French IT service provider Capgemini on behalf of the European Commission and in cooperation with the “Digital SME Alliance”. This is the digital network for small and medium-sized enterprises in the EU. “We are committed to the German equivalent of this organisation,” explains company founder Gordon Kirstein. This was probably the reason that the Bad Nauheimers were invited to Brussels. And they will travel back there again. Kirstein: “The fifth workshop is due in September, to which we have been asked to contribute again.” Kirstein, born in Hildesheim, who founded Movetech 18 years ago in Gießen and moved to Bad Nauheim in 2004, is happy: “It is a special recognition that we, as a rather small company, are asked to contribute to such groundbreaking projects.”