The authorities and organizations with security tasks (BOS) are more than systemically relevant for Germany. They protect the country from internal and external dangers, and in the event of natural disasters, they act as both rescuers and law enforcers. This makes it all the more important for the BOS to be able to rely on state-of-the-art technologies for their work. But they are also faced with the task of dealing with demographic change and maintaining the high quality of their work as resources become increasingly scarce. The editorial team spoke with Thomas Deelmann, Professor of Management and Organization at the University of Police and Public Administration NRW, and Stefan Schult, Associate Partner at Detecon, about these and other challenges facing the BOS.
Detecon: Today we want to talk about BOS. Which authorities are we talking about exactly and what are the challenges?
Thomas Deelmann: The abbreviation "BOS" is used to designate authorities and organizations that perform security tasks. Sometimes the term "blue-light organizations" is also used. Although this is not always appropriate, it conveys the essence of the term in a vivid way.
The range is huge and extends from the small volunteer fire department to the German armed forces. That's why you can't lump them all together. But two challenges can be identified that they all have to contend with: One is demographic change and the other is digitization. The latter is taking hold in society and cannot and must not stop at the BOS. In terms of demographic change, around 30 percent of employees will retire in the next ten years, and 55-60 percent in the next 20 years. With a current workforce of around 640,000, we are talking about around 200,000 or 350,000 people.
Now you could come up with the idea of solving one problem with the other, i.e., using digitization to compensate for the loss of personnel. Does that work?
Stefan Schult: In recent years, active and intensive personnel recruiting in the public sector has been dispensed with, partly due to the black zero. The federal and state governments also face major digital challenges. Many ICT structures here date back to the early 2000s, in some cases to the 1990s. It is imperative that they be renewed. However, the complex structure of "digitization" consists not only of software and hardware, but also of well-trained employees. Demographic change means that a great deal of experience is being lost from government agencies.
Looking at digitization from a one-sided perspective, only from the technological point of view, will not work. The employee, the human being, is increasingly becoming a flexibility and creativity factor. The greatest challenges lie in transferring knowledge regarding existing IT platforms to the new digital world, such as cloud systems. If this does not take place, then a "brain drain" will take place, as we already experienced at the beginning of the 1990s. The human factor must not be left behind in the whole discussion. Conversely, this means that successful digitization first requires the correspondingly capable people in the organization.
Public sector organizations must intensify their efforts to attract young talent. To do so, they must present themselves as an attractive, secure and innovative employer. If they don't, then the following saying fits quite well: "If you don't move with the times, you move with the times."
In many areas, there is talk of a Corona surge in digitization. Does this also apply to the German Federal Police, the German Armed Forces and others?
Stefan Schult: Similar to other industries, it was observed that the IT systems (e.g., unified communication / web conferences) reached their capacity limits due to home office regulations in the organizations. Licenses, VPN access or more broadband had to be procured and implemented very quickly. In addition, mobile working options using notebooks, tablets or smartphones were increasingly in demand. This led to a steep learning curve for everyone involved in the use of digital equipment. However, it must also be kept in mind that not all fire, police or federal armed forces personnel can work from home.
Especially in the event of a crisis, it becomes clear that precisely when a highly efficient infrastructure is normally in place, it can quickly jeopardize operational stability through over-scheduled use. You reach the system limits of digitization and in the area of BOS organizations, this endangers the internal and external security of our country. This situation urgently needs to be improved. On the one hand, this can be achieved by making digital solutions available and scalable more quickly, and on the other hand, employees must be aware of the security-relevant aspects. Dealing with innovative technologies requires a new feeling on the part of everyone involved and new thinking, which must not only be reflected on paper in the IT units and departments, but must also be communicated.
What has made it difficult to digitize BOS so far? Is it a lack of money or know-how? Are there conflicts of interest?
Thomas Deelmann: Well, it's sometimes this, sometimes that. There are certainly the increased requirements in general, where the resources have not always grown in equal measure. We are talking about a modernization and performance gap. But then there are also empty coffers, especially in the municipal sector. And it must be noted that one and the same development and digitization initiative is often carried out in different places in the country. This is a result of decentralization and federalism. This is not a bad thing per se: smaller initiatives are often faster than large ones; people are more flexible and there are often different variants or solutions. But in order to take advantage of federalism, you also have to learn from each other where possible.
Availability, security and data protection play an important role in BOS. How can these properties be ensured when using hardware and software components?
Stefan Schult: Due to the exponential growth of data and the associated electronic storage, networking and access possibilities from outside, much more sensitive security issues and aspects arise. The need for absolute availability of services results in significant efficiency losses and security risks in the event of non-availability, or failures. These and a potential loss of service must be considered as part of a risk assessment within the organization. But it's not just risk management that's critical: contracting departments play just as big a role in ensuring the aspects you mentioned. They can scrutinize suppliers and prevent dependencies. Or take HR departments, they can target and hire experts.
All together, they are working towards more digital sovereignty. However, digital sovereignty doesn't just start with technology and engineering, but with everyone themselves. To what extent is one able to handle hardware and software securely? Here, too, the human aspect must not be neglected in the discussion.
A current buzzword is "digital convergence." BOS facilities are faced with the challenge that different systems and solutions have to harmonize with each other. How should BOS facilities deal with this? How can more digital convergence become possible?
Stefan Schult: Digital convergence has long been a major topic. In the telecommunications industry, the challenge was suddenly recognized and addressed with the liberalization of the markets. For public and BOS organizations, similar approaches need to be developed to take advantage of the opportunity to replace legacy systems and dissolve technical system boundaries. This requires the creation of a digital ecosystem that is very much future-proofed by industry standards, such as SAP. Necessary digitization strategies must be moderated and harmonized not only regionally, but also across countries.
And another keyword: The BOS authorities are system-relevant; a temporary inability to work would be devastating. What strategies and solutions are there to therefore ensure the important operation of the BOS facilities on the one hand and to further develop IT on the other?
Thomas Deelmann: This is the question of finding the "jack of all trades". Here, it makes sense to learn from companies or other organizations that have already gone through such a process. One possible starting point could be to build up "two-speed IT. One part will be focused on stability, redundancy, efficiency, etc. This is certainly where the vital systems, the "backbone", are to be classified. And next to that, there are additionally the innovation topics, with which something can be experimented. Here, the speed of change is much higher than in the first part. However, the procedure and the sorting must be approached strategically so that there are no unpleasant surprises.
What about the legal framework for BOS work? The federal and state governments share responsibility for this. To what extent would a change in the legal framework change the current digitization situation?
Stefan Schult: In keeping with the spirit of the times, the legal framework should also be put to the test again and again. Laws, some of which are decades or even centuries old, sometimes stand in the way of modernization and the associated technological progress.
Just think of budgetary or public procurement law. These involve complex opinion-forming and decision-making processes. This costs a lot of time in comparison. If it takes years to award contracts for complex ICT infrastructures, how quickly will ICT technology have advanced? The risk of starting with outdated technology should not be underestimated.
In particular, the security classification is still from the analog age and must be updated based on the state of the art. These are framework conditions that need to be set.
The state has another role, that of enabler, when it comes to making its employees fit and keeping them fit, so to speak. Accessing and processing information is becoming increasingly important, and employees must be trained in this. To put it bluntly, criminals must not be digitally better positioned than the security authorities.
Mr. Deelmann, you teach and conduct research at the North Rhine-Westphalia University of Applied Sciences for Police and Public Administration. How are your students, the junior staff of public administration and the police, prepared for the opportunities and challenges of digitization in the area of BOS?
Thomas Deelmann: Here I have to answer in two or even three parts. First, there is the training in the authorities or in practical training centers. If state-of-the-art technology is available there, then the students naturally learn how to use it. And then there is the scientific training at the university. Here we see a corona effect that is reflected, for example, in competencies for distributed work with online tools. Municipal administrations, for example, find this "side effect" really great, because it also has a very quick and very concrete impact on individual offices and departments in the administration. And in addition to this "hands-on" learning, more and more relevant teaching content and courses are finding their way into the curriculum. Here we systematically look at what opportunities, but also what risks, are associated with digitization and how digital services can be made usable for which public purposes.
One final question: We're not here to make a wish, but how do you envision BOS work in 20 years?
Stefan Schult: I would like to see a better balance within the official structures in terms of market-appropriate pay and willingness to perform. The provision of state-of-the-art IT equipment, both in terms of breadth and depth, i.e., not just exclusively for a few, must be ensured. There is also a need for improved framework conditions that are geared to the realities of life for employees and the population. And last but not least, as is almost always the case, more money and innovation for the development and implementation of digital public services.
Thomas Deelmann: As far as the technical equipment is concerned, I would naturally like it to meet the needs of the BOS exactly and be budget-friendly at the same time. But I'm afraid that in reality I'll have to make a few concessions when it comes to technical wishes. But even more I wish that the actual work of the BOS is valued and highly appreciated and that the BOS are a top employer. Because if that doesn't work, then even technology can't save us.