Critical Infrastructures: Security Management in Accordance with the German CRITIS Ordinance
All-in-one security concepts for reliable hazard prevention in CRITIS companies
Energy or water suppliers, transport and traffic service providers, finance and insurance companies - they all have one thing in common: according to the CRITIS Ordinance of the German Federal Office for Information Security (BSI-KritisV), they are classified in Germany as so-called critical infrastructures and provide absolutely essential services for the supply of the population. These operators thus represent an essential basis for a functioning society. If critical infrastructures fail or are impaired by imminent dangers, lasting supply bottlenecks or significant disruptions to public safety can occur. Comprehensive security concepts are therefore not only necessary, but even required by the German Security Act (BSI Act), for example with regard to IT security.
But at what point does an operator count as critical infrastructure and thus have to prove that its risk and security management meets the corresponding requirements? And what does security management have to achieve if the well-being and maintenance of basic social services can depend on it in an emergency? The answer is provided by state-of-the-art software and hardware solutions, such as pSM from primion, which ensure that hazard management in critical infrastructures runs smoothly.
How is a company or organisation classified as a CRITIS?
The Ordinance for the Designation of Critical Infrastructures in Germany according to the German BSI Act (BSI-KRITIS-Verordnung, BSI-KritisV for short) describes the individual sectors and specifies assessment criteria for threshold values such as the number of households supplied, which determine whether the respective operator is a critical infrastructure. In Germany, companies and facilities in the following sectors are currently classified as CRITIS:
- Information technology and telecommunications
- Finance and Insurance
- Transport and traffic
The state and administration, as well as media and cultural institutions, are not included in the German CRITIS Ordinance, but are also classified as critical infrastructures by the German Federal Office of Civil Protection and Disaster Assistance.
What are the threats to critical infrastructures?
The past has shown time and again how vulnerable and attackable the infrastructures of our society can be in the event of security incidents - be it terrorist attacks, accidents caused by human error or natural forces such as extreme heat waves, floods or storms. The most recent example of how natural hazards threaten the functioning of a society is the COVID-19 pandemic.
Since individual areas of different critical infrastructures are often interconnected, failures or damage can affect supply through other linked sectors, setting off a chain reaction. Operators of critical infrastructures according to the German CRITIS Ordinance must identify risks at an early stage in order to prepare for crisis situations in the best possible way.
How can modern software support security management for critical infrastructure?
Reliable security management is an absolute priority for critical infrastructures. The CRITIS Ordinance in Germany in combination with the Security Act sets criteria for minimum security standards. For example, CRITIS operators must designate a contact point that can be reached around the clock to the German Federal Office for Information Security (BSI), report IT malfunctions immediately and implement and regularly prove the state of the art in accordance with industry-specific security standards.
Hazard management through primion's Physical Security Information Management System (PSIM) bundles companies' security systems on a single platform. With the help of a software application, critical infrastructures can therefore have an overview of their entire security management. The PSIM of primion, called pSM, monitors and controls all connected areas and is compatible with third-party systems. In this way, the security systems, fire alarm technology and building management of different manufacturers can be brought together and centrally monitored and controlled on one interface.
Because just a few seconds can be decisive in an emergency, optimised processes are absolutely essential for security managers of CRITIS companies. With primion's pSM, all follow-up processes in the event of security incidents are automated: Alarms are triggered, fire doors close and escape routes open, the emergency services are alerted. The security-relevant system database is located on the pSM server. This is where installations and system changes are made and data is managed - maximum sabotage protection thanks to the stability of a server-side database. For the security managers of critical infrastructures, primion offers a highly efficient all-in-one solution that optimises response processes in the event of security incidents, minimises information loss and comprehensively documents reports and statistics.
Comprehensive risk management and a high-quality security concept: with the help of functional, individually customisable software and hardware, critical infrastructures are protected and make a significant contribution to the maintenance of absolutely essential structures in the supply of our society.