Make an appointment
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
No increased risk so far due to the war in Ukraine
At the same time, the threat situation has not changed due to the war of aggression from Russia, explains Holger Berens, Chairman of the Board of the German Association for Critical Infrastructure Protection (Bundesverband für den Schutz Kritischer Infrastrukturen e.V.): "We have always had hybrid warfare. It is not known that an attack from Russia is directly related to the war in Ukraine. With the start of the war, there have only been a few additional IT security incidents in Germany, but they have only had isolated effects."
There has been an increased threat risk in Germany for some time, the cyber expert explains. "The war has only made many CRITIS operators and companies aware of the situation they are in," emphasizes Manuel Bohé, managing director of Concepture GmbH - a management consultancy for security.
Cyber experts assess an attack by Putin on Germany's critical infrastructures as unlikely. This is because in the event of an attack on the sovereignty of Germany, the NATO alliance could take action, explains Holger Berens.
Manuel Bohé emphasizes that careful protective measures are more important than presenting worst-case scenarios and risk assessments. Rather, CRITIS operators should address the question of which areas need to be protected and what measures need to be taken to do so.
Cyber attacks as a business model
According to cyber experts, organized crime on the darknet, for example, has become particularly dangerous. Attacks can be carried out worldwide. "It's a real business model, you don't even have to know how to program for it," says Holger Berens. The detection rate of attacks is low. Building preventive protection measures is therefore particularly important.
Security of Critical Infrastructure Operators
How secure critical infrastructures are in Germany can only be answered vaguely. Due to the many different sectors, critical infrastructures cannot be lumped together, says Holger Berens. As a result of the IT Security Act 2.0, many CRITIS operators are legally obligated to implement certain protective measures.
The problem is that not all CRITIS operators are covered by the IT Security Act 2.0. In the case of the CRITIS operators covered by the Act, resources and budget are available for appropriate security. But this is not the case for small KRITIS operators in particular. These include many medium-sized companies that nevertheless make an important contribution to maintaining critical infrastructures in Germany, emphasizes Holger Berens. Here, it would then depend on the individual operators whether they implement appropriate security measures.
There is a lack of a common network of CRITIS operators
Within the sectors and industries of the KRITIS operators, there are numerous working groups to develop appropriate security measures. Holger Berens would also like to see a network that encompasses all KRITIS operators. So that in the long term, every single critical infrastructure operator would implement security standards.
Author: Nina Bundles