Send message

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Interview Holger Berens, Manuel Bohè
  • Industry News
  • Management, Awareness and Compliance

Hybrid Warfare: How Secure Are Germany's Critical Infrastructures?

Cyber warfare: shutting down the power grid with an attack, preventing food and health care - worst-case scenarios that are repeatedly discussed in the media, especially in the wake of the war in Ukraine.

No increased risk so far due to the war in Ukraine

At the same time, the threat situation has not changed due to the war of aggression from Russia, explains Holger Berens, Chairman of the Board of the German Association for Critical Infrastructure Protection (Bundesverband für den Schutz Kritischer Infrastrukturen e.V.): "We have always had hybrid warfare. It is not known that an attack from Russia is directly related to the war in Ukraine. With the start of the war, there have only been a few additional IT security incidents in Germany, but they have only had isolated effects."

There has been an increased threat risk in Germany for some time, the cyber expert explains. "The war has only made many CRITIS operators and companies aware of the situation they are in," emphasizes Manuel Bohé, managing director of Concepture GmbH - a management consultancy for security. 

Cyber experts assess an attack by Putin on Germany's critical infrastructures as unlikely. This is because in the event of an attack on the sovereignty of Germany, the NATO alliance could take action, explains Holger Berens. 

Manuel Bohé emphasizes that careful protective measures are more important than presenting worst-case scenarios and risk assessments. Rather, CRITIS operators should address the question of which areas need to be protected and what measures need to be taken to do so. 


Cyber attacks as a business model

According to cyber experts, organized crime on the darknet, for example, has become particularly dangerous. Attacks can be carried out worldwide. "It's a real business model, you don't even have to know how to program for it," says Holger Berens. The detection rate of attacks is low. Building preventive protection measures is therefore particularly important.


Security of Critical Infrastructure Operators

How secure critical infrastructures are in Germany can only be answered vaguely. Due to the many different sectors, critical infrastructures cannot be lumped together, says Holger Berens. As a result of the IT Security Act 2.0, many CRITIS operators are legally obligated to implement certain protective measures. 

The problem is that not all CRITIS operators are covered by the IT Security Act 2.0. In the case of the CRITIS operators covered by the Act, resources and budget are available for appropriate security. But this is not the case for small KRITIS operators in particular. These include many medium-sized companies that nevertheless make an important contribution to maintaining critical infrastructures in Germany, emphasizes Holger Berens. Here, it would then depend on the individual operators whether they implement appropriate security measures. 


There is a lack of a common network of CRITIS operators

Within the sectors and industries of the KRITIS operators, there are numerous working groups to develop appropriate security measures. Holger Berens would also like to see a network that encompasses all KRITIS operators. So that in the long term, every single critical infrastructure operator would implement security standards.

Author: Nina Bundles