Critical infrastructures (CI)

They are the backbone of our modern society: critical infrastructures. Where are the greatest threats to critical infrastructures? What obligations do critical infrastructures operators have? What do the security standards look like? Find out everything you need to know about critical infrastructure in Germany.

default Stage Background

Critical infrastructures (CI)

They are the backbone of our modern society: critical infrastructures. Where are the greatest threats to critical infrastructures? What obligations do critical infrastructures operators have? What do the security standards look like? Find out everything you need to know about critical infrastructure in Germany.

Critical infrastructures (CI) – nothing works without them

Critical infrastructures (CI) are organisations and facilities that are of central importance for the community. A failure or impairment can cause significant supply bottlenecks, disruptions to public safety or other dramatic consequences. Companies that operate such infrastructures bear a particular responsibility for our society and are legally obliged to take special safety measures.

Good to know – what you should understand about Critical infrastructures (CI)

  • Which sectors are defined as Critical infrastructures in Germany?
    In Germany, sectors such as energy, water, food, health, finance and insurance, transport and traffic, as well as information technology and information technology and telecommunications are categorised as CI.
  • What role does the BSI play in the context of Critical infrastructures?
    The Federal Office for Information Security (BSI) is the central organisation for IT security issues in Germany. It supports CI operators in the implementation of security measures and is the reporting centre for security incidents. With the  Critical infrastructures umbrella law, the BSI and the Federal Office of Civil Protection and Civil Protection and Disaster Assistance (BBK) will assume joint responsibility for protecting critical infrastructures. responsibility for the protection of critical infrastructures.
  • What are the main objectives of the IT Security Act in relation to Critical infrastructures (CI)?
    The IT Security Act aims to increase the IT security level of CI operators, introduce a reporting obligation for security incidents and strengthen cooperation between operators and the BSI.
  • Why is the regular inspection and certification of Critical infrastructures (CI) so important?
    Regular audits ensure that CI operators comply with current security standards and can identify and rectify potential vulnerabilities at an early stage. and rectify them.
  • What role do cyberattacks play in the context of  Critical infrastructures (CI)?

    Cyberattacks pose a growing threat to CI, as they can affect the availability and integrity of critical services. Therefore, defence against such attacks is a central concern of the IT security strategy for  Critical infrastructures (CI).

  • What is the importance of international cooperation in the  Critical infrastructures sector?
    As many critical infrastructures are networked across borders, international cooperation is cooperation is essential in order to develop common standards and respond to respond to cross-border incidents.

Deepen your knowledge

Do you always want to be up to date on the topic of Critical infrastructure (CI)? Are you looking for further presentations to deepen your expertise?
As an it-sa 365 user, you can take part in interactive live formats, look up past past activities and get in touch with IT security experts - all completely free of charge!

Register as an it-sa 365 user and get access to our extensive knowledge hub!

How secure is our Critical infrastructure?

Infocube with Holger Berens

Cyber war: An attack can shut down the power grid, prevent food and healthcare - worst-case scenarios that keep coming up, especially in the course of the war in Ukraine.

In this interview, Holger Berens, Chairman of the Board of BSKI e.V., talks about the threat and the impact of the war in Ukraine on KRITIS in Germany.

Please note: The recording is in German.

Infocube Critical Infrastructures with Holger Berens

Dangers and risks for Critical infrastructures (CI)

Doctor on screen

Natural hazards

Overcrowded hospitals during the coronavirus pandemic are just as much a part of the impact of natural hazards on Critical infrastructures (CI) as supply bottlenecks caused by flooded roads during heavy rainfall. Natural hazards can not only cause direct damage, but also have indirect consequences, such as the interruption of supply chains or the failure of communication systems. It is therefore crucial that companies take precautions to prepare for such events and minimize their impact.

Requirements-Criticism-Roof Law

Technological hazards

Technological hazards refer to incidents caused by technical or organizational deficiencies. A prominent example is a power outage. A large-scale and long-lasting power outage could lead to a national disaster. It is therefore important that companies that operate Critical infrastructures carry out regular risk analyses and develop emergency plans in order to be prepared for such incidents.

Symbol image: Cyber sabotage - Futuristic radar in red

Cyber threats

Cyber and IT attacks pose a daily threat to Critical infrastructures (CI) and can cause considerable damage and disrupt the operation of vital services. However, inadequate software updates or misconfigurations also regularly lead to unforeseen outages of essential services. It is therefore becoming increasingly important for companies to invest in modern security technologies and train their employees in IT security in order to counter cyberattacks.

Obligations for CI operators

There are legal regulations and standards to ensure the security and resilience of  Critical infrastructures. The BSI Act regulates the security of CI and was significantly expanded with the introduction of the IT Security Act 2.0 (2021), among other things.

CI operators are obliged to do this under the BSI Act:

  • Designation of a contact point for the critical infrastructure operated
  • Reporting of IT disruptions or significant impairments
  • Implementation of IT security in line with the "state of the art"
  • Proof of compliance to the BSI every two years

Cleverly recognise attacks as a Critical infrastructures operator

Best practice sharing: Since 1 May 2023, every operator of critical infrastructures must have provided proof that systems for attack detection in accordance with Section 8a (1a) are in use.

In the presentation, you will learn how the MITRE ATT&CK Framework can be used as a planning basis for identifying parameters and features to be monitored, what should be taken into account during planning and which stumbling blocks should be avoided.

More tools and providers for the implementation of legal obligations for Critical infrastructures operators:

it-sa 365 | Infocube
Critical infrastructures

CI umbrella law brings new obligations, measures and consequences

In future, the new CI umbrella law will define further regulations for CI operators. These include, for example, risk analysis, standardised registration with a central body and the appointment of a central contact person.

According to a current draft law, the Federal Office of Civil Protection and Disaster Assistance and the Federal Office for Information Security will be jointly responsible in future.

These sectors belong to Critical infrastructures:

Critical infrastructures are divided into different sectors. Companies in these sectors ensure that the basic needs of society are met and must therefore fulfil special security standards.

  • Energy
    The energy supply is the centrepiece of our modern society. It supplies households, companies and public institutions with electricity, gas and heat. A failure could lead to far-reaching power cuts and production stoppages.
  • Water
    Water is a vital resource. The water supply system ensures that clean drinking water is available at all times and that wastewater is treated properly. A failure could lead to health risks and supply bottlenecks.
  • Government and administration
    The public administration ensures the maintenance of state functions. It provides services ranging from security to education. A failure could affect public life and security.
  • IT and TC
    Information technology and telecommunications are the nerve centres of our digital world. They enable communication, data processing and digital services. A failure could paralyse the entire digital infrastructure.
  • Transport and traffic
    Transport and traffic connect people, cities and countries. They enable the flow of goods and the mobility of the population. A failure could severely restrict trade and freedom of movement.
  • Health
    The treatment of patients in surgeries, hospitals or on an outpatient basis as well as laboratory work are essential for the population as part of medical care.

    This sector is therefore of particular relevance in the area of critical infrastructures.
  • Media and culture
    Media inform the public and provide cultural content. They play a decisive role in opinion-forming and social discourse. A failure could interrupt the supply of information.
  • Nutrition
    The food sector ensures the supply of food. From cultivation to the supermarket shelf, it guarantees the availability of food. A failure could lead to supply bottlenecks.
  • Finance and insurance
    The financial and insurance sector supports the economy and private households. It enables transactions, loans and insurance cover. A default could cause economic turbulence.
  • Municipal waste disposal
    Municipal waste disposal ensures the proper disposal of waste. It protects the environment and the health of the population. Failure to do so could lead to environmental problems and health risks.

You are not yet a registered user of it-sa 365?

The it-sa 365 platform is available to you as a digital HOME OF IT SECURITY all year round. As a registered participant, you can use the platform free of charge and have the opportunity to network with experts and enter into direct dialogue 365 days a year. You can participate in the IT Security Talks and other events & actions at it-sa 365 free of charge. We will also keep you up to date with news about our digital programme and the it-sa Expo&Congress on site in Nuremberg.

We look forward to you joining the it-sa 365 community!