Critical infrastructure protection

type: Article , Topic: Civil protection

Disruptions and breakdowns of the energy supply, in mobility, communications, or emergency and rescue services may cause serious societal and economic damage and affect large segments of the population.

Source: wang song / shutterstock.com

An important task of preventive security policy is therefore to protect facilities of major importance to the community whose failure or disruption would cause a long-term shortage of supplies, significant disruptions to public order or other dramatic consequences. Since 2009 Germany has had a National Strategy for Critical Infrastructure Protection that summarizes the aims and strategic approach of federal policy in this area.

Reasons for the failure of critical infrastructure

A large number of physical attacks on or incidents involving critical infrastructure worldwide demonstrate the vulnerability of open societies.

The cyber dimension of critical infrastructures has increasing importance for modern industrial societies. This is why critical infrastructures also need protection against attacks on their information technology.

The IT Security Act passed in 2015 lays the necessary groundwork for such protection. Operators of critical infrastructures to which this Act applies must demonstrate to the Federal Office for Information Security (BSI) that they meet IT security standards, and they must also report IT security incidents to the BSI.

Protection strategies

To avert these risks, government and infrastructure operators need to work together on protection, as about four-fifths of critical infrastructure in Germany are in private hands.

Together with the Federal Office of Civil Protection and Disaster Assistance (BBK), the Federal Criminal Police Office (BKA) and security experts from private industry, the Federal Ministry of the Interior, Building and Community drew up a baseline security strategy in 2005. This strategy analyses potential threats and recommends structural, organizational, personnel and technical protective measures. For example, the strategy offers information on securing sensitive installations, setting up on-site access controls and designing an emergency communications system.

The Federal Government’s current Cyber Security Strategy also calls for specific measures to protect critical infrastructures. In addition, there are also legal rules, such as in the Energy Act concerning the European critical infrastrucures in the electricity sector.