Critical infrastructures (KRITIS)
What are critical infrastructures and what are they important for?
Supply bottlenecks, major disruptions to public safety or other dramatic consequences would occur if critical infrastructures (CRITIS) were to fail or be impaired. Critical infrastructures are organizations or facilities that are important to the state community.
Critical infrastructure includes organizations and facilities from the following sectors:
- Energy - electricity, crude oil, natural gas
- Transportation and traffic - air traffic, rail traffic, shipping, road traffic
- Drinking water delivery and supply
- Finance and insurance - banking and credit institutions, stock exchanges
- Nutrition
- Media and culture
- State and administration
- Health - medical care facilities/health service providers
- Information technology and telecommunications
Basis for the functioning of society
The operators of critical infrastructures are responsible for ensuring that the critical services that are essential for supplying the population are guaranteed. They provide these services with a high level of quality and stability. A high sense of responsibility characterizes Critical Infrastructure operators and forms an essential basis for a functioning society - this is why Critical Infrastructures are particularly worthy of protection and their operators are also responsible for their protection.
Protection against external attacks
If you are an operator of essential services (BwD) or critical infrastructure, you are subject to the Network and Information System Security Act (NIS) in Austria. In Germany, the IT Security Act 2.0 and the Critical Infrastructure Ordinance apply. These regulations oblige operators to implement minimum standards for IT security in order to protect their company from possible cyber or other external attacks.
Obligation to provide evidence required
Those responsible for critical infrastructures are subject to a reporting obligation in the event of significant disruptions to IT security. The Federal Office for Information Security (BSI) in Germany also requires regular verification of the implementation of all required security requirements. In Austria, this obligation to provide evidence to the Federal Ministry of the Interior (BMI) applies at intervals of at least three years.
Avoid disturbances
KRITIS operators are obliged to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems, components or processes that are essential for the functionality of the critical infrastructures they operate no later than two years after the ordinance pursuant to Section 10 (1) comes into force.
Implement KRITIS requirements
The regulations for ensuring security must be implemented by the KRITIS operators in all EU member states. For many companies, this represents a challenge that can be solved with our HITGuard software.
Alternatively, KRITIS operators can decide to demonstrate compliance with the minimum IT security standards by
- the BSI's "IT baseline protection",
- an information security management system (ISMS) in accordance with ISO/IEC 27001 or
- an ISMS in accordance with an industry standard (B3S standard; this must have been adopted by a regulation and entered into force)
implement.
If you are a critical infrastructure operator and need to demonstrate a functional ISMS and do not know how to proceed or how to identify relevant risks, then contact TogetherSecure.
Our software maps the BSI procedure model efficiently and sustainably. Among other things, you can use HITGuard to carry out risk analyses in accordance with the content of the BSI IT-Grundschutz Compendium 2021.
We also support the implementation of an ISMS in accordance with ISO/IEC 27001 and offer knowledge database subscriptions with different focal points and content such as extensive collections of templates.
If you want to implement a B3S standard, you can also do this with HITGuard. For example, we support the industry-specific security standard for healthcare in hospitals.
Request a non-binding demo now
Find out what the GRC software HITGuard can do for you
Learn more about other modules of HITGuard!
Where, among other things, HITGuard is already proving its worth
Construction industry
approx. 20,000 employees
Auditor
approx. 700 employees
Health service
approx. 18,000 employees
IT Security Solutions
approx. 100 employees
IT Security Solutions
approx. 100 employees
Software House
approx. 400 employees
Event Management
approx. 500 employees
Hospital Operators
approx. 1,600 employees
approx. 6,000 employees
IT Service Providers
approx. 40 employees
Is your industry not listed? Do you need more information? We would be happy to put together individual reference examples for you – please contact us.