Critical infrastructure (KRITIS)
What are critical infrastructures and what are they important for?
Supply shortages, significant disruptions to public safety, or other dramatic consequences would set in if critical infrastructure (KRITIS) failed or were compromised. KRITIS are organizations or facilities of critical importance to the governmental community.
Critical infrastructure includes organizations and facilities in the following sectors:
- Energy – electricity, petroleum, natural gas
- Transportation and traffic – Air transport, rail transport, shipping, road transport
- Drinking water supply and delivery
- Finance and insurance – Banking and credit institutions, stock exchanges
- Nutrition
- Media and culture
- Government and administration
- Health – Health care facilities/health care providers
- Information technology and telecommunications
Basis for the functioning of society
The operators of critical infrastructures are responsible for ensuring that the critical services that are absolutely necessary for supplying the population are guaranteed. They provide these in high quality and stability. A high sense of responsibility is what distinguishes KRITIS operators and forms an essential basis for a functioning society – this is why KRITIS are particularly worthy of protection and their operators are also responsible for their protection.
Protection against external attacks
If you are an operator of essential services or critical infrastructure, you are subject to the Network and Information System Security Act (NIS) in Austria. In Germany, the IT Security Act and the Regulation determining critical infrastructure apply. These regulations require operators to implement minimum IT security standards to protect your business from potential cyber or other external attacks.
Requirement to provide evidence
Those responsible for critical infrastructures are subject to a reporting obligation if significant IT security disruptions occur.The Federal Office for Information Security (BSI) in Germany also requires regular reporting of the implementation of all required security requirements. In Austria, this obligation to provide proof to the Federal Ministry of the Interior (BMI) applies at intervals of at least three years.
Avoid disturbances
KRITIS operators are required to take appropriate organizational and technical precautions to prevent disruptions to the availability, integrity, authenticity and confidentiality of their information technology systems, components or processes that are critical to the functioning of the critical infrastructures they operate no later than two years after the entry into force of the statutory order pursuant to Section 10 (1).
Implement KRITIS requirements
The regulations for ensuring security must be implemented by KRITIS operators in all EU member states. For many companies, this is a challenge that can be solved with our HITGuard software.
Optionally, KRITIS operators can choose to demonstrate compliance with the minimum IT security standards by
- the “IT-Grundschutz” of the BSI,
- an information security management system (ISMS) according to ISO/IEC 27001 or
- an ISMS according to an industry standard (B3S standard; this must have been adopted by a regulation and entered into force)
implement.
If you are a critical infrastructure operator and need to demonstrate a functional ISMS and do not know how to proceed or how to identify relevant risks, contact TogetherSecure.
Our software maps the BSI procedure model in an efficient and sustainably maintainable way. Among other things, you can perform risk analyses according to the content of the BSI IT-Grundschutz Kompendium 2021 with HITGuard.
Likewise, we support the implementation of an ISMS according to ISO/IEC 27001 and also offer knowledge base subscriptions for this purpose with different focuses and contents such as extensive template collections.
If you want to implement a B3S standard, you can also do that with HITGuard. For example, we support the industry-specific security standard for healthcare in hospitals.
Jetzt unverbindlich Demo anfordern
Erfahren Sie, was die GRC Software HITGuard für Sie leisten kann
Erfahren Sie mehr über andere Module von HITGuard!
Wo sich HITGuard unter anderem bereits bewährt
Bauwirtschaft
ca. 20.000 Mitarbeiter
Wirtschaftsprüfer
ca. 700 Mitarbeiter
Gesundheitswesen
ca. 18.000 Mitarbeiter
IT-Security Solutions
ca. 100 Mitarbeiter
IT-Security Solutions
ca. 100 Mitarbeiter
Softwarehaus
ca. 400 Mitarbeiter
Eventmanagement
ca. 500 Mitarbeiter
Krankenhausträger
ca. 1.600 Mitarbeiter
ca. 6.000 Mitarbeiter
IT-Dienstleister
ca. 40 Mitarbeiter
Ist Ihre Branche nicht dabei? Sie benötigen mehr Informationen? Gerne stellen wir Ihnen individuelle Referenzbeispiele zusammen – kontaktieren Sie uns.