The Bundestag will debate the KRITIS Umbrella Act for the first time on Thursday. There is criticism from the CDU/CSU and the Greens: both are calling for more coordination with the NIS2 and the CER implementation laws.
By Lisa-Martina Klein
Drones, sabotage and espionage are on the rise, but the EU is in danger of learning the wrong lessons. Instead of social resilience, Brussels is focusing on military "readiness". As a result, what Niinistö once called for is being lost: security as a joint task.
By Helena Quis and Goran Buldioski
The Hamburg police are supporting the Fraunhofer Institute in the development of surveillance AI. It is using cameras from the Chinese manufacturer Hikvision for this purpose. The company has been criticized for its role in surveillance practices in China.
By Christian Domke Seidel
Under NIS-2, the Ministry of the Interior could prohibit operators of critical infrastructure from installing certain components, for example from China – even retroactively. The energy industry is sounding the alarm and the Bundestag sees a need for improvement.
By Wilhelmine Stenglin
The Federal Audit Office has issued a harsh verdict on the federal government's NIS-2 bill.
By Wilhelmine Stenglin
This week, the cabinet presented a draft for the KRITIS Umbrella Act and parliament debated the NIS-2 Implementation Act. There is criticism of both drafts.
By Wilhelmine Stenglin
In the future, the Bundeswehr is to be able to establish the identities of suspicious persons outside of military areas – and thus take on police duties. The so-called Article Act provides for new powers for the troops.
By Viktor Funk
Critical infrastructure (CRITIS) are essential systems and facilities that ensure the functioning of modern societies. Protecting them is a top priority, as their impairment or destruction can have serious consequences for the economy, public safety and everyday life. Increasing digitalization, geopolitical uncertainties and climate change make it necessary to continuously adapt protective measures. Read all the news on critical infrastructure from the Table.Briefings editorial team here. What is critical infrastructure in the EU? In the European Union (EU), Directive 2008/114/EC defines critical infrastructure as "those facilities, systems or parts thereof which are necessary for the maintenance of essential societal functions". This definition includes sectors such as energy, water, transportation, finance and communications. The Critical Infrastructure Resilience Directive (CER Directive), which comes into force in 2024, obliges member states to develop national strategies to increase the resilience of critical infrastructure. In addition, the NIS-2 Directive emphasizes cybersecurity as an essential component of CRITIS protection. Another important element of the EU-wide protection strategy is the European Cybersecurity Strategy, which provides for measures to strengthen the digital infrastructure. This includes the introduction of minimum standards for critical IT systems, the promotion of international cooperation and the development of crisis response mechanisms in the event of a large-scale cyberattack. What is critical infrastructure in Germany? The identification and regulation of critical infrastructure in Germany is subject to the Act on the Federal Office for Information Security (BSI Act). The Federal Office for Information Security (BSI) maintains the so-called " BSI Critical Infrastructure List", which is updated regularly. The sectors include: The IT Security Act 2.0 was introduced in 2021 to oblige operators of critical infrastructure to make their systems more resilient to attacks and outages. It provides for higher cybersecurity requirements and incident reporting obligations. The KRITIS Regulation also defines which companies are considered operators of critical infrastructures and which security measures they must implement. Regular risk analyses and security checks play a central role here. Why is the protection of critical infrastructures important? Critical infrastructures are central elements of a functioning society. Their failure can have far-reaching consequences that affect the economy, public safety and social order. In recent years in particular, threats from cyber attacks, natural disasters and geopolitical tensions have increased. Examples of KRITIS-relevant incidents are: Hybrid threats, which involve a combination of physical and digital attacks, are also becoming an increasing problem. For example, coordinated attacks on power grids in combination with cyber attacks on communication systems are conceivable, which could lead to chaos and instability on a large scale. Protective measures and challenges To increase the resilience of critical infrastructures, authorities and companies rely on several protection strategies: Another important concept is emergency planning. Critical infrastructure operators are required to create comprehensive contingency plans that define measures in the event of a large-scale outage. This includes cooperation with the authorities in order to be able to react quickly and in a coordinated manner in the event of an emergency. Protecting critical infrastructures is a constant challenge that is becoming ever more complex with increasing digitalization and global risks. Companies and authorities must invest more in cyber security, physical protection measures and resilient structures. Close cooperation between EU states, national authorities and private operators remains essential in order to identify threats at an early stage and successfully manage crisis situations. New legislation and advanced technologies can help to increase the security of critical infrastructure and improve resilience to future threats.
