IT Security Act 2.0 for CRITIS operators
Compliance with the requirements of the IT Security Act 2.0 for CRITIS operators
After the IT Security Act 2.0 was passed last year, CRITIS owners such as utility and waste disposal companies now have just over a year to implement their legal obligations. In addition to the use of trustworthy IT components, the expansion of reporting obligations and the detection of risks by the BSI (Federal Office for Information Security), the law obliges CRITIS owners to use attack detection systems from 1 May 2023.
The IT Security Act 2.0 recommends three measures for attack detection: Comparison against static patterns and generic patterns, other methods based on artificial intelligence (machine learning) and the detection of deviations from trouble-free operation. In principle, it is possible to distinguish between host-based and network-based attack detection systems. A typical representation of host-based systems is a virus scanner that largely checks signatures of known malware. However, this often cannot be fully applied across critical infrastructures, as it can lead to incompatibilities with the respective operating system or to the loss of the warranty of the ICS (Industrial Control System) component.
Network-based attack detection systems are an easy-to-integrate and passive solution. A classic approach is the use of a so-called IDS/IPS (Intrusion Detection System / Intrusion Prevention System), which is similar to a virus scanner but mainly checks the network traffic for known attacks by means of predefined and static signatures. The use of an IPS should be well-considered due to the active intervention in the network, e.g. before important control commands fail to reach their aim. Besides, the detection is focused on previously known, static signatures, so attacks that have not yet been registered must be detected by means of another system that uses machine learning to record the state of the network during normal operation and searches for deviations – so-called anomalies – in real-time.
Another system employed in the IT security context is the SIEM (Security Information and Event Management). This captures data and logs from a wide range of network or host sensors from other manufacturers and evaluates them using predefined, complex rules. The effectiveness of the SIEM system depends, on the one hand, on the set of rules maintained and, on the other hand, on the host and network-based sensors that are used in each case and are required in addition to the functionality.
With "secunet monitor", secunet offers a state-of-the-art attack detection system for CRITIS owners, which has already been successfully used by utility and waste disposal companies for several years. Through its passive network sensors, which monitor mixed IT/OT operation and also the transition between IT and OT, secunet monitor checks the ongoing communication in the network and thus detects assets, connections, vulnerabilities, anomalies and other indications of existing attacks through the use of IOCs (Indicators Of Compromise; "known signatures") akin to an IDS, an advanced attack detection system with pattern recognition that does not use IOCs, and anomaly detection with preliminary baseline creation.
For more information, visit our next virtual online workshop entitled "For providers – from practical experience! New regulations and solutions according to the state of the art", which we have specially prepared for the field of municipal utilities. Furthermore, you can find out more about secunet monitor and the possibility of a POC at https://www.secunet.com/en/solutions/monitor. We are also glad to provide you with advice and support in the implementation of the necessary processes related to attack detection – even within the context of the IT Security Act 2.0.
You can also find an overview of the IT Security Act 2.0 in the following video: www.youtube.com/watch
Schreiben Sie uns und wir melden uns schnellstmöglich bei Ihnen!