The protection of critical infrastructures (CRITIS)
The loss or impairment of critical infrastructures (CRITIS) can have a significant impact on the government and population of modern economies. In extreme cases, supply bottlenecks can become a real threat, thus endangering public order and security.
The top priority in national security strategies is therefore to steadily increase protection for these infrastructures to guarantee their continued availability over the long term. Since these are largely managed and controlled using information and communication technologies nowadays, it is especially important to protect both IT networks and the connections between them against cyber attacks.
Above all else, the risks associated with hacker attacks – motivated both by cyber terrorism and industrial espionage – are multiplying significantly. Consequently, there is a growing concern for the security of our supply installations in the age of Stuxnet and Flame – and according to experts this is not unreasonable.
Securing the supply
The supply of water, electricity, gas, mineral oil and heat is vital, both for businesses and the general population – and thus represents a priority for national governments. Public utilities companies are therefore subject to special requirements under the national strategy for the protection of critical infrastructures (CRITIS).
Should disaster strike, you need to be able to fall back on a well-developed security concept, since failed systems must be brought back online as quickly as possible. A security audit for control and automation systems based on ISO/IEC 27001 – such as IT baseline protection or ISO/IEC TR 27019 – will examine existing security measures and provide recommendations on how to further increase security. Meanwhile, an Information Security Management System (ISMS) including both risk management modules and the development of security concepts can provide the continuous non-repudiation and monitoring required by regulatory instruments such as UP-KRITIS, the German Energy Industry Act (EnWG), the German Association of Energy and Water Industries’ white paper, various data protection laws, and the German government’s IT Security Bill. Finally, an access and identity management system and single sign-on solution will automate login processes throughout your company, thus increasing security while significantly reducing expenditure on administration and technical support.
We don’t just support water companies and energy suppliers in the implementation of efficient and effective IT security strategies; we also work closely with manufacturers and integrators to further develop their products and solutions.
Security through intelligent separation – Security Infrastructure
Is it possible to boost efficiency with digital networking? Only with comprehensive security architecture and stronger network boundaries in critical infrastructures. Security can only ever be guaranteed if data flows are controllable and different security zones are strictly separated. Technology can achieve precisely that.
It is vital to comprehensively analyse the infrastructure that needs protection and to assign it appropriate security zones. When doing so, it is not necessary to develop an entirely new network in one go. In fact, it is perfectly possible to use existing and complementary components to gradually improve security – provided that you always keep an eye on the bigger picture.
With Security Infrastructure, secunet shows how a concept like this can help you to meet the opposing requirements of network separation and integration simultaneously. The approach is based on the intelligent use of separation technologies, whereby security zones are set up that are separated in principle, yet connected at certain points with the help of intelligent security measures. The basis for this technical implementation is the organisational structuring of each security zone.
One option for securing these sensitive networks is Secure Inter-Network Architecture (SINA). SINA boxes make it possible to create a secure, tamper-proof connection between networks and to gain secure remote access to sensitive IT areas such as process control and automation systems. With SINA workstations, data security is guaranteed at all times during processing, transfer, storage and auditing.
secunet safe surfer was especially developed to reliably protect internal networks from attacks via the internet. Based on the German Federal Office for Information Security’s remote-controlled browser system (ReCoBS), this solution enables access to the internet via an intermediary server system. As a result, malicious code is kept at bay, while users continue to enjoy unlimited web access on the job.