Our KRITIS solution portfolio
Offering CRITIS solutions
Our KRITIS consulting portfolio
Offering CRITIS consulting
Key components of a sustainable IT security strategy
IT security architectures
IT security concepts
Secure software development
Protection of Critical Infrastructures (CRITIS)
The overriding security objective of national strategies is therefore to increase the protection of these infrastructures in order to ultimately ensure their continued availability. Since they are now largely managed and controlled by information and communications technologies, it is particularly important to protect IT networks from cyber attacks - both the network itself and the connection between the networks involved.
In the course of the digitization of infrastructures that require protection, the role of IT security is also changing. In the past, IT security was usually seen as a "preventer", but in critical areas it is only creating opportunities to implement digitization in a meaningful way.
secunet offers extensive experience and supports companies holistically in the implementation of technological developments or legal requirements with consulting, products and services by understanding IT security as an "enabler".
IT-Security Act 2.0
The IT Security Act (Gesetz zur Erhöhung der Sicherheit informationsstechnischer Systeme) provides the basis for Critical Infrastructure Operators (CRITIS) to design their security precautions.
In order to further increase the protection of critical infrastructures, the second version of the IT Security Act 2.0 came into force at the end of May 2021, which both extends the scope and adds additional requirements for the respective companies.
Accordingly, the law entails, among other things, an expansion to include the waste disposal sector and the integration of companies in the special public interest.
In the future, the new directive will also ensure that CRITIS operators are not allowed to use certain IT components if it can be assumed that they could compromise security. In addition, specific requirements for the integration of attack detection systems have been added.
Overall, the new version of the law takes a holistic approach that is intended to ensure comprehensive protection of critical infrastructures.