Faeser wants to tighten rules to protect critical infrastructure

Nancy Faser

The Interior Minister is tightening the requirements for critical areas such as energy, transport and banking.

(Photo: dpa)

Berlin Federal Interior Minister Nancy Faeser (SPD) wants to force the companies relevant to critical infrastructures (KRITIS) in Germany to apply uniform protection standards. This emerges from the draft of the cornerstones for a corresponding law, which is available to the Handelsblatt.

“The operators of critical infrastructures in all sectors are subject to the same minimum requirements in the area of ​​physical security in order to protect themselves comprehensively against dangers and to become more resilient as part of the overall system,” says the paper, which has been subject to internal government coordination since Monday .

The key points now available are the first step towards a law agreed in the coalition agreement between the SPD, Greens and FDP, in which regulations for the protection of critical infrastructure are to be bundled. “We bundle the physical protection of critical infrastructures in a KRITIS umbrella law,” says the coalition agreement.

The topic has gained in importance because of the Russian war of aggression in Ukraine. The effects of the war and acts of sabotage, such as those recently suffered by Deutsche Bahn and the Nord Stream gas pipelines, “made clear the vulnerability of critical infrastructure,” according to the key issues paper.

Top jobs of the day

Find the best jobs now and
be notified by email.

As a consequence, the new law should now stipulate how KRITIS operators must protect themselves better. According to Faeser, they should be obliged to set up “operational risk and crisis management”, carry out risk analyzes and assessments and create resilience plans.

A total of eleven sectors classified as critical infrastructure:

According to the key points, the implementation of “suitable and proportionate technical and organizational measures as well as security measures for the respective facility” should also be prescribed. This can be, for example, the erection of fences and barriers, access controls, security checks, but also the diversification of supply chains and the provision of redundancies. Something like double floors, so that acts of sabotage don’t immediately paralyze entire systems.

>> Read also: Small and medium-sized businesses are demanding government emergency programs to protect critical infrastructure

In the case of the act of sabotage against the railway, the rail infrastructure was severely affected after cables were severed at two locations. Because of the damage, train traffic in northern Germany had to be suspended for several hours.

In the six-page cornerstone draft, a total of eleven sectors are classified as critical infrastructure: energy, transport, banking, financial market infrastructure, health, drinking water, waste water, digital infrastructure, public administration, space and the production, processing and distribution of food.

power supply

Substation near Salzgitter (Lower Saxony): The sabotage of the power supply in Germany is a possible scenario for a crisis.

(Photo: dpa)

“The resilience of the entire system of critical infrastructure is strengthened by uniform minimum requirements for resilience measures in all sectors,” says the key points. First and foremost, the operators of the critical infrastructures – whether private companies or public institutions – have to ensure their functionality.

Government plans should be closely embedded in the European framework

On the state side, the Federal Office for Civil Protection and Disaster Assistance (BBK) is to be expanded to become the “overarching competent authority” for the physical protection of critical infrastructure. Security incidents should also be reported to the BBK.

The aim is to introduce “central fault monitoring”. This is intended to supplement the existing reporting system in the area of ​​cyber security in order to ultimately provide a general overview of possible weaknesses in the physical protection of critical infrastructures. By reporting security incidents, other critical infrastructures affected by the security incident, including those in other EU member states, could be alerted, the paper said.

The government plans for the protection of critical infrastructures should also be closely embedded in the European framework. This refers to the EU directive on the resilience of critical entities (Critical Entities Resilience / CER Directive), which is expected to be adopted at the end of 2022.

“The security of supply in Germany and in Europe will be strengthened through Europe-wide uniform minimum requirements and increased cross-border cooperation,” emphasizes the key issues paper of the Minister of the Interior.

More: Greens see massive deficits in the protection of critical infrastructures

source site-11