Critical infrastructures – classification of the vocabulary by the BBK

In 2003, the definition of KRITIS and their classification into sectors and industries was made at the federal level. KRITIS ensure their functioning in society and are subject to disruptions, which the Federal Office of Civil Protection and Disaster Assistance (BBK) proactively counters with its risk management.

For KRITIS protection, common terminology is also needed about critical services and system-relevant facilities of direct or indirect involvement.

Enterprises and authorities at the local, state, and federal levels have worked in recent months to protect KRITIS services and ensure their functioning. Many questions regarding responsibilities for KRITIS have been answered, resulting in the now available "KRITIS Construction Kit: Crisis Prevention and Crisis Management in the Context of Critical Infrastructures".

An identification of so-called systemically important facilities and KRITIS can be made on the basis of levels such as municipality, state, federal government or on the basis of quantitative and qualitative criteria by authorities or operators themselves. In addition, a quantitative regulatory threshold of 500,000 is used to quantify the number of people affected by a failure.

The definition of which facilities and installations are considered critical differs by administrative level, so critical at the municipal level does not mean the same as critical at the federal level.

KRITIS classification according to the Quality I criterion.

Utility services whose failure would have a direct impact on the population or other KRITIS.

KRITIS classification according to the Quality II criterion.

Processes that are necessary for the provision of a KRITIS service as well as system-relevant facilities (suppliers, service providers). Here is the example of a laundry, mentioned as an external service provider for a hospital involved in medical care.

KRITIS classification according to the criterion of quantity

Evaluation of the failure effects of KRITIS on the respective levels of local, state and federal government. Services and processes can be linked to physical assets here

The BSI Act & the IT security of KRITIS

In 2015, the BSIG was amended by the IT Security Act (IT-SiG) to increase IT security of critical infrastructures. The BSI states which systems and facilities are considered critical in the sense of the BSIG. Now, the BSIG addresses only seven of nine critical infrastructure sectors, so its identification also refers only to this subset. It is therefore the case that "critical infrastructures" are not the same as "critical infrastructures within the meaning of the BSIG. By means of the BSI-KritisV, the following facilities are identified as Critical Infrastructures within the meaning of the BSIG:

  • Energy
  • Food
  • Finance and insurance
  • Healthcare
  • Information technology and telecommunications
  • Transport and traffic
  • Water
  • Critical services
  • Facilities that help provide services to more than 500,000 people

Facilities of energy and water utilities, hospitals, banks and insurance companies have repeatedly been the target of cyberattacks in recent months. And it is not just the global crisis that has shown how important it is to maintain infrastructures and services from the KRITIS sectors. Rohde & Schwarz Cybersecurity supports you as a critical infrastructure operator in complying with industry-specific security standards (B3S) and ensuring the availability of your systems and critical processes in the event of a crisis.

Featured content for critical infrastructure

E-Book cybersecurity in healthcare

Download now

Whitepaper cybersecurity in the energy sector

Register now

Webinar secure remote workstation

Download now

Case Study: Secure browsing for government agencies

More information

请求信息

如果您有任何疑问或需要了解更多信息,请填写此表格,我们会尽快回复您。

推广许可

你的申请已提交,我们稍后会联系您。
An error is occurred, please try it again later.