The term resilience has become increasingly important in recent years, not only in relation to people, but also in connection with critical infrastructures (CRITIS). But what exactly does resilience mean in the context of KRITIS? And why is it so important for the stability of our society?
Critical infrastructures are facilities that are essential for the functioning of our society. These include, for example, hospitals, the electricity and water supply or transport systems. But they also include IT systems, the failure or disruption of which can have serious consequences. In this context, resilience describes the ability not only to survive such disruptions, but also to ensure that risks are minimised in advance. The European Union has recognised how crucial this ability is for the smooth functioning of the internal market and the safety of the population. With Directive (EU) 2022/2557, it has therefore created a legal act that sets clear minimum standards for the resilience of critical infrastructures.
The KRITIS umbrella law: focus on physical resilience
In Germany, the directive is being implemented with the so-called KRITIS Umbrella Act. This law supplements existing regulations on IT security and places a special focus on the physical protection of critical facilities in accordance with the ‘all-hazards approach’.
What does the all-hazards approach mean?
The all-hazards approach aims to design protective measures in such a way that they cover a wide range of threats - from man-made hazards such as terrorism to natural events such as floods or storms.
Harmonisation and coherence
A central point of the KRITIS umbrella law is the harmonisation of the various regulatory areas. The interfaces between IT security and physical protection are to be taken into account, aligned and - where appropriate - harmonised. The aim is to avoid overlaps and utilise synergies.
Resilience through intelligent Access Control
Draft legislation (EU) 2022/2557 defines specific resilience obligations for operators of critical infrastructures, which include a variety of measures for physical, technical and organisational protection - including access controls.
Securing physical access is therefore a key aspect of the protection concept. This is where modern security systems such as ZEUS® Access Control are required. Proven access systems are indispensable, especially in public facilities, which are often the target of cyber and physical attacks. They form the first line of defence and protect both people and critical resources.
Our ZEUS® Access Control is based on the highest security standards and seamlessly integrates building, visitor and employee management. It ensures that only authorised persons are granted access to sensitive areas. The system not only supports compliance with legal regulations, but also promotes legal security by protecting against unauthorised access and ensuring complete traceability through comprehensive logging of access. Integrated monitoring and alarm functions enable potential threats to be recognised at an early stage and effectively averted.
Objectives of the new EU directive - The directive pursues several key objectives:
An overarching framework for Europe's security
The new EU directive and the KRITIS umbrella law create an overarching framework that strengthens the resilience of critical infrastructures in Europe. The integrated approach, which takes into account both IT security and physical protection, is an important step towards meeting the current challenges. Although this initially means more effort for companies, the new legal framework will ensure a more stable and secure infrastructure in the long term - a basis that will benefit not only the internal market, but all citizens.
