Security solutions for critical infrastructures

Protect your critical infrastructure

Operators of critical infrastructure make a hugely important contribution to the security of supply in Germany. Accordingly, it is all the more important that their systems, areas and buildings, as well as their employees, are protected by state-of-the-art security solutions against attacks and sabotage.

Interflex solutions for access control support implementing legal requirements and obligations imposed by supervisory authorities across industries.

The goal: a high level of physical and digital security.

Industries and sectors with critical infrastructure

Operators of infrastructures count among CRITIS companies. Since 2021, 10 industries or sectors are included in this category. It is their task to guarantee the security of supply of important services in Germany.

The reliable physical protection of facilities and sensitive company areas is therefore crucial. They are obligated by law to guarantee the reliable operation of their facilities and to regularly give account about their security concept to supervisory authorities, such as the German Federal Office for Information Security (BSI).

The implementation of the EU Directive NIS2 and the CRITIS Umbrella Act (EU RCE Directive)fundamentally changes the sectors and operator logic in Germany as of 10/2024. In addition to the previous operators of critical facilities (CRITIS), medium-sized companies and large corporations are now included.

Security is not an option: This is what is important for CRITIS companies

Cyber criminals are increasingly focusing on critical infrastructure companies, which become victims of sabotage and digital espionage. It is high time to review and renew their security concept. Because resulting from the current legal regulations, such as the German Security Act 2.0, many operators of facilities now also count among the critical infrastructures.

They are requested to implement the high security standards. This also includes concepts for access control. On the other hand, more than a few affected companies still rely on partly outdated systems. Unpatched software and vulnerabilities additionally increase the risk. This doesn’t have to be that way.

Protect yourself with the integrated solutions from Interflex for access control that will prepare you optimally for these current challenges and requirements.

Digital as well as physical attacks to critical facilities, but also unintentional malfunctions result in failures. These deeply damage the trust in the security of supply.

The most important tasks of security officers therefore include:

  • Prevention: Preventing access of unauthorized persons and avoid security incidents.
  • Compliance: Meeting the legal security standards and binding provisions in the company.
  • Protection: Providing security for employees, customers, visitors and suppliers, as well as for business processes.

In the long term, it is vital to protect company values and maintain the integrity of the company grounds and secure the fail-safety of the infrastructure.

Guiding principles of CRITIS: High security requirements

Operators of critical infrastructures are requested to regularly check the security of their infrastructures, furnish evidence of security standards and keep measures taken up to date. The guiding principles with extensive obligations and requirements have been defined by legal regulations for years. The implementation of EU Directives NIS2 and RCE/CER into national laws will change the CRITIS regulation in the coming years.

CRITIS is regulated by the following laws:

EU Directive EU RCE / CER that has been passed at the end of 2022 at EU level, will be turned into national law with the upcoming CRITIS Umbrella Act. For the first time, resilience and physical security of critical infrastructures will be regulated with obligations and requirements. With it, it can be assumed that more measures will be added for operators that are counted among the CRITIS sectors.

The legislator estimates that are will be approximately 2,000 affected companies. The goal is to create bases for the protection of critical facilities. The physical measures include access controls, property protection and surveillance, as well as systems to control and manage access authorizations. Since the law is still in the draft stage, the final details remain to be seen.

For more information, see OpenKRITIS and the German Ministry of the Interior (BMI): these pages are exclusively available in German

Openkritis
BSI

It is expected that the BSI Act will be replaced due to the NIS2 Implementation Act, which will then also fundamentally change the German regulation for critical infrastructures. With the act, the legislator converts the regulations of the EU NIS2 Directive into national law. Currently, this law is still in the draft status (Spring 2023). It will presumably become effective on 01 October 2024. NIS2 essentially regulates the minimum standards, requirements, obligations and competencies in strengthening cyber security.

It is expected that in the future, in addition to operators of critical infrastructures, significantly more companies and facilities must meet and provide evidence for security requirements. The draft specifies obligations for the strengthening of cyber security such as risk management, technical measures and incident reporting. It is also expected that the requirements for operators of critical infrastructures will be rendered more precisely and tightened.

Find out more at OpenKRITIS: these pages are exclusively available in German

Openkritis

The Act on the Federal Office for Information Security is one of the most important laws of the CRITIS regulation in Germany and has been in effect with various updates since 2015. Essentially, it defines the obligations and tasks of the stakeholders (operators as well as supervisory authority). For example, it regulates who is considered an operator of critical infrastructure and with which facilities, and which evidence must be provided to the BSI.

The BSI Act defines eight sectors from the areas default providers, providers and service providers. It defines requirements and minimum standards. Security measures, such as systems for attack detection, must be state-of-the-art. In addition, it specifies incidents that must be reported. The German Federal Office for Information Security (BSI) is the central supervisory authority and is given extensive examination authority.

For more information, see OpenKRITIS and the German Ministry of the Interior (BMI): these pages are exclusively available in German

Openkritis
BSI

The Second Act on increasing the security of information technology systems (IT Security Act 2.0) changes since May 2021 the obligations and requirements for operators of critical infrastructures. Essentially, it creates new general conditions for improved information security in Germany. The obligations for improved cyber security measures for CRITIS operators have been significantly expanded. For example, now systems for the detection of attacks must be implemented.

In the IT Security Act 2.0, the group of critical infrastructures also includes the sector of municipal solid waste disposal, as well as companies in the special public interest (UBI), for example, arms manufacturers and manufacturers of corresponding IT products. In addition, the supervisory authority BSI (German Federal Office for Information Security) has gained new authorities to strengthen its work as the federal cyber security authority and is appointed as National Cybersecurity Certification Authority.

Find out more at the German Ministry of the Interior (BMI): these pages are exclusively available in German

BSI

The CRITIS Regulations are regulations by means of which operators of critical facilities can identify if they are considered part of critical infrastructures and are thus subject to specific obligations. For example, the regulations define the specific threshold values of facilities per sector and the sectors that are counted among critical infrastructure. Accordingly, the regulations basically represent the guiding principles for implementing the statutory regulations pursuant to the BSI Act and IT Security Act.

The threshold values for affected companies were significantly reduced with the amendments of January 2022. The number of affected companies that must provide evidence for measures of cyber security has increased as of April 2024. Since March 2023 LNG (liquefied natural gas) facilities and submarine cable landing stations (IT) are also considered critical infrastructure.

Find out more under Laws on the internet and at OpenKRITIS: these pages are exclusively available in German

Laws in the Internet
Openkritis


CRITIS – and now what? This is why Interflex is the right partner

Access control from Interflex is an optimized overall solution of hardware, software and in-house services – Made in Germany. It is designed to fulfill the requirement of the BSI (German Federal Office for Information Security) on building security and the strict statutory regulations for a technical secure and It-based efficient solution. Because for us reliable physical protection is the foundation of a comprehensive security concept.

Our system software IF-6040 enables you to smoothly implement complex access concepts for your company, your facilities and sensitive area – no matter whether you want to include security zones, turnstiles with 2 factor authentication or biometric solutions. Complicated key management is now a thing of the past, Thanks to the central, partly automated management and real-time control, you can design your access control transparently, but also according to the data minimization principle pursuant to the GDPR. In combination with our hardware products you will gain efficiency and the time resources that you need for your tasks as a security organization.

Many years of competent consulting

 • For more than 25 years, security partner for CRITIS, from large medium-sized companies to corporations
• Competent consulting regarding the selection of suitable solutions, configuration, implementation, maintenance and Support

Flexible, efficient solution

• Flexible during operations and modularly extendable at any time
• Up-to-date security technologies: e.g., mobile credentials, wireless, biometrics
• Available on-premise or as managed services in the cloud

Modern identify and authorization management

• Smooth implementation of complex access concepts for security zones
• Central, partly automated issuing and control of access authorizations – in real time
• Transparent, verifiable and by applying data minimization principle pursuant to the GDPR

High security standards

• Software and hardware development according to current security standard of the BSI
• Member of the “Alliance for Cyber Security”
• From the development to the production: solutions “Made in Germany” and from a single source

Long-term investment protection

• High compatibility: hardware and software solutions that are fully compatible, across product generations
• Thanks to modern interface architecture easy integration into existing environments

“Company security must always be viewed holistically – as a mixture of digital and physical protection measures. Responsible parties should therefore check regularly if their security technology is state-of-the-art.”

BERNHARD SOMMER, MANAGING DIRECTOR OF INTERFLEX
DATENSYSTEME GMBH, IN AN INTERVIEW WITH SECURITY INSIGHT (SicherheitsPraxis 4/23)

CRITIS-Current –
this might interest you

“Access control is the best precaution.”

Bernhard Sommer, Managing Director of Interflex Datensysteme GmbH, in an interview with SECURITY INSIGHT (SicherheitsPraxis 04/23)

READ MORE

High IT security level confirmed for IF-6040

imbus AG, a provider of tests for ensuring software quality, has confirmed a high IT security level for Interflex’s IF-6040 software.

READ MORE

Trust no one – Rethinking access control

High security requirements for companies demand modern access control systems – trust in holistic Interflex solutions.

READ MORE

Do you have any questions? We are happy to help you!

+49 711 1322 – 0

interflex.info@allegion.com

To reach the appropriate contact person at Interflex, please select the suitable contact method. If you are already a customer, kindly use the Contact form ”I am an Interflex customer” and get in touch with the desired department via email.

If you haven’t had any previous interactions with Interflex but are interested in our solutions, we would be pleased to receive your inquiry through the Contact form ”I am interested in becoming a customer” We will endeavor to respond to you promptly.

Do you have a question, require information, or wish to share feedback with us? Please select the relevant department for your inquiry:

Service:

For technical questions and error reports, please send an email to:

interflex.support@allegion.com

Sales:

For sales inquiries, please send an email to:

interflex.sales@allegion.com

Feedbackmanagement:

Would you like to provide us with feedback? Please feel free to send us an email to:

interflex.feedback@allegion.com