Quick-Check-Protection concepts for critical infrastructures

AuthorMichael Schwenk
Icon Checklist CRITIS Protection-concept

Supply bottlenecks or disruptions to public safety can have far-reaching consequences within society. Therefore, companies that belong to the "critical infrastructure" must ensure around-the-clock protection against such a scenario. Up-to-date risk and crisis management is the basis for this and helps such companies to prepare for a crisis event in the best possible way.

What are the risks for CRITIS companies?

Roughly speaking, these risks can be divided into two groups:

Natural hazards

  • Storms / tornadoes
  • Heavy precipitation / floods
  • Droughts
  • Earthquakes
  • Epidemics and pandemics (Source)

Anthropogenic hazards

  • Accidents
  • System failures
  • Cyber attacks
  • Terrorism
  • War (Source)

In addition to the dangers posed by nature, dependence on the economy and society is playing an increasingly important role. This is triggered not only by globalization but also by advancing digitalization.

Especially in the area of cybersecurity, CRITIS companies should therefore take precautions. In this context, each cyber attack is always individual and the measures must be adapted depending on the type of attack. However, various points can be defined in advance as impulses and assistance.

Cyber attack quick check - What questions should CRITIS companies ask themselves?

Take the quick check now and find out whether your IT can withstand the demands of a cyber attack.  

✅ Assessment of the incident: Is this a cyber attack or a technical defect?  

✅ Current measures: Have all measures been documented and communicated to all relevant responsible parties?

✅ Data backup: Has a backup or other backup of the affected data sets (e.g., system logs, log files, notes, photos of screen contents, etc.) been forensically secured?

✅ Focus on business processes: Have the time-critical business processes that need to be protected already been taken into account?

✅ Assess spread: Has the spread of the attack been determined to the full extent and have all affected systems been identified?

✅ Avoid system propagation: Have affected systems been disconnected from the network and Internet connections? Have all unwanted accesses been prevented?

✅ Protection from impact: Have backups been stopped and protected?

✅ Close security vulnerability: Have vulnerabilities in systems or (business) processes been analyzed and fixed?

✅ Comply with reporting requirements: Have all relevant authorities (police, data protection, etc.) been informed?

✅ Fix accesses: Have the access authorizations and methods for affected (business and, if applicable, private) accounts been checked (e.g., new passwords, 2FA)?

✅ Monitor the system: Is the network still being monitored in order to protect against a renewed attack?

✅ Reconstruction: Has the affected data and systems been restored or rebuilt? (Source)

Does your company need to take action in the area of cybersecurity?

Especially companies that belong to the critical infrastructure seem to be a lucrative target for cyber attacks, as they have a high damage potential in relation to society.
It is therefore all the more important to secure IT. The challenge here lies within the high complexity of the IT systems and the longest possible life cycle of the information infrastructures of the companies. The BSI CRITIS regulation and the associated obligations are intended to help companies prepare for emergencies.
Our quick check is an orientation aid. Use it to quickly take stock of the situation and take the first step towards risk and crisis management. By asking the questions above, you can quickly gain an insight into how your company's IT crisis management is doing.

Support in the event of cyber-crime

With our Libelle BusinessShadow® solution, you can ensure automated disaster recovery and the best possible high availability. Mirror databases, SAP® landscapes and other application systems on a time-delayed basis and herefore  protect your company from the consequences of hardware and application failures, sabotage or other errors.

Would you like to learn more about IT terms? In connection with the term CRITIS, high availability and business continuity play an important role. But what exactly do these terms mean? Learn more about this on our Libelle IT Blog.

Recommended articles
Icon DevOps Libelle IT Group
December 22, 2022 Libelle IT Glossary Part 22: What is DevOps?
Icon data loss Libelle IT Group
September 23, 2022 Data loss: How to protect your data and IT

All blog articles