In the view of many experts in the security industry, this and other legal measures – such as the EU Directive NIS2 which came into force at the beginning of 2023 – are important and long overdue steps to improving the resilience and security of critical infrastructure installations in Germany.

Blanket Law for Critical Infrastructures in Germany

The blanket law itself should be viewed as an extension of cybersecurity, and in the first instance applies to physical security. At the same time, it is a source of uncertainty for many companies:

• Who is included in ‘critical Infrastructure’?
• What conditions must be fulfilled, and how?
• What solutions are there?

This is exactly where the Critical Infrastructure Expert Summit picks up the reins under its own slogan “Trusted Communication Always”. Together with partners Advancis, Astrum IT, Dormakaba and Fath, Schneider Intercom and the Commend Group offered visitors to the conference the opportunity to find out about the latest developments and trends in physically securing critical infrastructure, to network with new contacts and to discuss issues.

Critical Infrastructure Expert Summit

The Critical Infrastructure Expert Summit was opened by Detlef Witte, CEO of Schneider Intercom, and Martin Gross, CEO of the Commend Group. There was a brief look back at how Schneider Sprechsysteme started in 1979, followed by the common path taken by Commend and Schneider Intercom in the last few decades. The reason for the history session: Schneider Intercom presented the new company logo for the first time, exclusively to the participants of the summit, which has a strong connection to communications solutions and the manufacturer Commend, but by keeping the color scheme it does not lose its identity, reliability or tradition.

The first keynote speaker, Prof. Dr. Clemens Gause, Professor of Security Technology and Information Management at the Northern Business School and CEO of the Association for Security Technology (VfS), presented the legal framework and the development of the KRITIS Dachgesetz. He stressed in particular the lack of physical security in many areas of critical infrastructure in Germany and Europe. With regard to the registration requirement for operators of critical infrastructure, Prof. Dr. Gause predicted a rapid growth in the number of staff at the Bundesamt für Sicherheit in der Informationstechnik (BSI) and the Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (BBK), who in future will be responsible for ensuring compliance with the technical, security-relevant and organizational measures in affected companies. In total, the new legal conditions will significantly increase the number of companies and organizations that fall under the definition of critical infrastructure. His own estimates are an increase from currently 5,000 to around 50,000.

Keynote Speaker Jimmy Heschl, Global Head of Digital Security of Red Bull, and Thomas Pfeiffer, Chief Information Security Officer of Linz Netz, explained how things are currently beyond the academic world and in practice. They answered questions from the auditorium, and showed what measures and strategies have been successful in practice in meeting the contemporary security needs of a company. Under the heading of “Your route to successful certification”, they both spoke about their experience of NIS1 and changes that it brought for companies, which companies will be classified as critical infrastructure in future, and what companies must do for successful certification.

Physical Security in Critical Infrastructures

After an introduction to theory and practice came presentations from Schneider Intercom and their partners on available products and solutions. Schneider Intercom offers the Symphony intercom platform (On-Prem as Virtuosis or as a pure cloud service) which, apart from the basic intercom functionality, helps to protect privacy, customer and company data, and intellectual property. Security and data protection both start with trust, which is why Commend adopted a ‘Privacy and Security by Design’ approach when developing its solutions – it is also certified to DIN EN IEC 62443-4-1 (IT security for industrial automation systems) as well as ISO/IEC 27001:2013 (information security management systems (ISMS)).

Various sub-systems, such as video surveillance, sensors, access control or even visitor management, can be simply and intelligently connected via the Symphony platform, which can assist process optimization in a company. IT security becomes more important through the networking of the systems. The platform is also backwards-compatible with products from the late 1980s – investment protection with evergreen-technology.

Alexander Gräf, Head of Sales and Marketing at Schneider Intercom, said during his presentation that the purpose of the company’s solutions is to provide added value for users and companies, to streamline processes by using intercoms (i. e. using QR codes at the perimeter visitor terminals), and to improve security in companies but also in smart cities (evacuation points together with access control and an SOS button).  All this should observe and comply with the IT security requirements and thereby contribute to business continuity.

Advancis, represented by Dr. Jens Hartmann, presented their manufacturer-agnostic Winguard danger management system that is currently in use at 974 critical infrastructure projects in 43 countries and has over 500 interfaces. Winguard allows, amongst others, video surveillance, access control and fire alarm systems to be linked within one software solution. The AIM product line provides companies the ability to integrate access control, identity and biometric systems into one platform.

A company is faced with significant challenges when they have to manage the activities of third-party people and vehicles. Daniel Tripp, Business Development and Operations Executive at Astrum IT, presented Visit, a visitor management system that makes it possible to collate visitor and supplier traffic at a central location. The web application also enables the integration of a module for self-registration in various languages, as well as the option to provide individual or subject-related security/safety instructions on the registration terminal. This not only raises the physical security level, but also takes the load off the reception personnel.

The solution could be seen in the accompanying exhibition area, and the process will be supported in future by the Schneider Intercom solutions – the IP Intercom –IM3 and IVY modules, the worldwide first conversational AI-based intercom voice assistant to relieve the security center. But of course, it is not only about securing access to buildings for staff and visitors, but also always having an overview of room occupation and footfall within the building.
Mate Ursic, a Sales Consultant for Digital Solutions at Dormakaba, explained the advantages of Entriworx. The system consists of a web-based software application, an app and central hardware components, and already simplifies early door planning, but also allows direct access to the planning of the door installation and commissioning via a digital twin.

The IT as well as the electric and electronic infrastructure all count as elements of critical infrastructures. It is therefore vital to protect the security-critical hardware, such as server racks and cabinets. Fath offers the mechatronic Tanlock locking system so that unauthorized people do not have direct physical access to these components. André Stöger, Sales Manager Austria, explained during his presentation how the system can increase security against unauthorized access, and what other functions the system can offer (event recording, reporting).

Importance of Interaction Between Security and Other Industries

There was a podium discussion to round off the Expert Summit, led by Prof. Dr. Clemens Gause with lively participation from the whole auditorium. This showed that the establishment of a security awareness is a high priority for many companies, not least because of the forthcoming critical infrastructure law as well as the other changes to the legal framework (NIS2, Cyber Security Act, etc.) There is a lot of catching up to do, in particular in the physical security of critical infrastructure operations. Companies must actively study these matters and take concrete steps towards improving their own security status, also in view of the changing global situation.

The matter should be given a higher priority in companies, also because of the question of liability of the company management as well as the potential fines. The lively discussion at the end of the event showed very clearly how important the interaction between the security industry and other industries must be in future to be able to provide effective protection specifically for critical infrastructure. The Commend Group and Schneider Intercom are therefore planning to continue the “KRITIS Expert Summit” in 2024.