Skip to main content
main-content
Top

Hint

Swipe to navigate through the chapters of this book

2013 | OriginalPaper | Chapter

Security in Critical Infrastructures – Future Precondition for Operating License?

Authors: Dr. Willi Kafitz, Volker Burgers

Published in: ISSE 2013 Securing Electronic Business Processes

Publisher: Springer Fachmedien Wiesbaden

share
SHARE

Abstract

Today, expanding digitalization and networking in many living and working areas is an inexorable process. It concerns infrastructures which are essential for modern societies and thus classified as critical. These infrastructures must be well-secured against erratic behavior. This especially applies to electronic attacks from criminal or foreign organizations. Very critical is electricity in that regard, because many areas depend on power. Through modern process IT and future ICT-based smart grids, energy suppliers are prone to cyber-attacks. In the industrial sectors, on a national level and on an European level there are several regulative and legal activities to be found in order to make information security independent of business hazards and to define the security level by legal acts. For this purpose we have well-defined national and international standards. In particular the ISO/IEC 27000 standard framework has been complemented in the last years by documents regarding industrial sectors e.g. power supply. Everything points to the requirement that some markets and market roles are so important for economic impact that the security level should be reviewed by independent organizations under governmental supervision. In the future many enterprises may have to accept that external audits, certification and frequent recertification is a binding requirement for doing business in critical market roles. Operation permit necessarily requires information security.
Glossary
BCM
Business Continuity Management
BSI
Federal Office for Security in Information Technology
EDPC
Electronic data processing center
ENISA
European Network and Information Security Agency
ICT
Information and Communication Technology
ISMS
Information Security Management System, towards ISO/IEC 27001 or BSI-Standard 100-1
SCADA
Supervisory Control and Data Acquisition
Smart Grid In the meaning: automatic ICT-based controlling of offer and use of electrical power mostly from volatile energy resources.
SMGW
Smart Metering Gateway
UC
Unified Communication, Integration of several communication methods in a homogeneous application level
UP KRITIS
Implementation Guideline for the National Strategy to Protect Critical Infrastructures
Footnotes
1
[Fraun12], Gesamtwirtschaftliche Potentiale intelligenter Netze in Deutschland, Seite 5
 
4
Enisa Annex II Security aspects in smart grid, Seite 6
 
14
Backround: (e-energy promotion project of the Federal ministry of Economics (e-energy-Förderprojekte des Bundesministeriums für Wirtschaft in Deutschland (BMWi))
 
Literature
[ENISA04]
go back to reference Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency Official Journal L 077 , 13/03/2004 P. 0001 – 0011 Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency Official Journal L 077 , 13/03/2004 P. 0001 – 0011
[ENISA11]
go back to reference Enisa Annex II Security aspects in smart grid Enisa Annex II Security aspects in smart grid
[ENISA13]
go back to reference German: VERORDNUNG (EU) Nr. 526/2013 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 21. Mai 2013 über die Agentur der EuropÄischen Union für Netz- und Informationssicherheit (ENISA) und zur Aufhebung der Verordnung (EG) Nr. 460/2004 English: REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 German: VERORDNUNG (EU) Nr. 526/2013 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 21. Mai 2013 über die Agentur der EuropÄischen Union für Netz- und Informationssicherheit (ENISA) und zur Aufhebung der Verordnung (EG) Nr. 460/2004 English: REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004
[EnWG11]
go back to reference Gesetz über die ElektrizitÄts- und Gasversorgung (Energiewirtschaftsgesetz – EnWG) vom 7. Juli 2005 (BGBl. I S. 1970, 3621), geÄndert durch Artikel 4 des Gesetzes vom 31. Mai 2013 (BGBl. I S. 1388) (German Electricity and Gas Supply Act) Gesetz über die ElektrizitÄts- und Gasversorgung (Energiewirtschaftsgesetz – EnWG) vom 7. Juli 2005 (BGBl. I S. 1970, 3621), geÄndert durch Artikel 4 des Gesetzes vom 31. Mai 2013 (BGBl. I S. 1388) (German Electricity and Gas Supply Act)
[UPKR05]
go back to reference Umsetzungsplan KRITIS des Nationalen Plans zum Schutz der Informationsinfrastrukturen, Hrsg. Bundesministerium des Innern, ( http://​www.​kritis.​bund.​de) (Federal Ministry of the Interior, Implementation Guideline for the National Strategy to Protect Critical Infrastructures) Umsetzungsplan KRITIS des Nationalen Plans zum Schutz der Informationsinfrastrukturen, Hrsg. Bundesministerium des Innern, ( http://​www.​kritis.​bund.​de) (Federal Ministry of the Interior, Implementation Guideline for the National Strategy to Protect Critical Infrastructures)
Metadata
Title
Security in Critical Infrastructures – Future Precondition for Operating License?
Authors
Dr. Willi Kafitz
Volker Burgers
Copyright Year
2013
Publisher
Springer Fachmedien Wiesbaden
DOI
https://doi.org/10.1007/978-3-658-03371-2_18

Premium Partner