In addition to personnel bottlenecks and infection control, the rising level of cybercrime is a concern that more and more companies have been confronted with since the beginning of the corona pandemic. In some cases, such an attack is not only a threat to the existence of the respective company, but also to public safety, for example at energy suppliers, waterworks or hospitals. The current situation underlines why such operators of critical infrastructures (KRITIS) are legally obliged to provide basic IT protection. What can operators do to meet the minimum requirements of cyber security? The German Federal Office for Information Security provides a methodological approach for implementing IT baseline protection.
The Operational Technology (OT) and Information Technology security of the industrial facilities of companies, organizations, or institutions, that are of major importance to the state, are of particularly high importance to state security. Standards for systematic security measures in German companies are set out by the German Federal Office for Information Security (BSI). The minimum requirements for operators of critical infrastructure facilities (KRITIS) are regulated by the BSI annually using the IT baseline protection compendium.
Although the measures outlined in the IT baseline protection are only legally binding for KRITIS operators (regulated by the IT Security Act), the minimum requirements are recommended to all companies to secure their own data. The security recommendations issued by the BSI are an aid whereof production plants inside and outside Germany could benefit that are not officially classified as critical infrastructures.
Institutions, that are compliant to the criteria set out by the German Federal Office for Information Security must be able to:
1. Recognize a hazardous IT/OT security situation.
2. Identify suitable IT/OT security practices.
3. Adhere to those practices in their environments.
To ensure standardization across an organization or company, it is recommended that critical infrastructure operators adhere to a methodical sequence of steps:
1. create a defined framework and strategy for IT/OT security
2. define the target processes, technologies, and applications included in the framework
3. outline the requirements to fulfill in order to protect each of the targeted identified in the previous step
4. implement practices to fulfill the requirements outlined in the previous step
5. establish a strategy to check the implemented security measures, detect security incidents, and ensure a timely and appropriate response.
The data management solution versiondog supports with its basic functionality essential requirements for automation components, which can also be found in the IT baseline protection compendium. The set of rules and regulations demands this functionality as a recommended – as well as a mandatory-requirement.
Are you interested in further information?
AUVESY provides a free guide in which you will find answers to the following questions:
- What are the basic and standard requirements regarding IT security for automation components such as controllers, process control systems, HMIs etc.?
- Which functionality is provided by the software versiondog for the implementation of the requirements from the IT baseline protection?
- Which security requirements can be realized with versiondog?
- How do I use versiondog preventively to avoid data loss and machine downtimes?
- Which possibilities for detection and reaction are provided by versiondog?
Find out how you can use versiondog to take preventative maintenance to the next level, and to reduce both planned and unplanned downtime. Use our demo version to learn how the versiondog software could work for you.