Möchtest du unsere Inhalte auf Deutsch sehen?


Cyber attack detection for KRITIS operators and production companies

IoT Use Case - secunet monitor KRITIS
5 minutes Reading time
5 minutes Reading time

The failure to implement IT security is causing ever greater problems for companies in a wide range of industries. As cyber attacks have increased significantly in recent years and the dangers are expected to continue to grow in the future, companies are faced with the challenge of taking effective measures to minimize risks. This is especially true for operators of critical infrastructures (CRITIS), meaning organizations and institutions of significant importance to the public welfare, as well as manufacturers of goods and products.

The challenge: German IT Security Act 2.0 overwhelms many KRITIS operators

To further increase the cyber security of critical infrastructures, the IT Security Act, which was originally introduced in 2015, was revised; the second version came into force in May 2021. It extends the scope and includes additional provisions for the respective companies to meet the demands of advancing digitalization. The approximately 1,800 KRITIS facilities are allowed to implement systems for attack detection. Proof of implementation must be provided to the supervisory authorities.

The BSI has published a guide to this, which can be downloaded free of charge as a PDF from the BSI website. It specifies many things. It serves as an aid for implementing the requirements of the IT Security Act 2.0 (IT-SiG 2.0) and is the authoritative basis for auditors in their assessment of the degree of implementation.

Detecting attacks is done by comparing the data processed in an IT system with information and technical patterns that indicate attacks. It is important to comply with the current state of the art and to keep the signatures of detection systems up to date at all times. This means that signature-based attack detection must be available. Anomaly detection is also possible, but is not sufficient on its own.

The BSI has defined the requirements that KRITIS operators must fulfill in a five-stage implementation model. Since May 1, 2023, implementation level 3 must be fulfilled: “All MANDATORY requirements have been fulfilled for all areas. Ideally, SHOULD requirements have been reviewed with regard to their necessity and feasibility. A continuous improvement process has been established or is being planned.”

However, many KRITIS operators, which are often small or medium-sized companies, do not have the resources and ability to take all the necessary measures and fully comply with the legal requirements on their own. Anomaly detection must first undergo a complex training process.

A system is therefore often required that fully meets the requirements of the German IT Security Act 2.0 and at the same time is manageable for users at short notice.

The Solution

Essen-based secunet Security Networks AG is regarded as Germany’s leading cybersecurity company for the highest security standards in digitalization projects. secunet has a broad product portfolio of security solutions as well as extensive consulting services.

With secunet monitor KRITIS, the company offers an effective attack detection system for KRITIS operators in IT and OT environments. It complies with the requirements of the BSI guidance regarding signature- and pattern-based attack detection.

Secunet monitor KRITIS enables the implementation of all mandatory technical requirements of the guidance for meeting the German IT Security Act 2.0. It is passive, non-reactive and easy to use. In practice, in addition to pure attack detection, the system also compiles the data required for the transmission of reportable events to the BSI and for audits and also integrates external signatures such as the BSI MISP Feed. The solution also implements the functions of an intrusion detection system (IDS) for detecting attacks at network level (NIDS).

At the system level, secunet monitor KRITIS can aggregate and analyze log data from IT and OT systems in a central repository (log sink). The analysis is based on pre-configured rules that can be expanded.

The function for log-based attack detection can be used as a simple SIEM supplement to meet the requirements. When used as an addition to an existing SIEM system, alternatively, the log data and events from secunet monitor CRITIS can be forwarded to existing SIEM systems via a standard interface (Syslog).

Other included features of secunet monitor KRITIS include:

  • Global whitelisting
  • Real-time monitoring
  • Installability in air-gapped environments
  • Log data sink with evaluation capabilities through integrated SIEM functionality
  • Clear changelog for secure documentation
secunet monitor KRITIS

The result

In the context of growing cyber threats, secunet monitor KRITIS represents a flexible and straightforward solution for KRITIS operators by providing advanced, signature- or pattern-based detection of cyber attacks. This cost-effective solution simplifies compliance with the stringent—current and future—requirements of the German IT Security Act 2.0, without disrupting operational processes. Thanks to easy integration and adaptability to various operating environments, including isolated air-gapped networks, secunet monitor KRITIS enables the implementation of a flexible, legally compliant, and effective security strategy.

Customers also benefit from comprehensive support that goes beyond the technical solution: consultation, training, and continuous adaptation to new threat scenarios ensure a sustainable security infrastructure. Through the integration of external signatures and the capability for intelligent log data analysis, secunet monitor KRITIS provides a robust tool against current and future cyber threats, thereby not only enhancing operators’ compliance but also their confidence in a secure future.

Get our IoT Use Case Update now

Get exclusive monthly insights into our use cases, activities and news from the network - Register now for free.