Critical infrastructures – classification of the vocabulary by the BBK

In 2003, the definition of KRITIS and their classification into sectors and industries was made at the federal level. KRITIS ensure their functioning in society and are subject to disruptions, which the Federal Office of Civil Protection and Disaster Assistance (BBK) proactively counters with its risk management.

For KRITIS protection, common terminology is also needed about critical services and system-relevant facilities of direct or indirect involvement.

Enterprises and authorities at the local, state, and federal levels have worked in recent months to protect KRITIS services and ensure their functioning. Many questions regarding responsibilities for KRITIS have been answered, resulting in the now available "KRITIS Construction Kit: Crisis Prevention and Crisis Management in the Context of Critical Infrastructures".

An identification of so-called systemically important facilities and KRITIS can be made on the basis of levels such as municipality, state, federal government or on the basis of quantitative and qualitative criteria by authorities or operators themselves. In addition, a quantitative regulatory threshold of 500,000 is used to quantify the number of people affected by a failure.

The definition of which facilities and installations are considered critical differs by administrative level, so critical at the municipal level does not mean the same as critical at the federal level.

KRITIS classification according to the Quality I criterion.

Utility services whose failure would have a direct impact on the population or other KRITIS.

KRITIS classification according to the Quality II criterion.

Processes that are necessary for the provision of a KRITIS service as well as system-relevant facilities (suppliers, service providers). Here is the example of a laundry, mentioned as an external service provider for a hospital involved in medical care.

KRITIS classification according to the criterion of quantity

Evaluation of the failure effects of KRITIS on the respective levels of local, state and federal government. Services and processes can be linked to physical assets here

The BSI Act & the IT security of KRITIS

In 2015, the BSIG was amended by the IT Security Act (IT-SiG) to increase IT security of critical infrastructures. The BSI states which systems and facilities are considered critical in the sense of the BSIG. Now, the BSIG addresses only seven of nine critical infrastructure sectors, so its identification also refers only to this subset. It is therefore the case that "critical infrastructures" are not the same as "critical infrastructures within the meaning of the BSIG. By means of the BSI-KritisV, the following facilities are identified as Critical Infrastructures within the meaning of the BSIG:

  • Energy
  • Food
  • Finance and insurance
  • Healthcare
  • Information technology and telecommunications
  • Transport and traffic
  • Water
  • Critical services
  • Facilities that help provide services to more than 500,000 people

Facilities of energy and water utilities, hospitals, banks and insurance companies have repeatedly been the target of cyberattacks in recent months. And it is not just the global crisis that has shown how important it is to maintain infrastructures and services from the KRITIS sectors. Rohde & Schwarz Cybersecurity supports you as a critical infrastructure operator in complying with industry-specific security standards (B3S) and ensuring the availability of your systems and critical processes in the event of a crisis.

Featured content for critical infrastructure

E-Book cybersecurity in healthcare

Download now

Whitepaper cybersecurity in the energy sector

Register now

Webinar secure remote workstation

Download now

Case Study: Secure browsing for government agencies

More information

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.