KRITEX Project: Critical Infrastructures in Technical Change

The KRITEX project, which will run for just under two years, is being funded by the German Federal Ministry of Education and Research as part of its civil security program with around 500,000 euros. Critical infrastructures, which include the power supply, are increasingly becoming the focus of cyber attacks. Due to the energy transition, in particular the decentralization of energy generation and the increasing networking and digitization of infrastructure, the supply network is becoming more complex and vulnerable. The attack surface is increasing to such an extent that classic IT security is already no longer sufficient for protection and there is a need for regulation. This is where the KRITEX project comes in. It examines the configuration of a scaling IT security platform for operators of critical infrastructures in terms of its dependence on legal, technical and practical aspects. In addition, mechanisms for effective risk coverage will be considered by the project partners.

Thomas Blumenthal, Managing Director of consortium leader QGroup and expert in IT security, is excited about the project: "We want to create more security for network operators via a holistic approach that includes legal issues and realize the greatest possible resilience against external attacks."

Based on the security needs of infrastructure operators in the energy supply sector, legal rules will be examined, taking into account the existing legal framework, as well as the need for regulation. "We all - government, business, citizens - depend on a crisis-proof energy supply. Nowadays, this requires the use of secure and resilient IT. There are specifications for this in IT security law and data protection law, which we want to develop further in the project and concretize for new forms of flexible energy generation," explains Prof. Gerrit Hornung. Head of the Department of Public Law, IT Law and Environmental Law at the University of Kassel.

In contrast to classic, often selective approaches to IT security, the project takes a holistic approach to the fundamental, resilient design of digitalized infrastructure (IT/OT/IoT) for operators of critical infrastructure. The project uses a structured resilience design from the kernel and operating system level upwards, which takes adaptability to legal requirements into account from the outset. The systematic construction of effective, scalable and practicable protection against increasingly sophisticated attacks is to be simplified for operators of critical infrastructures.

The investigations are carried out exemplarily with the support of the associated partner Städtische Werke Netz + Service GmbH. "This means that three members of the House of Energy are directly involved in the KRITEX project. It also builds a bridge to other projects of the transdisciplinary network," emphasizes Prof. Peter Birkner, managing director of the House of Energy. In particular, it will draw on the findings of the Smart Grid LAB Hessen, which is a laboratory in which the intelligent power grid (smart grid) of the future is being studied from various angles under real conditions. The transferability of the KRITEX approach to other infrastructures is also a topic in the course of the project.