Security for Critical Infrastructure (KRITIS)

What do we call critical infrastructure (CRITIS)?

Our increasingly digitalised society is nowadays more dependent on technical systems than ever. Industrial production is virtually unthinkable without electricity, life is hardly possible without a constant supply of drinking water, and no building can be operated without a functioning automation and communication system. Nearly every area of our daily life is based on modern technology. These technical systems and equipment require basic services to function properly. Motor vehicles are dependent on fuel, energy centres on fuels and renewable energies, buildings on a reliable energy and water supply and automation technology. Without transport, people and goods cannot create values. These basic services that are essential for our society are known as critical infrastructures.

Critical infrastructures can be found within the properties of hospitals, airports, ports, local and long-distance passenger transport, universities, research facilities, energy supply, industrial complexes, chemical and pharmaceutical companies, or in the heavy industry. The owners/operators are mainly responsible for the protection of such critical infrastructures. The legislation on the protection of such facilities is now covered by the EU Directive 2008/114/EC. In addition, the Federal Ministry of the Interior has developed and published a guideline.

Reliable building automation as part of your protection concept

Security concepts for critical infrastructures contain measures for the physical protection of the installations against natural hazards, risks due to technical or human failure or terrorist and criminal acts. The authorities and operators specify the individual requirements of KRITIS, identify vulnerabilities and develop solutions, which are partly implemented by building automation and control systems (BACS). The reliability as well as the modular and flexible system architecture of GFR's building automation and control systems enable the implementation of state-of-the-art security concepts.

The following section explains which measures are necessary and feasible within building automation to operate critical infrastructures safely.

Take advantage of our expertise

GFR is your single point of contact for all questions, starting with planning, through implementation, optimisation and maintenance of your buildings.



Redundant building automation and control systems (BACS)

Redundancy means "additional technical resources in reserve" and stands for double execution. There are many types. The safest is the redundant design of the entire BACS including automation equipment (AE), management and control equipment (MCE), control cabinets, field devices and cabling. The technical building services can also be executed twice. Alternatively, there are solutions that only include the automation equipment (redundant processor modules) and management and control equipment (highly available server systems). The challenge is to find THE most effective solution for maximum security in the application.

Redundant and encrypted BACS networks

There are also different types of redundant networks. The network can be provided by the in-house IT network management or carried out by our specialists. The planning is always done in cooperation with you. Regardless of the implemented type, in the event of a connection failure, the system automatically switches to an available network. The communication in the network is encrypted using TLS.

Access protection

The management and control equipment (MCE) WEBVISION 5 by GFR contains password and operating hierarchies with limited or extended user functions. Two-factor authentication and integration into existing identity management systems (like Microsoft Active Directory Domain Services) are also possible and useful. Work at the MCE is logged at the appropriate location with indication of the period and the type of activity.

Cyber security

Cybercrime represents a growing threat to security in buildings, as the increasing networking of building automation solutions with the Internet turns critical infrastructures into attractive targets for cyber-attacks. GFR's building automation and control systems comprise effective defence mechanisms and services that ensure state-of-the-art protection measures. more information on Cyber security for networked buildings

Cross-trade notification management

Open interfaces enable the integration of different security systems into the building automation and control system, the BACS management platform (WEBVISION 5) and the notification management (WEBALARM). These include access control, video surveillance, fire alarm, emergency call and other branch-specific systems. These subsystems are usually operated independently. Linking them into a holistic notification management system increases clarity, shortens response times to unforeseen events, supports rational decisions and ensures the effective coordination of necessary measures. Alarm messages are colour-coded according to their priority, brought to the foreground, reported acoustically, and communicated electronically. In this way, the complex alarm and notification hierarchies of critical infrastructures can be conveniently managed.

Secure control cabinets

The control cabinets are secured by an in-house locking system and are only accessible to authorised persons. A door monitoring system signals unauthorised opening to the alarm management system. All inserted cables are fastened with strain relief to make it more difficult to pull them out. The modules of the manual operating level (local override-LOR) are mounted on top-hat rails inside the control cabinet. This prevents unauthorised access. If the automation equipment fails, the LOR remains fully functional. The operating touch panels in the control cabinet door are password protected.

Preventive maintenance

GFR ensures the professional maintenance and support of your building automation and control systems in accordance with applicable laws, standards, and guidelines such as AMEV and VDMA 24186. The experienced members of our service hotline are at your service within 24 hours a day, 365 days a year. learn more

Consulting and support throughout the entire life cycle

Building automation systems within critical infrastructures require effective planning, communication, and coordination of security measures. With our expertise, products, solutions, and services, we safeguard critical infrastructures and ensure that they remain secure, considering the ever-changing threat scenario.

Our solutions, your benefits

  • Satisfied building owners and operators due to our many years of project experience
  • We ensure the professional implementation and compliance with valid standards, guidelines, and laws
  • GFR provides unrestricted availability of building automation and control systems and networks through proven redundancy concepts and effective protection against cyber attacks
  • We care for quick response times of the operators in real time in case of critical situations through a comprehensive and clear alarm management
  • GFR ensures the clear visualisation of complex, inter-trade relationships through graphical user interfaces in the management and control equipment
  • We guarantee support and maintenance throughout the entire life cycle of the building

Take advantage of our expertise

GFR is your single point of contact for all questions, starting with planning, through implementation, optimisation and maintenance of your buildings.



Download GFR general catalogue

Please enter your name and e-mail address and you can then download our GFR general catalogue in PDF format. We will also be happy to answer your questions personally.


Download form
Download now
Choose target group