PROTECTING CRITICAL INFRASTRUCTURE: A COMPREHENSIVE APPROACH FOR ENERGY TRANSPORT

摘要

Protecting highly critical infrastructure is often a well-defined trade-off between usability and manageability on the one hand, and the implementation of the strongest security features on the other hand. Of course, it is possible to combine any available solution in order to reach the promised state-of-the-art security level, but will the resulting scenario of appliances, scanners, detection systems, or artificial intelligence still be manageable? This article tries to give an overview of best practices and must-haves concerning the German and European energy sector with its requirements and characteristics. It states the demand for an integrated IT-security management system (ISMS) that should be fully supported by top-level management in order to enable technical solutions to work properly. Therefore, we provide a detailed analysis of the targeted objectives related to the legal framework and economic circumstances. The essential key components of implementing information security will be introduced and assessed with respect to the special needs. Furthermore, this paper can be seen as a guideline on how to achieve compliance with standards like ISO27001, BSI Baseline Security, or the IT-Security Catalogue of the German Federal Network Agency (FNA/BNetzA).