For operators of energy supply networks and energy systems: Demonstrate the use of attack detection systems

Service Description

As an operator of energy supply networks and energy systems that are considered critical infrastructure, you are obliged to use systems for attack detection. These must continuously identify and prevent threats. You must also provide suitable measures to rectify any faults that occur. Since 01.05.2023, you must provide evidence of the use of these systems to the Federal Office for Information Security (BSI) at least every 2 years.

To protect your information technology from external attacks, you must take organizational and technical measures and precautions. You can have these documented through security audits, further tests or certifications. In the next step, you send the BSI the results of the tests carried out, including any security deficiencies discovered, using a verification document.

The BSI then checks whether your precautions and measures meet the legal requirements. The BSI can request the submission of further test documents and, in the event of security deficiencies, the rectification of the deficiencies.

Energy supply networks and energy systems are elementary for the state community. If they fail or are impaired, there is a risk of supply bottlenecks, significant disruption to public safety or other dramatic consequences. Regular verification of the use of attack detection systems is therefore required by law.

Source: Zuständigkeitsfinder Thüringen (Linie6PLus)

Competent Authority

Bundesamt für Sicherheit in der Informationstechnik (BSI) KRITIS-Büro

Postal address
Godesberger Allee 185-189
53175 Bonn, Stadt

Address
Godesberger Allee 87
53175 Bonn, Stadt
Telephone
+49 228 999582-6166
Fax
+49 228 99109582-6166
Opening times

Monday: 08:00 to 15:30
Tuesday: 08:00 to 15:30
Wednesday: 08:00 to 15:30
Thursday: 08:00 to 15:30
Friday: 08:00 to 13:00