Commissioned by CyberArk

1 Introduction

The subject of a society being dependent on networked systems is becoming increasingly important for citizens, companies and the government. The techn ...

2 Critical Infrastructure defined

The definitions and requirements concerning critical infrastructure as they exist at an European and, in particular, German level can be regarded as e ...

The currently valid conceptual structure for the protection of the supply and service facilities central to the supply of state, economy and society n ...

3 Critical infrastructure across industries

Based on the BSI’s definitions for critical infrastructure, the BBK (“Bundesamt für Bevölkerungsschutz und Katastrophenhilfe” – German Feder ...

3.1 Refining requirements: B3S

The definition of industry-specific requirements is the responsibility of the industries, their industry associations and key corporations as exemplar ...

3.2 Energy

A key industry is energy supply, which includes electricity, gas and oil. An emergency in this area directly affects virtually any other critical infr ...

3.3 Nutrition, Food and Water

Maintaining nutrition is subject to the provisions of KRITIS. Reliable food production and the supply of food to the population via food trade are ess ...

3.4 Transport

One of the most significant critical areas is transport. Transport is divided into six major critical infrastructure areas: air, water, sea, water, ra ...

3.5 Healthcare

Medical care with all its dependencies to other critical areas is classified as critical infrastructure. The health sector refers to the health system ...

3.6 Finance and Insurance

While other critical infrastructure still involves tangible goods and services, the area of financial and insurance sectors is almost completely contr ...

4 Transport specific threat scenario (railroad)

Potential attacks on information technology and communications are important to understand. The DB (Deutsche Bahn - German Railway) is chosen as a rep ...

4.1 Scenario Definition

DB consists of several companies that cover the various areas of transport, control and logistics. There are companies for long-distance passenger tra ...

4.2 Analysis and controls

This example contains many processes that are IT-supported and therefore need to be adequately protected. These include authentication processes for c ...

4.3 Scenario-based risk analysis

The above given example shows, that continuously conducting an adequate risk assessment is a key challenge for protecting critical infrastructure. Usi ...

5 Protecting IT within critical infrastructure

Critical infrastructures differ considerably in their respective core business elements. The knowledge and experience of experienced engineers and a m ...

5.1 IT is critical to KRITIS

IT-based systems are essential elements for controlling and monitoring systems of all kinds. Today, many essential processes in logistics or modern en ...

5.2 ISMS at the core of KRITIS compliance

A common denominator of all relevant guidelines, including the B3S documents and e.g. the “IT security catalog for electricity and gas networks” i ...

5.3 Threat intelligence and modern Security Operation Centers

Beyond the necessary measures for a pure KRITIS-check-list compliance, the measures mentioned so far are increasingly not regarded as sufficient. The ...

5.4 Privileged Access Management integrated with IAM

The cause of most documented attacks is compromised privileged user accounts. This is usually facilitated by the fact that these accounts are not subj ...

An organization's IAM system is the basis for managing identities and assigning authorizations. The Access Manager is responsible for reviewing and im ...

6 Protecting critical infrastructure with CyberArk’s security solutions

Cyber security requirements for critical infrastructure often have a different focus than the protection of traditional enterprise IT. A solid cyber s ...

6.1 Overview

CyberArk provides an end-to-end solution for privileged access security on a single, well-integrated platform. It provides a critical layer of IT secu ...

• Privileged Account Security (PAS) offers a multi-level core portfolio, including privileged password management, session isolation and recording, ...

6.2 Protecting the endpoint

Although this fact is often overlooked, Privileged Access Security starts at the endpoint, no matter whether it is the desktop workstation or a backen ...

6.3 Privileged credential management, session management and privileged threat analytics

The protection and control of credentials is literally one of the central challenges in any critical infrastructure. The close integration of KRITIS w ...

6.4 Protecting secrets with Application Access Manager

A particular challenge in critical infrastructure is the multitude of centralized and decentralized applications, systems and components. Critical inf ...

6.5 Cloud and hybrid environments

Even for operators of critical infrastructure, the move of processes, tasks and workloads to the cloud brings considerable opportunities for optimizat ...

7 Five Key Privilege Access Security Takeaways for Ensuring KRITIS

Implementing cyber resiliency as the basis for achieving compliance to KRITIS requirements is not entirely congruent with the measures that the requir ...

8 Related Research

Leadership Compass: Privilege Management - 72330
Leadership Compass: Adaptive Authentication - 79011
Architecture Blueprint: Hybrid Cloud Security - 72552
Advisory Note: GRC Reference Architecture - 72582
Advisory Note: Big Data Security, Governance, Stewardship - 72565
KuppingerCole Hot Topic Area Privilege Management