In the first part of the technical article on the GEZE expert discussion “Building envelope under control: KRITIS and Cybersecurity”, the focus was particularly on regulatory requirements, responsibilities and the growing importance of cybersecurity in architecture, building automation and operator responsibility. Olaf Thies, Architectural Consultant and BIM Manager at GEZE, and Frank Schubert, Cybersecurity and Automation Expert at Beckhoff Automation, made it clear that cybersecurity must already be taken into account in the early planning phases today.

The second part of this technical article follows on directly from this discussion and explores the practical significance of intelligent building automation for KRITIS-relevant buildings. The focus is on networked doors, windows and security systems as active components of modern security architectures, as well as the role of secure communication standards such as OPC UA and, in future, BACnet Secure Connect.

As already emphasised in the expert discussion, the building envelope is increasingly evolving from a purely structural component into a digital security and control layer. Particularly in critical infrastructures, the intelligent networking of doors, windows, sensor technology and building automation is thus becoming a central component for resilience, traceability and secure building operation.

Smart building automation as a component of resilient KRITIS strategies

During the GEZE expert discussion, it became clear that the debate surrounding KRITIS and cyber security is no longer confined exclusively to traditional IT infrastructures. Rather, the building envelope itself is increasingly becoming a security-relevant interface within networked infrastructures. Doors, windows, sensors, escape route systems, access controls and automated ventilation systems are becoming part of a digital security architecture – and thus also potential points of vulnerability.

Intelligent building automation is therefore gaining strategic importance, particularly in KRITIS-relevant sectors such as healthcare, public administration, transport infrastructure or critical service sectors. It no longer serves merely to enhance comfort or optimise energy use, but increasingly also to ensure operational stability, resilience and regulatory compliance.

Building automation as a security and compliance tool

As Frank Schubert explained in an interview, the greatest risks often do not arise in the highly secure data centre itself, but at the interfaces between IT, building automation and physical infrastructure. Attacks on cooling, alarm systems, access control or technical supply systems can have a significant impact on overall operations.

This is precisely where modern building automation comes into play. Through centralised control, continuous monitoring and secure communication protocols, risks can be identified at an early stage and technical systems secured in a controlled manner. At the same time, automation supports operators in implementing regulatory requirements from NIS2, the IT Security Act 2.0 or the KRITIS Framework Act.

Key functions include:

• central monitoring of security-relevant building functions,
• encrypted communication,
• role-based access concepts,
• event logging,
• traceable documentation,
• redundancy mechanisms,
• support with reporting and compliance obligations towards authorities such as the BSI.

During the discussion, it was particularly emphasised that secure communication is now one of the fundamental requirements of modern building infrastructures. Standards such as OPC UA or BACnet Secure Connect are becoming increasingly important, as they enable encrypted and certificate-based communication.

OPC UA as a secure communication basis

A central point of the discussion was the role of OPC UA within critical building infrastructures. Frank Schubert described the protocol as currently one of the most secure methods available for communication between networked building systems and higher-level management or monitoring platforms.

Certificate-based communication and encryption make unauthorised access significantly more difficult. At the same time, however, it was also emphasised that even secure protocols are only as reliable as their actual implementation. Missing certificates, open maintenance access points or insecure configurations can also make modern systems vulnerable.

This means that responsibility is increasingly shifting from mere product selection towards integrated planning and organisational implementation.

Healthcare: Security, Hygiene and Operational Stability

This development is particularly evident in the healthcare sector. Hospitals, care homes and medical centres combine numerous safety-critical requirements: the protection of vulnerable individuals, fire safety, hygiene, access management, accessibility and uninterrupted operational processes must all be guaranteed simultaneously.

During the expert discussion, it was repeatedly pointed out that building automation goes far beyond traditional comfort functions in this context. Automated door systems, contactless access solutions, intelligent ventilation systems and centralised escape route controls are becoming part of a holistic safety concept.

Automatic sliding doors with contactless control, for example, support hygiene protocols in sensitive areas such as operating theatres or intensive care units. At the same time, intelligent access control systems enable differentiated management of security-relevant areas, such as laboratories, pharmaceutical storage facilities or care zones.

Preventive fire protection was also highlighted in the discussion as an essential component of the safety architecture. Fire doors serve a dual purpose: in normal operation, they ensure accessibility and comfort; in the event of an emergency, they secure escape and rescue routes and prevent the spread of fire and smoke.

Building automation as an integral part of hospital operations

Another key focus is on process stability during ongoing operations. Hospitals and care facilities in particular are often unable to compensate for renovations, technical failures or security incidents simply by closing down operations.

Smart building automation enables the following here:

• controlled access management,
• centralised alerting,
• automated ventilation and room climate control,
• keeping escape routes smoke-free,
• energy-efficient operation,
• continuous monitoring of safety-critical systems.

At the same time, significant economic potential arises. Automated window controls, intelligent sensor technology and adaptive ventilation systems help to reduce energy consumption and operating costs. It was emphasised several times during the discussion that, in the long term, operating costs account for the largest share of a building’s life cycle – significantly more so than the original construction costs.

Public buildings: balancing openness and the need for protection

Public buildings, too, are increasingly subject to regulatory and safety-related pressures. Town halls, government offices, educational institutions and administrative buildings must, on the one hand, remain open and accessible to all, whilst, on the other hand, meeting rising demands for security, energy efficiency and resilience.

According to Olaf Thies, this is precisely where a new planning challenge arises: architecture must enable both openness and protection simultaneously.

Intelligent access controls, automated escape route concepts, sensor-based door systems or central building management systems help to combine these requirements. At the same time, networked systems support operators in optimising energy consumption, indoor air quality and operational processes.

During the expert discussion, it was pointed out on several occasions that modern building automation must not be viewed in isolation. Rather, the greatest benefits arise only through the integration of different systems within a common security and operational strategy.

Transport infrastructure: Security under continuous operation

The situation in the transport sector is particularly challenging. Railway stations, airports, ships or public transport systems combine high passenger volumes, complex operational processes and increasing security requirements.

Automatic door and access systems here not only perform convenience functions but also become an integral part of safety-critical processes. Platform doors, locked access systems or automated escape route controls must function reliably even under continuous operation whilst being protected against tampering.

Such automated security mechanisms are becoming increasingly important, particularly in view of future autonomous or driverless transport systems.

The building envelope becomes part of the digital security architecture

The expert discussion made it clear that the role of the building envelope is undergoing a fundamental change. Doors, windows and building services are no longer exclusively mechanical or architectural components, but part of networked digital infrastructures.

This also shifts the focus of responsibility in the planning phase: security requirements must be taken into account at an early stage, technical systems must be designed with integration in mind, and operators’ perspectives must be incorporated from the earliest project phases.

Smart building automation is thus increasingly becoming a central component of resilient KRITIS strategies – not only to improve efficiency, but as an integral part of modern security architectures.

Networked doors and windows as part of resilient KRITIS architectures

Modern doors, windows and façade systems have long since ceased to perform solely mechanical or structural functions in critical infrastructures. Through intelligent networking, they become part of digital security and building management systems and actively contribute to operational stability, traceability and cyber resilience. Particularly in KRITIS-relevant buildings, integration into building automation platforms enables centralised monitoring, secure communication and automated control of security-critical processes.