Secure access control systems for CRITIS

May 16, 2023

By Nico Janich, Sales Manager Industry and Project Business at ISEO Germany

A cut cable throws half of Germany into chaos: for critical infrastructures, scalable software solutions are the key to the future

It was only in October 2022 that fibre optic cables belonging to Deutsche Bahn were sabotaged, plunging northern Germany into traffic chaos. A few months earlier, there was a fatal work accident in a transformer station in North Rhine-Westphalia, as a result of which power and telephone networks failed for 14,000 people for several hours. Such acts of sabotage and accidents at critical infrastructures are not only tragic, but can also have devastating consequences for public safety. Therefore, the protection of critical infrastructure against unauthorised access must be significantly improved. However, the often remote facilities are exposed to the weather and sometimes do not have a stable power and internet supply, so purely mechanical locking systems are resorted to. These are easy to manipulate and losing a key literally opens the floodgates. For a long time now, many security-relevant functions have been easier and more reliable to implement using software components such as Locken Smart Access (LSA): accesses can be added and removed at will, and all accesses are documented. In addition, the solutions are scalable and can be designed individually. With the help of automatic system decisions based on sensor measurements, personal accidents can be prevented in dangerous work environments such as transformer stations, for example.

“There are currently no long-distance travel options from/to Hamburg, Schleswig-Holstein and Lower Saxony to/from Kassel-Wilhelmshöhe, Berlin and NRW.” With this bad news, thousands of rail passengers in and to northern Germany were greeted on the morning of 8 October 2022, a Saturday and the start of the autumn holidays in many places. Yawningly empty and motionless display boards, which at most informed about “indefinitely delayed” trains, were one of the consequences of an act of sabotage in which unknown persons wantonly damaged Deutsche Bahn’s fibre optic cables at two locations in Berlin-Hohenschönhausen and North Rhine-Westphalia. The severed fibre optic cables belonged to the GSM-R digital train radio used for communication between the control centres and the trains, which made it impossible to maintain train services in the affected regions. Travellers on long-distance and local services had to expect delays and cancellations even after train services resumed into the evening.

Seamless management and documentation of decentralised assets

The sabotage incident at Deutsche Bahn shows once again how fragile the critical infrastructures in Germany really are. In addition, the example exposes a classic weak point of many CRITIS: decentralised components and facilities. It is often hardly possible to set up a stable power and internet supply in the field in order to also integrate decentralised objects into the already digitalised access control of the main locations. In addition to the danger of vandalism, remote facilities are often exposed to extreme weather conditions such as humidity, frost and high temperatures, which quickly lead to malfunctions and failures in electronic systems. Therefore, purely mechanical locking systems are often used. With these, however, it is hardly possible to trace who gained access and when. The problem is exacerbated in the event of key loss or theft – especially if this is not initially noticed or reported. In the worst case, the system remains unprotected until the entire locking system has been replaced at great expense and effort.

Digital solutions such as the individually configurable LSA can effectively close this security gap without the need to install special lines and routers. Because although it is a decentralised, web-based management system, it does not require a power or internet connection at the individual access points. Instead, all authorisations and documentation are saved on the respective identification media via data-on-credential technology. Depending on the application, these can be Bluetooth-enabled keys, smart cards or the user’s own smartphone. To grant access, the required information is transmitted to the cylinder via induction. Mechatronic cylinders are particularly suitable for remote access points, as they also obtain the energy required for operation in the same way and do not have to be specially wired. In contrast to purely mechanical cylinders, outsourcing maintenance work, as is common practice in the water industry, does not entail any security risk or effort: using the web application, access authorisations can be granted and revoked at any time, even at short notice and for limited periods of time – and the system documents every access that takes place.

Application-specific design of the access solution thanks to APIs

Many CRITIS place additional security requirements on their access control system. In June last year, for example, a fatal accident occurred at a transformer station in North Rhine-Westphalia, where a ground fault killed an employee. The tragic accident also caused the entire town of Kalkar in the Lower Rhine region, with its 14,000 inhabitants, to lose power as well as landline and mobile phone networks for several hours. Residential areas as well as companies, public facilities, shops and traffic safety installations such as traffic lights were affected. Here, too, it becomes clear what far-reaching consequences just one person in the wrong place at the wrong time can trigger. In the case of CRITIS, a malfunction or failure within the facility very quickly affects the general supply situation and public safety.

Many such accidents can be prevented by relying on scalable access solutions such as LSA, which can be connected to existing security systems thanks to appropriate APIs and individually equipped with additional functions. Especially for dangerous working environments such as transformer stations or wind turbines, it makes sense to allow automated system decisions to protect people. The system uses sensors to measure certain factors, such as wind speed or current flow or overvoltage. In many cases, this data is already collected for other purposes and can be made available to the LSA via suitable interfaces. As soon as predefined limit values are exceeded, at which personal safety is no longer guaranteed, access to the system or corresponding parts is automatically denied. By protecting against fatal misjudgements, the system also reduces the psychological strain on staff.

IT security is the be-all and end-all of modern CRITIS

But how can a change to a future-proof access control system succeed? Operators of critical infrastructures who want to expand the software functions within their access solution are initially confronted with a challenge: Critical IT systems must be fully inventoried, with all current information regarding manufacturers and product types. In addition, according to § 8a paragraph 1 BSIG, CRITIS operators are obliged to prove the availability, integrity, authenticity and confidentiality of their IT systems every two years. But LSA also provides support in this regard. All online and offline components can be installed, commissioned and documented in the software with the help of an integrated app – with additional geotagging if required. The scalability of the digital access solution is also indispensable in terms of legal requirements and data security. It allows the system not only to be expanded with application-specific functions and additional security measures as needed, but also to be adapted to new legislation and the constantly growing global IT security requirements – because the security component always scales with the user.

For more information, visit

The international ISEO group was founded in 1969 and today employs more than 1,200 people worldwide. Its portfolio includes security and access solutions that are geared to the needs of families, businesses and planners. ISEO develops and produces systems for intelligent access management. The solutions are aimed at many areas of application: from residential buildings to commercial and industrial facilities, hospitals, transport facilities and critical infrastructures. ISEO places emphasis on combining precise mechanics with mechatronics and intelligent electrical solutions. In this respect, the company covers the entire product spectrum and combines it in a central management system. The parent company ISEO Serrature s.p.a. is based in Pisogne (Brescia, Italy). ISEO Deutschland GmbH is one of a total of 14 subsidiary agencies worldwide and mainly serves the market in the DACH region.

Related Articles

Infineon: Roadmap for power supply units in AI data centers

Infineon: Roadmap for power supply units in AI data centers

Artificial intelligence leads to increasing energy demand of data centers worldwide Infineon’s new Power Supply Units (PSU) strengthen its leading position in AI power supply based on Si, SiC and GaN Operators of AI data centers benefit from the world's first 12 kW...

SITA unveils latest evolution in total airport management

SITA unveils latest evolution in total airport management

Launch of the new AI-powered platform follows a successful demonstration in 2023 with Canada’s Greater Toronto Airports Authority SITA, a leading technology company in the air transport industry, has launched its trailblazing airport management tool, the SITA Airport...

Share This