Critical infrastructure: Germany must become more crisis-proof
Attacks on infrastructure threaten security of supply. How well is Germany protected – and what is needed to make the state and society more resilient?
Interview: Felix Kuhlenkamp, Head of Security at Bitkom. Source: Bitkom e. V.
Attacks, cyber attacks, crisis communication: the security of critical infrastructure is increasingly in focus. In the interview below, Felix Kuhlenkamp, Head of Security at Bitkom, refers to the recent events in Berlin and explains the existing risks, necessary protective measures and political framework conditions.
Mr Kuhlenkamp, how well prepared is Germany for physical and digital attacks in your opinion?
The attack in south-west Berlin has highlighted how vulnerable critical infrastructure in Germany is. There is also a need for training in crisis communication. Our economic security study shows that the changed geopolitical situation is leading to increased attacks. Last year, the German economy suffered damages of 289.2 billion euros as a result of data theft, espionage and sabotage. The state and companies must adapt to this new threat situation. At the same time, citizens are also called upon to better prepare for crises and disasters, thereby contributing to the resilience of society as a whole.
How can public institutions better protect themselves against attacks, and what digital skills and technologies are needed to do so?
Public institutions should build up redundancies in a targeted manner, especially where critical services are provided. Since there is no such thing as 100% security, it is crucial to develop emergency and crisis plans and test them regularly. Digital skills are at least as important as physical protective measures. Cybersecurity is a central component, because physical and digital security cannot be considered separately.
What political framework conditions need to be created to set the course for an optimally secure infrastructure?
With the NIS 2 Directive and the CER Directive, the European Commission has created an important framework for harmonised digital and physical security. In Germany, however, there have been significant delays in implementation: NIS 2 has only been in force since December 2025, and the KRITIS umbrella law for implementing the CER Directive is still pending. It is now crucial that the regulations can be applied quickly in practice. Care should be taken not to create additional bureaucracy, but to effectively increase security.
Would you like to learn more about digital solutions for protecting critical infrastructure? Visit us at #SCCON26 and engage with leading experts in the industry.