In early January 2026, an arson attack on a cable bridge in Berlin led to a widespread power cut. Around 45,000 households and 2,200 businesses were temporarily without electricity and, as a result, without heating, internet or mobile phone coverage. The capital declared a major emergency. Just a few months later, a fire brought a substation in Reutlingen, Baden-Württemberg, to a standstill. Around 30,000 people in 7,600 households were affected by the consequences. And in Bavaria, too, the security of critical infrastructure has recently come under the spotlight: following a failed arson attempt on an electricity pylon near Pentling, a cable fire broke out at the Regensburg hydroelectric power station. Although a power cut was avoided, a camera at the Bad Abbach lock failed and ships had to navigate by sight at short notice. The incidents differ in scale and consequences. Together, however, they demonstrate just how vulnerable supply infrastructure has become. At the same time, it is clear that security cannot be measured solely by whether an incident is prevented. What is far more crucial is how quickly risks can be identified, impacts mitigated and affected systems restored to stable operation. The way in which Berlin’s Governing Mayor handled the power cut also demonstrates that resilience is also a matter of clear lines of responsibility and transparent communication.
- 07/01/2026
- Industry news
- Critical infrastructures (CRITIS)
- Safety in everyday life
Building resilience: Why security can only be achieved by working together
Berlin, Reutlingen, Regensburg: Three (attempted) arson attacks highlight just how quickly disruptions can have far-reaching consequences for supply chains, and why resilience is becoming the key security challenge of our time.
Written by Alice Vicentini

Resilience refers to the ability of organisations, infrastructures and societies to protect themselves against an incident, to ward off an incident, to respond to an incident, to limit the consequences of an incident, and to absorb and manage an incident.
Resilience, yes, but how?
Measures that build resilience include technical and structural safeguards as well as organisational precautions: from the monitoring and detection of potential hazards, through access controls and perimeter security, to contingency plans, crisis management structures and redundancies for critical processes. As threats increase – such as hybrid threats (sabotage and espionage), extreme weather events and human or technical failure – so too does the responsibility of operators, public authorities and businesses. Solid preparation is crucial for strengthening resilience. Regular risk analyses, drills and the continuous refinement of security concepts are essential prerequisites for remaining capable of acting, even under exceptional circumstances.
CRITIS Umbrella Law: Resilience requires a regulatory framework
This transforms voluntary precautionary measures into a mandatory requirement. The (only in german language) umbrella law on strengthening the physical resilience of critical infrastructure (CRITIS Umbrella Law), which has been in force since 17 March 2026, makes the physical resilience of critical infrastructure a mandatory requirement and incorporates many requirements that have long been relevant in practice into a regulatory framework. Operators of critical infrastructure are required to register on the joint platform run by the Federal Office for Civil Protection and Disaster Assistance (BBK) and the Federal Office for Information Security (BSI) within three months of a facility being designated as critical. They must then systematically assess risks, devise appropriate protection and resilience measures, and establish clear structures for registration, reporting channels and responsibilities. The facilities affected include operators of critical infrastructure whose failure would have a significant impact on security of supply, public order or social stability:
• Energy
• Transport
• Finance and insurance
• Healthcare
• Drinking water and wastewater
• Food
• IT and telecommunications
• Space
• Municipal waste management
• State and social security
The Federal Office for Information Security (BSI) classifies around 30,000 facilities in Germany as KRITIS-relevant. However, as of March, only 11,000 had registered. They have until 17 July 2026 to do so.
Resilience requires dialogue
However, whilst clear legal requirements are important, it takes more than registration obligations to build resilience. It is crucial that security strategies look beyond individual facilities. After all, an incident rarely affects just a single site or operator. Supply chains, transport routes, communications networks and energy supplies are closely interlinked. Technical disruptions can quickly have economic or societal consequences.
Resilience is therefore not solely the responsibility of individual organisations, but a shared responsibility of the state, the business sector and society.
Regulatory frameworks such as the CRITIS umbrella law and state-of-the-art technologies such as drones and digital twins are not enough on their own. The exchange of knowledge and experience is just as important. This is because security managers today face similar challenges: escalating threats, increasingly complex infrastructures, new regulatory requirements and limited resources. This is precisely why platforms for interdisciplinary exchange are becoming increasingly important.
This is precisely where Perimeter Protection comes in. From 19 to 21 January 2027, Europe’s leading trade fair for integrated perimeter protection will bring together key players from the security industry in Nuremberg. In a city that, with events such as Perimeter Protection, it-sa (Europe’s specialist trade fair for IT security) and Enforce Tac (Germany’s leading trade fair for security and defence), forms one of Europe’s most important security clusters, experts will discuss the future of critical infrastructure protection – from current regulatory requirements and innovative technologies to holistic resilience strategies.
After all, recent events have shown that the security of critical infrastructure is a key prerequisite for the stability of the economy, the state and society.
