What makes Cybersecurity different for critical infrastructure?

In critical infrastructure, cybersecurity isn't about prevention because successful attacks are inevitable. The real goal is resilience when downtime is not an option.

#1about 2 minutes

Providing essential services for the city of Munich

Stadtwerke München (SWM) is responsible for a wide range of critical infrastructure, including energy, water, mobility, and telecommunications.

#2about 6 minutes

Why minimal downtime is non-negotiable for critical infrastructure

Unlike typical businesses, critical infrastructure like electricity cannot tolerate downtimes of days or even hours, making redundancy a core design principle.

#3about 6 minutes

Defending against professional and state-sponsored cyber units

Cyber threats have evolved from individual script kiddies to highly organized, well-funded military cyber units like Sandworm, changing the entire defensive landscape.

#4about 6 minutes

Managing the long lifecycle of operational technology equipment

Operational technology components have lifecycles of 15 to 40 years, creating a mix of modern and legacy systems that are difficult to secure.

#5about 10 minutes

Why even new OT equipment can be a security risk

Even recently installed OT hardware often lacks modern IT security features like TLS encryption or role-based access control due to long development cycles.

#6about 5 minutes

Navigating a fast-developing landscape of security regulations

Critical infrastructure operators must comply with a growing number of national and international standards like ISO 27000, NIS2, and the Cyber Resilience Act.

#7about 7 minutes

Building trusted partnerships with technology vendors

As system integrators, critical infrastructure providers rely on honest and transparent relationships with vendors to quickly resolve issues and ensure system reliability.

#8about 4 minutes

Using business continuity to prepare for inevitable attacks

Accepting that successful attacks will happen, the focus shifts to robust Business Continuity Management (BCM) to detect, isolate, and recover services.

#9about 15 minutes

Key industry debates on hardware regulation and reporting

The industry is actively debating whether authorities should regulate hardware for critical infrastructure and how to establish effective cyber attack reporting protocols.

#10about 10 minutes

Joining the team: Remote work and language policies

SWM offers flexible remote work options, typically three days from home, but requires a willingness to learn German as it is the primary company language.

#11about 11 minutes

How teams work with agile methods at SWM

Teams at SWM have the autonomy to choose their own work methodologies, often using agile, scrum, or kanban depending on the project's needs.

#12about 10 minutes

The unique culture and benefits of a public utility

Working at SWM provides a strong sense of purpose by serving the city, combined with benefits like job security, unlimited contracts, and pension schemes.

#13about 13 minutes

Fostering diversity and what to expect in hiring

SWM actively promotes a diverse and inclusive environment and looks for self-motivated team players in a straightforward, two-interview hiring process.

#14about 10 minutes

Keeping up with emerging trends in cybersecurity

Staying current involves a multi-path approach of industry networking, continuous learning, and hands-on personal projects, with Zero Trust and AI being key emerging technologies.