Robotics Cyber Incident: Response Duties for KRITIS

An autonomous patrol robot is an OT component at the perimeter and a physical protection measure at the same time. Both properties trigger reporting obligations the moment the protective function fails. This text describes the operational sequence for KRITIS operators in the DACH region, from detection through to restart.

Robotics Cyber Incident: Definition and Triggers

A technical defect exists when a battery fails, a motor blocks, or a sensor delivers incorrect values with no external interference detectable. A security-relevant cyber incident exists as soon as the integrity, availability, or confidentiality of the robotics platform is compromised by an external or internal attacker. The distinction is drawn from forensic indicators, not from visible symptoms.

3 typical attack vectors apply to autonomous patrol robots. First: a compromised update pipeline, where signed firmware is replaced by manipulated packages. Second: manipulation of the MQTT or telemetry channels between the robot and the control station. Third: radio interference with the LTE backhaul connection, for example through jamming or targeted overload.

Indicators on the QR-2 or on the QR-3 with LiDAR and drone detection include unexpected route deviations, repeated authentication failures at the charging station, and telemetry drift against the learned movement profile. Each indicator alone does not constitute an incident. The combination of 2 indicators within 10 minutes qualifies as a Level-2 event in the Quarero playbook.

The threshold for the reporting obligation is unambiguous. As soon as the protective function at the perimeter is impaired, the NIS-2 reporting obligation applies. Impaired means not only complete failure, but also reduced detection performance or route failure in a defined protection zone.

Responsibility for reporting remains with the operator, even when the robot is operated under the Robotics-as-a-Service model. The provider supplies technical clarification. The CISO of the operating facility is accountable for the notification to the authority.

Legal Framework: NIS-2, KRITIS-Dachgesetz, BSIG

The NIS-2 Directive obliges affected entities to issue an early warning within 24 hours, an interim report within 72 hours, and a final report within one month. The 24-hour deadline requires an early warning containing verifiable key facts, not a complete incident report. This distinction is decisive in the operational sequence, because it materially reduces the requirements placed on the initial notification.

The KRITIS-Dachgesetz extends obligations to physical protection measures and defines cross-sector minimum requirements. Autonomous robotics at the perimeter therefore falls under both regimes: NIS-2 for the OT component, the Dachgesetz for the physical protective function.

The KritisV defines which facilities qualify as critical infrastructure and are therefore subject to reporting obligations. BSIG §8b requires notification via the BSI reporting portal, in parallel to the competent sector authority. The documentation obligation includes audit-capable retention of logs for at least 24 months.

Board liability under NIS-2 Art. 20 is personal. A missed or delayed notification is sanctionable. The analysis NIS-2 Board Liability covers the interpretation of this liability provision in detail. The BBK coordinates civil protection and cross-sector resilience requirements for KRITIS operators and provides supplementary guidance for risk analysis.

Detection: Sensors and Telemetry as Early Warning

The QR-2 sends a heartbeat every 5 seconds to the SOC. A failure lasting more than 30 seconds triggers a Level-1 alarm. This threshold is low enough to allow rapid response and high enough that radio shadows and brief reconnects are not classified as incidents.

Anomaly detection on movement profiles identifies route manipulations without requiring operator intervention. The system compares the current patrol against the learned profile from the preceding 30 days. Deviations above 15 percent generate a Level-2 event.

Thermal and LiDAR data are transmitted with a digital signature. A signature break is classified as an integrity incident and leads to immediate isolation of the affected unit. This measure is automatic. It does not wait for a human decision.

SIEM integration uses Syslog to Splunk, QRadar, or Sentinel. These 3 platforms cover the SOC stacks prevalent in DACH. A custom integration is included in the standard contract, provided the target SIEM supports Syslog or Common Event Format.

Correlation with physical events such as fence contact or drone signatures reduces false alarms by approximately 60 percent. This figure is based on evaluations from live deployments and is site-dependent. Sites with high wildlife activity produce lower figures; urban locations produce higher ones.

Containment: Immediate Measures in the First 60 Minutes

The first step is placing the robot into safe mode. Movement stops, sensors remain active for evidence preservation, actuators are locked. The robot continues to document its surroundings without moving.

The second step is network segmentation. The robot backhaul is separated from the production OT network via VLAN. This separation already exists during normal operations. In an incident, the uplink of the affected segment is additionally isolated.

The third step is credential rotation. API tokens and certificates of the affected unit are revoked. New tokens are issued only after forensic clearance. This step is frequently the most time-critical, because outdated tokens persist in backups.

The fourth step is fallback to security personnel. The predefined escalation path to the service provider carries a 30-minute on-site presence SLA. The costs of this fallback are accounted for in the calculation of Wachschutz costs compared.

The fifth step is preservation. A complete image of the robotics controller is secured before any restart or software reset occurs. Without this image, subsequent root-cause analysis cannot be made audit-capable.

Notification: Meeting the 24-Hour Window Cleanly

The initial notification contains 5 mandatory items: timestamp of detection, affected facility, suspected vector, impact on the protective function, and immediate measures taken. Hypotheses must be labeled as such. Speculation is not permissible in the initial notification and can burden the subsequent assessment of due diligence.

3 notification channels apply. The BSI reporting portal is the primary route. The sector CSIRT is informed in parallel. The competent state authority is notified subsequently, where state-law provisions require it. In practice this means 3 separate notification texts sharing an identical factual core.

A notification template is held as an annex to the RaaS contract. The template is aligned with the BSI portal format and reduces processing time for the initial notification to typically 30–45 minutes. The template does not replace legal review. It structures it.

Role assignment happens before an incident, not during one. The CISO notifies the authority. The site manager escalates internally. The board is informed within 4 hours. This sequence is documented in the RACI matrix of the operational ISMS and tested in the tabletop exercise.

No speculation in the initial notification. Only verifiable facts belong in the mandatory field. Hypotheses belong in a separately labeled assumptions field. This separation protects the facility when the authority later requests access to the file.

Forensics and Restart

The forensic image is created in accordance with the BSI guidance on IT forensics. The chain of custody is documented without gaps, from the time of creation through to handover to the forensics provider. Any break in this chain makes the evidence vulnerable to challenge in court.

Root-cause analysis is completed within 14 days, jointly with Quarero Engineering. This deadline is tight but necessary, because the final report under NIS-2 is due within one month. Methodological reference for the risk assessment of autonomous systems is provided by EN ISO 13482, which defines safety requirements for personal care robots. The standard does not apply directly to patrol robotics, but serves as a recognized methodological basis.

Patch and hardening measures are reviewed before restart, not after. This sequence is non-negotiable. A restart with an unpatched vulnerability disqualifies the entire forensic process.

Restart proceeds in 3 stages. Test operation for 48 hours without protective effect, restricted operation for 72 hours with reduced patrol frequency, full operation after sign-off by the CISO and Quarero Engineering. Each stage is documented in the audit log.

Lessons learned are fed into the operational ISMS. The protection concept is updated, the tabletop exercise is revised, and indicator thresholds are adjusted where necessary. An incident that does not result in a documented adjustment is not closed.

Contractual Safeguards in the RaaS Model

The Quarero incident response SLA specifies 2 deadlines. Engineering is available remotely within 2 hours and on-site within 24 hours across DACH. These deadlines apply 24/7, not only during business hours.

Liability allocation is clearly defined. The operator carries the reporting obligation toward authorities. The provider carries technical clarification. This division follows the logic of the BSIG and avoids gaps in accountability.

A penetration test is conducted annually. The report goes to the operator. No surcharge applies within the RaaS tariff. The report is part of the evidentiary obligation toward auditors and simplifies preparation for the biennial KRITIS audit under BSIG §8a.

Proof of insurance is a contractual component. The cyber policy covers third-party damages, including damages arising from robotics incidents. The coverage amount is specified in the contract annex and is calibrated to the risk class of the facility.

The exit clause applies in the event of a repeated serious incident without resolution within 30 days. The operator may terminate the contract for cause without paying any remaining term. This clause is included in the standard contract and is non-negotiable.

Pilot Path for KRITIS Operators

Before commissioning, a tabletop exercise takes place with Quarero and the competent CSIRT. Duration is 4 hours. The exercise covers 3 scenarios: update compromise, telemetry manipulation, and LTE jamming.

The trial run lasts 14 days and includes a simulated incident with a complete notification walkthrough up to a BSI portal dry run. This dry run is coordinated with the BSI in advance. It does not generate a real notification, but documents the complete process.

Integration is into the existing SOC. No parallel structure is created. This requirement avoids redundant alarms and reduces the load on SOC tiers. Operational details are documented in the KRITIS requirements overview.

Robotics delivery occurs within 48 hours of contract signing. This figure applies to standard configurations in DACH. Special configurations extend delivery time to up to 10 working days.

The first quarter is accompanied by monthly reviews, then quarterly. Reviews cover incident statistics, indicator evaluation, and adjustments to the protection concept. Preparation for the pilot phase follows the KRITIS-Dachgesetz checklist 2026.

For contract design and SLA coordination, Marcus Köhnlein, Sales Lead Switzerland is the point of contact. A specific request including site data and sector classification reaches us via the contact page. A response with a proposal for the tabletop exercise and trial run follows within 24 hours.