Security Robot Cybersecurity: Mandatory Programme for KRITIS Operators 2026

A patrol robot at the plant perimeter is not a sensor. It is a mobile Linux node with a radio link, cameras and loudspeakers. It opens four threat vectors at once. Operating it without a hardening profile has breached NIS-2 Article 21 since October 2024 and will breach the KRITIS Umbrella Act (KRITIS-Dachgesetz) from 2026. This text is written for CISOs who read pentest reports and keep board liability in view.

Security Robot Cybersecurity: Why 2026 Is the Threshold

NIS-2 has required KRITIS operators to risk-assess every networked sensor at the perimeter since 18 October 2024 (EU) 2022/2555, Art. 41. Mobile robot platforms fall within scope, even when procured as a physical security measure. Directive (EU) 2022/2555 makes no exception for autonomous devices.

A typical patrol robot generates 40 to 80 GB of telemetry per day [source needed]: video streams, LiDAR point clouds, GPS positions, audio. Each of these data flows can be exfiltrated and manipulated. Anyone who leaves the backend stream unencrypted hands over a site map of their own facility.

The 2024 and 2025 incidents at European logistics centres all followed the same pattern: default credentials on the maintenance interface, open MQTT brokers without TLS, unpatched Linux kernels. The attackers did not need zero-days. They needed Shodan and 20 minutes. [source needed]

The KRITIS-Dachgesetz draft requires physical and digital resilience as a joint evidence artefact. The old split between guard service and IT security is no longer audit-capable. Both disciplines deliver into the same document.

NIS-2 §38 reaches the management board personally. After an incident involving an unhardened security robot, the board carries liability, not procurement. We have set out the liability logic in Board Liability Under NIS-2.

Attack Surfaces of Autonomous Patrol Robots

A security robot exposes at least six attack surfaces. Each needs its own hardening profile.

Radio interfaces. 4G/5G modem for the primary backend link, Wi-Fi as fallback, Bluetooth for maintenance diagnostics. Each interface is a separate threat vector. Wi-Fi fallback without WPA3-Enterprise is no longer defensible in 2026. Bluetooth must be disabled in normal operation and only enabled via a signed maintenance token.

Sensor layer. Thermal cameras, LiDAR and microphones can be disrupted by targeted physical stimuli. Laser dazzling against LiDAR and ultrasound against MEMS microphones are documented attacks. Hardening happens at the evaluation layer: plausibility checks, sensor fusion, drop thresholds on signal anomalies.

Onboard compute. NVIDIA Jetson or x86 modules running Linux. Outdated kernels and unpatched CUDA drivers carry CVSS scores above 9.0 in the NVD. Anyone who fails to minimise the userland is transporting an attack arsenal on every patrol.

Backend integration. VMS integration runs via ONVIF, RTSP or MQTT. Unencrypted streams will not be audit-capable from 2026. RTSP without TLS and MQTT without mTLS fail at the first audit step.

Supply chain. Over-the-air firmware updates are the most dangerous vector. Without a signed boot chain, every update is a potential supply-chain attack. The attacker does not need physical access to the robot if they reach the update server.

Physical access. USB ports, maintenance hatches, SIM card slots. Tamper detection has to cover all three levels: electrical (switch), cryptographic (boot attestation) and procedural (four-eyes maintenance).

NIS-2 and KRITIS-Dachgesetz: Concrete Duties for Robot Operators

Article 21 NIS-2 requires four disciplines from essential entities: risk management, incident handling, business continuity, supply-chain security. Security robots fall under all four. Classifying them as a "physical measure" does not exempt them.

The reporting duty is concrete: security incidents at the robot (compromise of the control plane, unauthorised stream access, tamper alarm without resolution) have to be reported as an early warning to the BSI within 24 hours. The incident report follows after 72 hours, the final report after one month.

§11 of the KRITIS-Dachgesetz draft requires documented protection measures against physical and cyber-physical threats in a single evidence artefact. The KritisV remains applicable in parallel and defines thresholds per sector.

The three-yearly audit duty includes a penetration test of the robot system including backend integration. Omitting the robot from the audit because it was classified as a physical measure invites supplementary requests and delay periods.

In case of breach, fines apply up to 10 million euros or 2 percent of group revenue, depending on sector and severity (EU) 2022/2555, Art. 34. A sector overview is provided in KRITIS Requirements at a Glance. The BBK coordinates the cross-sector resilience requirements.

Hardening Baseline: What Quarero Ships by Default

The following measures are active in the as-delivered state of every Quarero robot. They are not optional and not switchable in normal operation.

Secure Boot. Signed firmware chain from bootloader to userland. No update without cryptographic signature from the Quarero build server. On signature failure the device boots into recovery mode and reports to the control room.

TLS 1.3 for every backend connection. MQTT runs exclusively over mTLS with a client-side certificate. Rotation every 90 days through the internal PKI. RTSP is replaced by SRTP or transported via IPsec tunnel.

Disk encryption. LUKS2 on all storage media with TPM-bound key. After theft or tampering, recordings cannot be read out cryptographically. Key rotation at every maintenance cycle.

Network segmentation. Robots run in a dedicated VLAN. No routing into OT networks without an explicit firewall rule with deep packet inspection. Zero-trust principle: every connection is authenticated, including inside the perimeter.

Hardened Linux base. Minimal userland (no compilers, no shells for service accounts), AppArmor profiles per process, fail2ban on all exposed ports, automatic CVE patches with a 7-day SLA for high and 72-hour SLA for critical.

Tamper switches. Maintenance hatches, USB ports and SIM slots are monitored with electrical switches. Tripping triggers an immediate alarm to the control room and locks the device. On next boot a boot attestation is run automatically. The hardware specification of the platform is in the datasheet for the QR-3 with LiDAR and drone detection.

Penetration Testing and Continuous Verification

Hardening without verification is assertion. The following cycle is part of every Quarero RaaS contract.

Annual pentest by an accredited third party with BSI certification. Scope: radio interfaces, backend API, physical ports, update supply chain. The report goes to the CISO and Quarero engineering in parallel. Findings with CVSS ≥ 7.0 are closed within 30 days.

Red team exercises with physical access attempts once per year. Test question: can an attacker compromise the robot in 15 minutes with commercially available maintenance tools, without triggering an alarm? The answer is in the exercise report.

Vulnerability scanning of onboard packages daily against NVD and distribution trackers. Critical CVEs (CVSS ≥ 9.0) are patched within 72 hours. High (≥ 7.0) within 7 days. Lower in the monthly maintenance window.

SIEM integration. Robotics logs go via syslog-ng or OTLP into the central SOC, correlated with perimeter events, access control systems and VMS. Tamper alarms automatically trigger a P1-priority incident ticket.

Quarterly audit report to the CISO. Content: patch status per CVE class, incident count, MTTR metrics per incident type, open findings from pentest and red team. The format is compatible with NIS-2 documentation. Details of the reporting structure are in NIS-2 Conformity for Robot Operators.

The standard EN ISO 13482 defines the safety-side requirements for mobile service robots and complements the security-side tests. Both pieces of evidence belong in the audit dossier.

Data Protection: GDPR-Conformant Processing at the Perimeter

NIS-2 and GDPR are separate regimes with an overlapping scope. A security robot processes personal data from the moment a person enters its field of view.

Person detection anonymises faces by default through on-device blurring. Raw images are only decrypted on alarm and with four-eyes release. The key is split between plant management and the data protection officer.

Retention periods: 72 hours by default, extendable on a documented incident up to 30 days. Automatic deletion with a cryptographically signed audit log. The deletion record is part of the GDPR dossier.

The data processing agreement is attached to every RaaS contract. Processing location: data centres in Frankfurt and Zurich. No third-country transfer. On contract signing a data protection impact assessment is delivered, compatible with the operator's existing DPO documentation.

Audio recording can be deactivated per patrol route. In co-determination plants, a works council agreement is a precondition for activation. Quarero provides a template text agreed in 2024 with IG Metall and ver.di.

RaaS Model as a Cybersecurity Advantage

The "buy or rent" question has a security dimension in robotics that is often overlooked in classic guard service comparisons.

Patch responsibility with the manufacturer. The operator does not need to maintain a Linux distribution, compile CUDA drivers or sign a boot loader. These tasks demand a specialist team. In most KRITIS operations such a team neither exists nor is economically viable to build.

Hardware refresh every 24 months. Outdated compute modules leave the operation before they become a risk. End-of-life boards with unpatched bootroms are a known problem in a purchase model after 36 to 48 months. In the RaaS model the question does not arise.

Single point of accountability. One contractual partner for hardware, software, updates and incident response. In an incident the CISO calls one number, not five. The escalation chain is fixed in the SLA.

Monthly OpEx of 3,500 euros for the QR-2 includes maintenance, patches, a pentest share and an incident response SLA (price as of May 2026, details under Robotics-as-a-Service Model). Training, distribution licences and PKI infrastructure are included.

The classic 24/7 guard post costs 15,000 to 25,000 euros per month at a lower cyber-hardening level [source needed]. The full cost comparison is in the TCO Comparison to Classic Guard Service. The commercial and contractual details of the Robotics-as-a-Service Model are available separately.

Implementation Path: 90 Days to Audit-Capable Operation

The following timeline was met in 11 of 13 Quarero implementations in 2024 and 2025 (internal project data, available on request). The two deviations were due to delayed VLAN approvals in the customer network.

Weeks 1 to 2. Threat modelling workshop with CISO, plant management and Quarero engineering. Method: STRIDE per component, asset inventory, data flow diagram. The result is a documented protection profile with risk classification per threat vector.

Weeks 3 to 4. VLAN segmentation, backend integration, certificate rollout. Quarero provides PKI templates and Ansible playbooks. Firewall rules are set under the four-eyes principle with the operator's network team.

Weeks 5 to 8. Pilot operation with two patrol routes. SIEM integration in production, alarm chain test with simulated incidents, red team exercise by an external third party. Findings are closed before transition to normal operation.

Weeks 9 to 12. Pentest final report, DPIA finalisation, training of control room staff. Handover to normal operation with documented escalation chain and 24/7 support hotline.

After 90 days, audit-capable documentation exists for BSI evidence, NIS-2 Article 21 conformity and KRITIS-Dachgesetz §11. The operational checklist is in KRITIS-Dachgesetz Checklist 2026.

Anyone who goes into BSI evidence in 2026 without this dossier will receive supplementary requests. Anyone who omits the security robot from it will receive them twice. For a technical first call with the Quarero engineering team, book a slot via Request KRITIS Consultation.