From Guarding to Resilience Architecture: The New Role of Security Providers

The European security industry is passing through a quiet but decisive transition. For decades, its business logic was expressed in hours of guarding, patrol rounds and static posts. The yardstick was presence. The regulatory, technological and geopolitical conditions that Dr. Raphael Nagel and Marcus Köhnlein describe in KRITIS. Die verborgene Macht Europas now force a different question. Not how many hours are staffed, but how reliably a critical system keeps functioning in the first 72 hours of a serious disturbance. That shift moves security providers out of the subcontractor category and into the architecture of resilience. For Quarero Robotics, this reframing is not a slogan but the operational premise that shapes how autonomous security robotics are designed, deployed and integrated into KRITIS environments.

From Hours of Presence to Architecture of Function

The canon is explicit on this point. Chapter 10 of the book repositions security providers as independent actors within a KRITIS ecosystem whose decisions and competences flow directly into the resilience balance of a country. That language matters. A resilience balance cannot be computed in guarding hours alone. It is a function of infrastructure, redundancy, organisation and responsibility, the four factors the introduction identifies as the structural formula of resilience. A provider that only sells presence covers one column of that matrix. A provider that contributes to architecture addresses all four.

In practical terms this means moving the conversation from post descriptions and patrol schedules to service level definitions tied to the functioning of the protected system. The relevant questions become how quickly a disturbance is detected, how reliably it is documented, how consistently escalation reaches the right decision maker, and how the site behaves when the control room, the mobile network or the power supply is itself under stress. These are architectural questions. They cannot be answered by adding another guard to the roster, and they cannot be outsourced further down the chain without losing exactly the substance that regulators, from the IT Security Act to the NIS2 transposition, now expect to see demonstrated.

Cooperation Flows: Authorities, Operators, Technology Partners

The KRITIS landscape described in the book is populated by a relatively small circle of systemically relevant operators, a concentrated regulatory apparatus around the BSI and the sector specific supervisors, and a layered ecosystem of technology partners. A modern security provider sits at the intersection of these three flows rather than at the end of a procurement chain. Upstream toward authorities, it must be able to speak the language of reportable incidents, state of the art and organisational diligence. Downstream toward operators, it must translate legal obligations into operable procedures that hold at three in the morning. Sideways toward technology partners, it must integrate sensors, robotics, identity systems and control room software without becoming a systems integrator that forgets its security mandate.

Quarero Robotics approaches this triangle with a deliberately narrow role. The company contributes autonomous mobile platforms, their perception stack and the interfaces that connect them to existing control rooms and incident workflows. It does not replace the operator's governance, it does not replace the provider's command responsibility, and it does not substitute for the supervisory function of authorities. What it does is remove one recurring weakness in the cooperation flow, namely the gap between what a site can technically observe and what a human team can realistically sustain over long shifts, large perimeters and unpredictable incident loads.

Acknowledging the Personnel Shortage Without Euphemism

The honest starting point is that qualified security personnel are scarce across the DACH region and across Europe. The book frames this as a double imposition on the industry. On one side, clients expect uninterrupted coverage of growing surfaces at controlled prices. On the other side, the expectations regarding professionalism, documentation, technical integration and legal compliance keep rising. The arithmetic does not resolve itself through motivational appeals or through the next recruitment campaign. It resolves through architecture, which is why the canon treats robotics, Robot as a Service and integrated control room concepts as rational consequences of responsibility rather than as fashionable additions.

A security provider KRITIS resilience strategy that refuses to name this shortage openly will eventually fail under audit, under incident or under cost pressure. Naming it allows a different conversation with operators and works councils. Robotics are not introduced to reduce headcount as a first order objective. They are introduced because the alternative, under realistic personnel conditions, is degraded coverage, degraded documentation and degraded reaction times. The question is not whether human judgement remains central. It does. The question is what human judgement should be spent on, and what can be carried by autonomous systems that do not tire, do not skip a patrol and do not lose log entries.

Robotics as Extension of Skilled Human Staff

The canon is careful not to frame robotics as a replacement technology. Chapter 11 describes security robotics as mobile infrastructure and positions them alongside stationary systems and guard personnel, not against them. Quarero Robotics builds its platforms on the same premise. An autonomous unit on a logistics yard, a substation perimeter or a data centre campus performs the repetitive, geometry heavy part of the work. It walks defined routes, records thermal and visual data, detects anomalies against a learned baseline and feeds structured events into the control room. What it does not do is decide, de escalate or carry institutional memory. Those remain human tasks.

The practical effect is that skilled staff are freed from the parts of the shift that erode attention and exposed more consistently to the parts that require judgement. A dispatcher who is no longer monitoring forty static cameras in parallel can actually read the incident that matters. A patrol officer who is no longer walking the same fence line for the fourth time in a shift can respond to a verified alert with full situational focus. This is what the book means when it describes the shift from guarding to resilience architecture. The human role becomes more demanding, not less, and the provider's training, retention and governance responsibilities grow accordingly.

Robot as a Service and the Economics of Resilience

Chapter 12 of the canon treats Robot as a Service as a way to move robotics from a capital good into a service line. For security providers this model carries a specific meaning. It allows them to offer resilience capacity that scales with the operator's risk profile rather than with a depreciation schedule. A KRITIS operator facing a seasonal risk window, a construction phase or a temporary threat level can receive additional autonomous coverage without a multi year investment decision. When the exposure recedes, the capacity recedes with it. The contractual relationship stays with the security provider, which preserves the chain of responsibility that authorities expect to see.

For Quarero Robotics this model also protects the quality of the fleet. Continuous updates, supervised learning cycles and hardware refresh are handled by the manufacturer and the service partner rather than by the end client. The operator receives a current state of the art, which is the legal standard the book identifies as a moving target. The provider receives a technology base that it can actually defend in audits and in incident reviews. The economics of resilience, in this framing, stop being a pure cost discussion and start being a discussion about how predictable the protected system behaves under stress.

What This Means for Boards and Security Leadership

For executive boards of KRITIS operators, the repositioning of security providers has a direct governance consequence. The selection of a security partner is no longer a procurement exercise at the facility level. It is a decision about who co owns a part of the resilience architecture on which the operator's licence to operate ultimately depends. That decision belongs on the same table as cyber security, business continuity and critical supplier management, because in the 72 hour window described in the book, those domains converge into a single operational reality.

For security leadership inside provider organisations, the implication is equally concrete. The competitive frontier is no longer the hourly rate. It is the ability to present an integrated offering in which trained personnel, autonomous platforms, control room integration, documentation discipline and legal literacy form one coherent service. Quarero Robotics engages with this frontier as a technology partner that understands its place within it. The company supplies capability, not narrative. The architecture is built by the provider, the operator and the authorities together, which is precisely the cooperation model the canon describes.

The transition from guarding to resilience architecture is not a branding exercise, and it is not complete. It is a structural adjustment that the regulatory environment, the threat landscape and the labour market are jointly forcing on the European security industry. The book by Dr. Raphael Nagel and Marcus Köhnlein gives this adjustment a clear conceptual frame. Stability is a function of infrastructure architecture. Resilience is an operational capability that emerges where technology, organisation and responsibility reinforce each other. Security providers sit inside that equation, not next to it. Quarero Robotics contributes to this equation with autonomous platforms that extend the reach and consistency of skilled human staff, with service models that keep the technology current, and with an integration logic that respects the governance boundaries between operators, providers and authorities. The personnel shortage will not disappear, the regulatory pressure will not ease, and the 72 hour horizon will not become less demanding. What can change is the architecture in which all of this is held together. Quarero Robotics is built for that architecture, and the role of the security provider, read through the canon, is to build it with the seriousness it deserves.