Holger Kelle

INCITIAS’ Comprehensive Approach to Critical Infrastructure Security

Integrated Threat and Vulnerability Assessment

Over the past 18 months, INCITIAS has consulted on critical infrastructure assessments for LNG facilities across Europe, developing an integrated approach to vulnerability assessments. Recently, in collaboration with Schäfer Group, INCITIAS initiated threat and vulnerability assessments for our clients align with:

• API RP 780 – Security risk assessment in critical energy infrastructure
• ISPS Code – Security measures for LNG carriers and marine infrastructure
• BSI Grundschutz – Cybersecurity framework for industrial networks
• ISO 27001 – Standard for information security management systems (ISMS)

All these systems—BSI, API, ISPS, and ISO 27001—share a similar approach but differ in how requirements and risks are defined. By integrating them into a single database, organizations gain full traceability of risk mitigation measures across physical, maritime, and cyber domains.

Compliance with NIS2 and CRITIS Directive

Compliance with NIS2 and CRITIS Directive
The NIS2 Directive and CER (CRITIS) Directive impose stringent requirements on critical infrastructure operators, mandating risk management, cybersecurity measures, physical security enhancements, and strategies for resilience and recovery—particularly across supply chains. INCITIAS ensures compliance by:

• Conducting cyber risk assessments aligned with BSI Grundschutz and ISO 27001
• Implementing enterprise-wide risk management strategies, including resilience and recovery planning
• Advising on design and engineering solutions that address both physical and cyber threats
• Ensuring alignment with European legislative frameworks for infrastructure resilience

By leveraging its regulatory expertise, INCITIAS helps clients navigate complex security laws while strengthening operational resilience and safeguarding supply chains

Cybersecurity Resilience and Digital Threat Management

The increasing digitization of LNG facilities has exposed them to cyber threats, including ransomware attacks, SCADA system intrusions, and data breaches. INCITIAS provides through our IT partners state-of-the-art cybersecurity consulting services that include:

• Penetration testing and incident response planning.
• Network segmentation and zero-trust security architectures for LNG industrial control systems (ICS).
• Cyber risk mitigation strategies tailored to LNG operators.

Enterprise-Wide Risk Management Integration

INCITIAS goes beyond traditional risk assessments by ensuring that threat and vulnerability assessments are integrated within an enterprise-wide risk management framework. This includes:

• Supply chain resilience planning – ensuring that LNG supply routes remain operational in times of crisis.
• Incident response and recovery planning – establishing playbooks for rapid response to cyber and physical threats.
• Operational continuity strategies – enabling LNG operators to withstand and recover from potential disruptions.
• A deep understanding of technical risk and technologies used on site, through Operational Readiness and facility specific technical safety assessments such as  HAZOPs, HAZIDS and QRAs

Ensuring Operational Readiness

It was found that the ISPS and critical infrastructure approvals process can become a bottleneck before terminal start-up and the early operating phase. To address this, INCITIAS implements security measures during the detailed design phase, embedding these features from the outset. INCITIAS also provides upgrades for existing LNG terminals, enhancing resilience and protection. Additionally, the company offers consulting during the initial design phase, advising on proactive strategies to integrate security best practices early. This flexible approach enables LNG operators at any stage of development to enhance security, meet regulatory requirements, and maintain long-term resilience

Why Choose INCITIAS?

Industry Expertise and Proven Credentials

INCITIAS has a track record of success in delivering critical infrastructure security solutions for LNG terminals, backed by:

• Expert consultants with decades of experience in LNG the LNG industry,
• Proven methodologies based on API RP 780, BSI Grundschutz, ISO 27001, NIS2, ISPS, and CRITIS Directive.
• Strategic partnerships with IT security firms, enabling access to cutting-edge security solutions.

Tailored, Scalable Security Solutions

INCITIAS does not offer a one-size-fits-all approach. Instead, we provide customized security strategies which align with each client’s unique operational needs. Our services are scalable, ensuring both small LNG terminals and large-scale facilities receive the right level of security enhancements.

Regulatory Navigation and Compliance Assurance

Staying ahead of evolving regulatory requirements is a challenge for LNG operators. INCITIAS provides ongoing consulting to ensure clients are always one step ahead of compliance obligations, reducing the risk of regulatory penalties and security vulnerabilities.

Partnering with INCITIAS for Comprehensive LNG Security and Compliance

With increasing security threats and regulatory pressures, LNG terminal operators cannot afford to take security lightly. INCITIAS stands at the forefront of critical infrastructure protection, offering end-to-end consulting solutions which ensure compliance, resilience, and operational continuity.

By partnering with INCITIAS, LNG operators gain access to industry-leading expertise in cybersecurity, physical security, risk management, and regulatory compliance. Our comprehensive approach ensures your facility is not only protected against current and emerging threats, but alignment to a vast array of new regulatory requirements are met and embedded within the organisational fabric

Schedule a consultation today 📩 info@incitias.com to discover how we can help secure your LNG infrastructure and ensure full compliance with the latest industry regulations.

Further reading on Critical Infrastructure and INCITIAS can be found here.