top of page
Search

GERMAN PARLIAMENT PASSED THE KRITIS UMBRELLA ACT, ESTABLISHING UNIFORM SECURITY RULES FOR CRITICAL INFRASTRUCTURE, AND ISRAEL ORDERED MSF TO CEASE OPERATIONS AND LEAVE GAZA BY MARCH

  • Senior Editor
  • 23 hours ago
  • 4 min read

January 29-February 4, 2026 | Issue 5 - Emergency Management, Health, and Hazards (EMH2) Team

Chiara Michieli, Nimaya Premachandra, Nirmal Jose, Ignacio Valdés Fuentes, Indira Hankins, Andrew Britland, Leon Kille

Clémence Van Damme, Senior Editor

 

Power Plant[1]


DateJanuary 29, 2026

Location: Germany

Parties involved: Germany; federal parliament; Federal Office of Civil Protection and Disaster Relief (BBK); Federal Office for Information Security (BSI); state authorities; Europe; public and private entities; critical sectors; exposed sectors; food and energy sectors; small-sized private facilities; people in rural areas; threat actors; unauthorized third parties; Russian proxy cyber actor APT-28; Russian proxy actors;  low-level agents

The event: The federal parliament passed the Umbrella Act for Critical Infrastructure Protection (KRITIS), setting an unprecedented uniform regulation for the security of critical sectors.[2]

Analysis & Implications:

  • The Umbrella Act’s terms will very likely restrict small-sized private facilities from obtaining security resources, likely leaving rural critical infrastructure vulnerable to hybrid attacks. The exclusion will likely limit the access small-sized private companies have to information-sharing channels on priority security risks, likely affecting their ability to prepare for disruptions. Restricted access to funds and innovative security training provided to address such identified security risks, especially in areas of cybersecurity, will very likely increase the vulnerability of small-sized rural facilities by lacking guidance on implementing adequate risk mitigation efforts, such as reinforcing network and data security. There is a roughly even chance that this security vacuum will draw the attention of threat actors attempting to exploit data exposure, allowing them to transmit intelligence to unauthorized third parties, likely facilitating future hybrid attacks on rural critical infrastructure.

  • Russian proxy cyber actors will very likely target sectors that are not fully covered by the Umbrella Act, such as the railway infrastructure and train system, likely generating a hyper-concentration of activity in areas where the KRITIS law fails to provide effective coverage.  Russian proxy actors, such as APT-28, have a roughly even chance of carrying out cyber operations targeting communication between trains and their control systems, given the complexity of securing jointly managed infrastructure. Such attacks will likely motivate low-level agents working as proxies to sabotage train operations through small-scale operations, such as bomb threats by unattended bags or the blockage of railway lines. Disruption of the train transport infrastructure has a roughly even chance of cutting critical support lines in Germany and the EU, such as the Trans-European Transport Network, from delivering energy supplies, agricultural products, and industry resources throughout Europe.

  • The all-hazards approach promoted by KRITIS will very likely increase the resilience of critical sectors to natural disasters and climate change through cooperation with state authorities and the adoption of a uniform risk-management approach. Factors such as the centralized incident reporting system will very likely enable the BBK and BSI to conduct comprehensive threat assessments and track sector-specific vulnerabilities. Such monitoring will very likely improve the response to climate-change-related slow-onset events in particularly exposed sectors, such as the food and energy sectors, likely by increasing authorities' situational awareness and promoting the adoption of preventive mitigation measures. Such closer cooperation with state authority has a roughly even chance of resulting in the adoption of standardized mitigation and risk-management measures across both public and private entities, very likely increasing the effectiveness of BBK's disaster assistance support.  


Date: February 1, 2026

Location: Gaza Strip, Palestine

Parties involved: Palestine; civilians; healthcare sector; Al-Nasr Medical Complex and Al-Shifa Hospital; medical organizations in Gaza; healthcare alternative providers in Gaza; major international humanitarian aid providers in Gaza; Israel; Israeli government; Israeli authorities; Coordinator of Government Activities in the Territories (COGAT); Israeli civil and military administrative bodies;  humanitarian non-governmental organization (NGO) Doctors Without Borders (MSF); humanitarian UN Relief and Work Agency (UNRWA); WHO

The event: Israel has ordered MSF to stop operating in Gaza and leave by March.[3]

Analysis & Implications:

  • The Israeli ban on MSF will very likely destabilize Gaza’s healthcare sector by jeopardizing support from alternative providers such as the WHO and UNRWA, likely resulting in a broader contraction of humanitarian medical services. This ban will likely prompt other providers to reevaluate their presence in Gaza in response to escalating security risks to staff and the demonstrated risk of sudden organizational expulsion, very likely calling into question their operations’ feasibility under deepening personnel strains. The reduction in preparedness from the loss of major humanitarian aid providers will likely fail to provide medical assistance during local deadly events such as airstrikes and artillery attacks, causing widespread strain on hospitals, especially those supported by NGO’s such as Al-Nasr Medical Complex and Al-Shifa Hospital. This will likely force remaining humanitarian and medical organizations, including WHO, to pivot further to a compromised reactive crisis management system rather than preventative care, increasing the risk of injury and death from both violent events and routine civilian health needs.

  • Israel’s expanded regulatory influence over aid distribution in Gaza likely demonstrates its intention to shift away from sporadic military control to sustained influence on civilians in Gaza. Israeli civil and military administrative bodies, such as COGAT, will very likely take over many functions currently managed by NGO’s across critical sectors like health and sanitation, likely shifting humanitarian access to an administrative system that embeds the Israeli government in everyday life. Israel will likely leverage this reliance by tying civilian compliance to access to essential aid, having a roughly even chance of remotely overseeing civilian policy to ensure sustained governance over Gaza. This embedded administrative leverage will very likely formalize and systematize existing controls, almost certainly enabling Israeli authorities to use aid-linked compliance mechanisms to further constrain collective political mobilization, travel permissions, and access to essential supplies over time

[1] Richmond Power Plant, Christiansted, St. Croix, USVI, by Deanne Swain, licensed under Public Domain. (The appearance of U.S. Department of Defense (DoD)/Department of War (DoW) visual information does not imply or constitute DoD/DoW endorsement)

[2] Germany to harden critical infrastructure as Russia fears spike, France24, January 2026, https://www.france24.com/en/live-news/20260129-germany-to-harden-critical-infrastructure-as-russia-fears-spike 

[3] Israel bans MSF from Gaza after charity refuses to hand over staff list, Middle East Eye, February 2026,

 
 

Reports

Careers

Privacy Policy 

Services

Terms & Conditions 

  • Linkedin
  • Instagram
  • Twitter
  • Facebook

Interested in joining us? Learn more

 

© The Counterterrorism Group (CTG) - 2026 - This website and all of its contents are copyrighted by The Counterterrorism Group, Inc. 2026. Any use, reproduction or duplication of the contents of this website without the express written permission of The Counterterrorism Group (CTG) is strictly prohibited.

bottom of page