Intrusion detection systems are often the first technical component of a security infrastructure, but without an effective alarm management process, they remain limited in their effectiveness. In a fully integrated, 360-degree security approach, it is essential to combine detection, evaluation and response to create a seamless process. This is the only way to avoid fragmented solutions and manage security efficiently.

Torsten Hiermann of CriseConsult explains how intrusion detection can be embedded into an effective alarm management strategy, and why regular alarm drills are a frequently overlooked success factor.

How should effective alarm management be incorporated into a 360-degree security framework, and how can it prevent the development of isolated solutions?

Torsten Hiermann: In military settings, we use the term ‘actionable intelligence’, which means: Information must be reliable and timely enough to be processed and acted upon. In this context: There is no such thing as a 360-degree security approach without functional alarm management. What use is precise detection if the downstream structures don’t work? The process begins with planning a system that aligns with the defined protection level. Only then can the technical components be considered. Most importantly, detection must be linked to predefined actions, whether technical, such as building automation, or organisational, such as deploying security personnel.

What are the most common weaknesses of intrusion detection systems, particularly in critical infrastructure environments?

Torsten Hiermann: The issue rarely lies with the technology itself. The challenge lies in ensuring that detection leads to action, ideally in the form of timely intervention. However, when personnel are required to respond on site, security teams quickly reach their limits. Response times and available manpower are key constraints. Intruders don’t wait. Therefore, their movement patterns must be tracked and relayed in real time to internal responders. Ideally, their movement should also be restricted, for example via lockdowns. This is technically feasible, but requires investment. This brings us back to the point that technical capabilities must be aligned with risk assessments. Let me add this: Alarm management deals with what happens after an incident is detected. However, the ultimate goal should always be to prevent – or at least delay – the incident from happening in the first place.

Can intrusion detection systems actually increase risk, for example by triggering false alarms?

Torsten Hiermann: Even the best systems can be rendered ineffective by poorly coordinated processes. Frequent false alarms can reduce situational awareness. Consider, for instance, a fire alarm that goes off every week – people will eventually stop reacting. Reliability is paramount: if your system triggers unnecessary alarms, the real ones may be overlooked. This undermines the entire subsequent response process.

So, how can modern technologies like AI-based detection improve alarm management?

Torsten Hiermann: We’re seeing rapid technological advances, especially in AI. This is already shaping security systems. Behaviour-based video analytics is one example. Predictive policing is another example. In short, the earlier a threat is detected, even in its early or potential phase, the sooner you can respond or take preventive action. That’s the good news. The bad news is that bad actors are evolving too. Modern technologies are powerful tools. However, they should never replace physical protection, but rather enhance it.

How important is regular testing of alarm procedures (e.g., alarm drills) for the real-world effectiveness of a security concept?

Torsten Hiermann: That’s easy to answer – with Benjamin Franklin: “If you are failing to prepare, you’re preparing to fail.” Special forces train. So do emergency physicians, pilots, security teams, and industrial site operators. Alarm drills are among the easiest exercises to conduct – and yet, if the alarm chain fails as a single point of failure, the entire response process collapses. In short: practice matters.

The threat landscape for companies and institutions has grown significantly in recent years. Sabotage, industrial espionage and ransomware attacks are now among the most common risks. Companies that are part of critical infrastructure (CI) are required by law to take special precautions to protect themselves from a wide range of attacks and disruptions. In this interview, Torsten Hiermann of CriseConsult provides key insights into the challenges companies face in terms of both physical and cyber security.

Why is a 360-degree approach to security so important for critical infrastructure? Where in practice do you see security measures being treated in isolation rather than as part of a bigger picture?

Torsten Hiermann: A 360-degree approach is always essential – especially when it comes to protecting corporate assets or even human lives. That doesn’t mean that every area requires the same level of security. Protection goals and measures can vary, even within the same company or facility. The key is to view security as an integrated, holistic concept. As a practical example, companies may invest heavily in drone detection and defence, but allow contractor vehicles onto the premises with little or no control. It’s a clear mismatch and illustrates why looking at security in isolation is ineffective.

What are the most common physical security vulnerabilities you’ve seen? And how often are they the result of a lack of integration with other areas of security?

Torsten Hiermann: From a technical point of view, there are many effective physical security measures available. However, vulnerabilities often arise from two main factors: a lack of security awareness and a reluctance to invest. Awareness is particularly critical – it determines whether and how consistently an organisation protects its assets in a professional and up-to-date manner. It’s also important to remain realistic: not every theoretically possible measure is economically viable. A 360-degree approach means making targeted risk assessments.

A typical example from the field: companies train their employees extensively on social engineering threats. Meanwhile, the staff car park is open to the public, or employee parking permits clearly indicate that a vehicle belongs to someone from company XY. Associating a private car with a specific employee makes that car a potential target: access cards, transponders, laptops… Corporate security doesn’t start at the perimeter – it starts in the parking lot of a hardware store. In the worst-case scenario, a casual encounter becomes a “target” because the black Audi A6 with its company-branded parking sticker or licence plate frame signals: this car belongs to someone in the top management of company XY. From the attacker’s point of view, the person who gets in or out of that car is my person of interest.

How does the separation of IT and physical security create problems? Would you say this is a structural problem?

Torsten Hiermann: IT and physical security are two separate domains with different approaches and requirements. Each requires specific risk assessments, protective measures and response strategies. However, these two areas must ultimately work together. A holistic view doesn’t mean you need an all-powerful corporate security department or a super-CISO. But one thing is clear: complex threats are best addressed with integrated security approaches. The overall security of an organisation depends on a holistic strategy. Security is a shared responsibility – and it starts with something as basic as preventing tailgating.

What are your best practices for implementing a holistic approach to critical infrastructure security? Are there proven measures or checklists that have worked well?

Torsten Hiermann: I’d suggest taking a look at the security measures at the German Chancellery. But seriously, depending on the threat scenario and protection objectives, security concepts can be so complex that simple checklists are no longer sufficient. The more demanding the requirements, the more it makes sense to involve professional security consultants or planners. It’s a bit like medicine: there’s a big difference between hospitals that occasionally perform a certain procedure and those that specialise in it.

What’s the most common misconception you see when it comes to critical infrastructure security?

Torsten Hiermann: The most fundamental misconception is the failure to recognise the need for integrated security measures due to a lack of visible incidents – the idea that “nothing has happened so far, so we must be OK”. While this attitude may be tolerable in less critical areas, critical infrastructure operators must apply much stricter standards. Security cannot be reactive – it must be preventative and strategically planned.

What technologies or new security concepts do you see as being particularly forward-looking?

Torsten Hiermann: The key is system integration and connectivity. Detection and response are increasingly linked, often through the use of artificial intelligence. However, experience shows that professional attackers are always finding new ways to bypass defences. If technical security is strong, the organisation’s internal security culture may be the weak link – and vice versa. Again, a 360-degree approach is the only viable solution.

What are your top three recommendations for critical infrastructure operators to make their security strategy more sustainable and effective?

Torsten Hiermann: Sustainable means long-term effectiveness. Effective means it actually works. Opportunistic attackers can be deterred. Professional attackers adapt. The takeaway: security measures must be aligned with protection objectives, represent state-of-the-art solutions, and be continuously updated based on current risk analyses and threat scenarios. Security is a process – not a stand-alone technology or a static concept.

NOX SYSTEMS is dedicated to helping critical infrastructure owners, designers and integrators achieve smart, future-proof security by providing scalable, integrated security solutions. > Our Solutions