IT Advisory for Energy & Critical Infrastructure
Energy providers and critical infrastructure operators face dual pressure in 2026: NIS2 tightens cybersecurity obligations while the threat landscape escalates with state-sponsored actors. danad GmbH has delivered multiple NIS2 compliance programmes and security modernisations in this sector — from risk analysis through Microsoft Defender XDR rollouts to Microsoft Sentinel SOC build-out. Our KRITIS practice combines regulatory depth (NIS2 implementation acts, BSI Act, sector regulations) with pragmatic Microsoft implementation. Typical engagements: gap analysis against NIS2 mandatory measures, Conditional Access hardening for OT/IT segregation, immutable backups with Azure Backup and Site Recovery, MITRE ATT&CK-based Sentinel detection rules for energy-sector-specific threats, 24/7 SOC operations as managed service or hybrid model.
Typical pain points
- • NIS2 obligations with hard deadlines and significant fines (up to EUR 10M or 2% turnover)
- • OT/IT convergence: Industrial Control Systems (ICS / SCADA) on the same network as office IT
- • Heightened threats from state-sponsored APTs and ransomware actors
- • Personal liability of management under NIS2
- • 24/7 availability requirements vs. limited security personnel capacity
Relevant compliance frameworks
Service focus
Case studies in this industry
- Replacement of Citrix environment with Azure Virtual DesktopFull migration of 8,000 Citrix users to a highly automated AVD target architecture.
- Development of an AI Platform based on Microsoft AzureSecure and scalable AI usage in the company is created through a central Enterprise Search that bundles information from systems such as SharePoint, ServiceNow, and SAP.
- Security Modernization with a Focus on Microsoft 365 & SOC ReadinessSustainable improvement of the security posture in the Microsoft ecosystem with a focus on identity protection, tenant hardening, and SOC readiness.
- Evolution of an Enterprise Monitoring Solution on AzureRedesign of the Azure Monitoring architecture with a Dedicated Azure Monitor Cluster, standardized DCR Rules, and complete Infrastructure as Code automation.
- NIS2 Compliance Implementation for Critical InfrastructureHolistic implementation of NIS2 requirements: From gap analysis and technical implementation to audit readiness.