Municipal waste management as critical infrastructure and the role that digitalisation has to play

In my last blog post on the ‘Challenges and opportunities presented by digitalisation’, I described trends in digitalisation in waste management and why it is needed, with the main focus on achieving the climate targets by conserving resources. As digitalisation expands its reach, however, we also have to consider an important point that affects us all, that being the need for a functioning waste management system – or more specifically, a functioning municipal waste disposal system – even in exceptional situations such as pandemics, armed conflicts, natural disasters and cyberattacks. It is not possible to maintain public health, certain aspects of public safety, the energy supply and environmental protection if the provision of waste disposal service is not guaranteed at all times. For this reason, municipal waste disposal was classified as critical infrastructure, or KRITIS as it is also referred to, by the federal and state governments in Germany in 2021. Digitalisation can help increase resilience of this infrastructure and ensure operational capacity in the event of a disruption.

Digitalisation in municipal waste disposal

Have you ever thought about what would happen if your household waste was not collected as normal?

The rubbish we produce is also called municipal waste. Pursuant to the Closed Substance Cycle Waste Management Act (Kreislaufwirtschaftsgesetz), this includes waste from private households and establishments that produce a similar mix of waste (doctors’ offices, hospitals, social institutions, trade and industry, etc.). The disposal of this waste involves its collection, transport, recycling and removal. These processes are increasingly digitalised and are carried out by a large number of small, large or municipally-run companies. Some of the municipal waste is used to generate energy through incineration, among other things.

Causes and consequences of disruptions

Disruptions to waste disposal services could be caused by a crisis triggered by a natural disaster or an act of terrorism, staffing or technical problems as well as IT issues or cyberattacks. Regardless of what may have caused them, they quickly have an impact on public life. Waste management is closely linked to other sectors such as the energy/water supply and healthcare industries. This means that having reliable waste disposal is critical, most importantly to prevent the spread of diseases and pests and to minimise the environmental impact of waste if it is not disposed of properly. Further consequences of a disruption to waste disposal could include:

• Risk of damage to road infrastructure due to waste accumulating
• Declining quality of life due to unsightly streets and unpleasant odours
• Decrease in tourism
• Increased risk of unrest due to public discontent

Legal issues are also another possible consequence. The waste disposal obligation laid down in the EU Waste Framework Directive, in the German Waste Disposal and Environmental Protection Acts and in municipal ordinances requires governments and public authorities to guarantee orderly waste disposal at all times.

Use of IT in municipal waste disposal

IT systems are used in various areas in the municipal sector for administrative purposes and to increase process efficiency or ensure public safety. As a result of this, a number of disruptions can occur during the disposal process. Some of the areas in which IT systems are deployed are listed below.

Waste collection

• Recycling centres
• Bottle return systems
• Systems to report waste collection (commercial/bulky waste)
• Smart bins – level sensors, identification of waste fraction

Waste transport

• Automated route planning and apps for route data as on-board systems
• Refuse collection vehicles
• Verification for hazardous waste (eANV)
• Digital scales (automatic data transmission)

Waste sorting, storage, recycling and disposal

• Plant monitoring, security/safety and incident management systems (for example, cameras, sensors or extinguishing systems)
• Facility management and supervision (for example, timetables and/or sub-processes)
• Collection and analysis of system data

Administration

• Companies are built around IT systems (for example, ERP, communication and security systems)
• Interface for the ‘exchange of order-related performance data’ (AvaL)

This list shows that the waste management industry needs to address every aspect of IT security and find solutions to ensure that work processes are protected in the best possible way and can be adequately maintained at all times.

Critical infrastructure (KRITIS)

The EU Directive on Network and Information Security (NIS2 Directive) was amended in 2020. The aim of the directive is to ensure a ‘high common level of security of network and information systems’ and provide for the ‘establishment of national cyber security capabilities [...] for critical infrastructures’. Since then, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI) has been tasked with improving cybersecurity in Germany.

Critical infrastructures are defined as ‘organisations and facilities of major importance for society whose failure or impairment would cause a sustained shortage of supplies, significant disruptions to public order, safety and security or other dramatic consequences’.

The ten sectors or industries presented below were defined as critical infrastructure in order to minimise the risk of incidents and ensure the provision of service to the public in the event of an incident. In 2021, the disposal of municipal waste was added as part of an amendment to the Act on the Federal Office for Information Security (BSIG) (Section 2(10)1 of the BSIG).

With the inclusion of municipal waste disposal, many waste disposal and recycling companies are now regarded as critical infrastructure operators from 2024. This means they are required to assess the facilities that fall under the definition of critical infrastructures under the BSI Act (BSI-KritisVerordnung – BSI-KritisV) (see below) to determine their relevance in providing the relevant service to the public.

• Planning/scheduling of municipal waste collection or transport
• (Temporary) storage and handling
• Thermal treatment
• Mechanical-biological/physical treatment
• Biological treatment
• Mechanical treatment
• Sorting of municipal waste

The threshold value of ‘five hundred thousand people served’ is often used as a criterion in the assessment. If this value is reached or exceeded, critical infrastructure operators are subject to the statutory reporting and verification obligations set out in BSIG. The precise values are currently being prepared and new ones will be added in the coming years. According to government estimates, there are roughly 300 critical infrastructure operators in Germany with the entry into force of the new Regulation on the Identification of Critical Infrastructures under the BSI Act (Verordnung zur Bestimmung Kritischer Infrastrukturen nach dem BSI-Gesetz – KritisV) in 2024.

Fields of action in and around sustainability

Digitalisation is increasing the connectivity and complexity of IT systems, which also raises the risk of human error or technical failure. Beyond that, cybersecurity and information security is also taking on an increasingly important role, meaning that critical infrastructure operators are soon to be confronted with a whole host of new tasks and challenges. In addition, IT service providers are being called on to develop suitable solutions for the relevant companies that guarantee the security of supply and operating efficiency on both sides. One way for IT service providers to meet this challenge is to develop software and the technologies used (or make upgrades to them) or provide consulting and training services.

Upgrades to software and technology

Measures to avoid human operating errors

• Secure, intuitive applications that support employees (for example, two-factor authentication, the dual-control principle, quality assurance, employee protection)
• System sensors (for example, recording data on employee movements)

Measures to prevent technical failure

• Additional sensors to record critical parameters, if necessary via retrofitting (for example, to detect unforeseen hazardous material in the refuse collection vehicle or in a plant)
• Data analysis (by means of predictive maintenance, for example)
• System to report anomalies 24/7 (for example, on mobile devices)

Measures to ensure cybersecurity and information security

• Reliable, state-of-the-art software
• Additional high-tech security software to protect against hackers, cyberattacks and other digital threats
• Safeguards to protect computer-managed processes, sensors and other networked devices such as monitoring equipment (for remote monitoring and control, for example)

Consulting services and seminars for waste disposal companies

Consulting services

• Advice on how to deploy hardware and software
• IoT technology
• Data management (IoT platforms, digital twins, etc.)

Seminars

• IT security (cybersecurity, networks, software/hardware, etc.)
• IT management
• Employee safety (courses on how to use IT and networked devices)
• Technology-based system security (software, sensors, etc.)
• Data analysis

Conclusion

The process of digitalisation needed in the critical infrastructure domain involves a broad range of tasks for IT service providers, since waste disposal and recycling companies cannot meet the KRITIS requirements without their support. Digitalisation can help ensure reliable, uninterrupted service in exceptional situations, increase efficiency in administrative and other work processes and improve employee safety. That said, it also entails certain risks. It is important to educate staff about cybersecurity and other digital threats as well as teach them how to operate IT systems and make technology upgrades in order to protect critical systems from threats. The adoption of robust security measures, regular audits and a process of continuous change are necessary to ensure the resilience of critical infrastructures in an increasingly digitalised world. It is important to remind small and medium-sized companies in particular of their obligations, since they are also legally required to protect their systems from 2024 pursuant to the NIS2 guidelines.

Learn more and set up an appointment

Would you like to find out more about exciting topics from the world of adesso? Then take a look at our previous blog posts.

Also interesting

• Challenges and opportunities presented by digitalisation in the waste management industry