G 0.6 — Disasters in the Surroundings

A chemical plant a thousand metres away catches fire. A smoke cloud drifts across the premises of the neighbouring data centre. The data centre’s air conditioning draws in outside air — and with it potentially toxic smoke gases. Only because an attentive employee spots the smoke cloud and manually shuts off the fresh-air supply is the data centre spared. Automatic outside-air monitoring does not exist.

Disasters in an organisation’s surroundings — fires, explosions, release of toxic substances or hazardous radiation — can severely impair operations without the building itself being directly affected. The BSI lists this threat as G 0.6.

What’s behind it?

Your own premises exist within a surrounding area that carries risks. Neighbouring operations, transport routes, industrial sites and residential areas can be sources of events that affect your operations. The danger emerges on two levels: from the event itself and from the resulting response measures.

Sources of danger

Smoke and gases — Fires in the neighbourhood produce smoke clouds that can enter buildings via air-conditioning systems. Chemical fires additionally release toxic or corrosive substances.
Blast waves — Explosions at industrial sites, petrol stations or from gas leaks can shatter windows, damage facades and rip equipment from its fixings.
Contamination — Escape of hazardous materials (chemicals, radioactive materials) can contaminate the surroundings over a wide area and make buildings unusable.
Closures and evacuations — Emergency services establish exclusion zones. Employees cannot reach their workplaces, or the building must be evacuated.
Infrastructure outages — Damaged utility lines (power, gas, water, communications) also affect undamaged buildings in the vicinity.
Complex building systems — Modern buildings with networked building services (fire alarm, HVAC, control systems) can enter an undefined state due to tremors, power failures or false alarms.

Practical examples

Chemical incident and smoke cloud. In an industrial area, a warehouse storing chemicals catches fire. The fire brigade sets up a 500-metre exclusion zone. An IT service provider’s office building lies just outside the zone, but the smoke cloud drifts directly over it. Employees are evacuated as a precaution. Because the air conditioning drew in outside air, all IT equipment must be checked for corrosion damage from aggressive smoke gases.

Gas explosion in the neighbourhood. A gas explosion occurs in a residential building three doors down. The blast wave shatters windows in your own office building. Glass shards damage monitors and workstation computers. The emergency services’ exclusion zone blocks access to the building for two days. The undamaged servers in the basement keep running, but no one can intervene on site.

Traffic accident involving hazardous goods. A tanker truck crashes on the federal road directly in front of the company premises. An unknown liquid escapes. The fire brigade establishes an exclusion zone and evacuates all buildings within 200 metres. Analysis of the liquid takes six hours — during which the building remains sealed off. The servers keep running, but monitoring shows rising temperatures because the air conditioning was shut off as a precaution.

Relevant controls

The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 2 mapped controls below in the section ‘ISO 27001 Controls Covering This Threat’.)

Prevention:

A.7.5 — Protecting against physical and environmental threats: Site assessment considering surroundings risks, structural protective measures against external influences.
A.7.11 — Supporting utilities: Redundant utilities and emergency shutoff options in case of external disruptions.

BSI IT-Grundschutz

G 0.6 is linked in the BSI IT-Grundschutz catalogue to the following modules:

INF.1 (General building) — Site assessment, surroundings analysis and structural protection against external influences.
IND.2.7 (Safety Instrumented Systems) — Protection of safety-critical control systems that can be impaired by external events.
DER.4 (Emergency management) — Evacuation plans and business-continuity measures for surroundings disasters.

Sources

BSI: The State of IT Security in Germany — Annual report with current threat statistics
BSI IT-Grundschutz: Elementary Threats, G 0.6 — Original description of the elementary threat
ISO/IEC 27002:2022 Section 7.5 — Implementation guidance on protection against physical and environmental threats

Frequently asked questions

What counts as a disaster in the surroundings?

Any event in the neighbourhood that impairs your own operations: fires in neighbouring buildings, explosions in industrial sites, release of toxic substances, aircraft crashes, accidents on adjacent transport routes. Follow-up activities (closures, evacuations, rescue operations) can likewise paralyse your own operations.

How do I analyse the surroundings risks of my site?

Identify neighbouring hazard sources: industrial sites (note the Seveso III Directive), petrol stations, chemical plants, main routes for hazardous goods transports, airports, railway lines. Check whether the air conditioning draws outside air and whether a manual or automatic shutoff of the fresh-air supply is possible.

Do I have to document the neighbourhood in the risk analysis?

Yes. ISO 27001 Clause 4.1 requires analysis of the organisation's context, which includes the physical site and its surroundings. Document known hazard sources in the vicinity, assess likelihood and impact, and derive measures.