G 0.7 — Major Events in the Surroundings

Summer heat, a large demonstration in the city centre, and the office building sits on the route. The police close the access roads at 2 p.m. Shift handover in the data centre is at 4 p.m. The night-shift staff cannot reach the building. By 6 p.m. the situation escalates: a group breaks out of the demonstration and throws stones at shop windows. A ground-floor window of the data centre is also smashed.

Major events in the surroundings — demonstrations, sporting events, concerts, labour disputes, street festivals — can seriously disrupt orderly operations. The BSI lists this threat as G 0.7, capturing a risk that is regularly overlooked in IT security planning.

What’s behind it?

Major events affect business operations on two levels: through logistical constraints (closures, noise, traffic disruption) and through the risk of escalation and rioting. Even a peaceful event can paralyse IT operations when staff cannot access the building.

Forms of disruption

Access obstruction — Road closures, barriers and crowds prevent employees, service providers or suppliers from reaching the building. Shift handovers in the data centre, scheduled maintenance or the delivery of spare parts can become impossible.
Infrastructure damage during set-up — Erecting stages, stands or exhibition booths in the surroundings can inadvertently damage utility lines. A severed power cable or cut fibre-optic cable can seriously disrupt IT operations.
Rioting and vandalism — Escalating demonstrations, riots or hooliganism risk property damage to the building: smashed windows, arson, graffiti. Through open or damaged windows, unauthorised persons can enter and steal hardware.
Intimidation of staff — Aggressive crowds, loud protest actions or direct confrontation can lead employees to leave the building early or refuse to come to work.

Impact

Unlike most physical threats, G 0.7 endangers all three protection goals simultaneously: availability suffers through access obstruction and infrastructure damage. Confidentiality is at risk when smashed windows or open doors grant unauthorised persons access to rooms with sensitive data. Integrity can be compromised when intruders manipulate systems or steal storage media.

Practical examples

Fairground set-up cuts the power line. While assembling a ride for a large fair, an excavator accidentally severs an underground cable. The power supply to a nearby office building fails. The UPS in the small server room bridges the outage, but repairing the line takes eight hours. Once the UPS batteries are exhausted, the servers shut down in a controlled manner — half a working day of productivity is lost.

Demonstration and open window. A political demonstration passes an office building on a hot summer day. The situation escalates in a side street. A protester spots an open ground-floor window in the data centre area, climbs in and steals two laptops with confidential data. The theft is noticed only the next morning.

Labour dispute blocks the access road. Employees of a neighbouring logistics company go on strike and block the shared access road to the commercial park. Technicians from your own IT service provider cannot travel in for scheduled system maintenance. The maintenance must be postponed — in the meantime the server that was to receive the update fails.

Relevant controls

The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 5 mapped controls below in the section ‘ISO 27001 Controls Covering This Threat’.)

Prevention:

A.7.1 — Physical security perimeters: Defined security zones with access controls protect against unauthorised entry.
A.7.5 — Protecting against physical and environmental threats: Structural protection against vandalism and property damage.
A.7.4 — Physical security monitoring: Video surveillance and alarm systems detect intruders early.

Detection:

A.7.11 — Supporting utilities: Monitoring of utility infrastructure detects damage during set-up work.

Response:

A.8.14 — Redundancy of information processing facilities: Fallback capacity at another site keeps operations running when the main site is unreachable.

BSI IT-Grundschutz

G 0.7 is linked in the BSI IT-Grundschutz catalogue to the following modules:

INF.1 (General building) — Surroundings analysis, physical perimeter protection and measures against vandalism.
INF.2 (Data centre and server room) — Extended access controls and protective measures for critical IT rooms.
DER.4 (Emergency management) — Emergency plans in case the site cannot be reached.

Sources

BSI: The State of IT Security in Germany — Annual report with current threat statistics
BSI IT-Grundschutz: Elementary Threats, G 0.7 — Original description of the elementary threat
ISO/IEC 27002:2022 Section 7.1 — Implementation guidance on physical security perimeters

Frequently asked questions

Which major events are relevant to information security?

Any event or gathering that can restrict access to the building, damage infrastructure or endanger personnel: demonstrations, strikes, sporting events, street festivals, concerts, trade fairs. Even planned events can cause problems if set-up work damages utility lines.

Can a peaceful demonstration endanger my data centre?

Yes, even without unrest: road closures prevent access for personnel and service providers, shift handovers cannot take place, deliveries are delayed. During long-running events, vibrations from loud music can affect sensitive storage media.

How do I prepare for announced major events?

Inform yourself early (municipal authority, police, news media). Adjust staffing, enable remote work, bring forward deliveries, reinforce security personnel. For worst-case scenarios: have escalation plans ready, test alerting chains, put critical systems under enhanced monitoring.