Critical infrastructures like the power grid are essentially physical processes controlled by electronic devices. In the last decades, these electronic devices started to be controlled remotely through commodity computers, often directly or indirectly connected to the Internet. Therefore, many of these systems are currently exposed to threats similar to those endured by normal computer-based networks on the Internet, but the impact of failure of the former can be much higher to society. This paper presents a demonstration of a family of protection devices for critical information infrastructures developed in the context of the EU CRUTIAL project. These devices, called CRUTIAL Information Switches (CIS), enforce sophisticated access control policies of incoming/outgoing traffic, and are themselves designed with a range of different levels of intrusion-tolerance and self-healing, to serve different resilience requirements.