Critical Information Infrastructure (CII)

Critical Information Infrastructure (CII)

Critical Information Infrastructure (CII) is defined as those facilities, systems or functions whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation.

National Critical Information Infrastructure Protection Centre (NCIIPC)

• National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Sec 70A of the Information Technology Act, 2000 (amended 2008). 
• It is designated as the National Nodal Agency in respect of CII Protection.
• NCIIPC has broadly identified the following as ‘Critical Sectors’–
  • Power & Energy 
  • Banking, Financial Services & Insurance 
  • Telecom 
  • Transport 
  • Government 
  • Strategic & Public Enterprises

Functions and Duties

• The national nodal agency for all measures to protect the nation’s CII.
• Protect and deliver advice that aims to reduce the vulnerabilities of CII, against cyber terrorism, cyber warfare and other threats.
• Identification of all critical information infrastructure 
• Provide strategic leadership and coherence across Government to respond to cybersecurity threats.
• Coordinate, share, monitor, collect, analyze and forecast, a national-level threat to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts. The basic responsibility for protecting CII system shall lie with the agency running that CII.
• Assisting in the development of appropriate plans, adoption of standards, sharing of best practices and refinement of procurement processes in respect of the protection.
• Evolving protection strategies, policies, vulnerability assessment and auditing methodologies and plans for their dissemination and implementation for the protection of CII.
• Undertaking research and development and allied activities.

Read Also Nagaland Peace Accord

• Providing funding (including grants-in-aid) for creating, collaborating and development of innovative future technology.
• Developing or organising training and awareness programs as also nurturing and development of audit and certification agencies 
• Developing and executing national and international cooperation strategies for protection of CII.
• Issuing guidelines, advisories and vulnerability or audit notes etc. relating to the protection of CII and practices, procedures, prevention and response in consultation with the stakeholders, in close coordination with Indian Computer Emergency Response Team and other organisations working in the field or related fields.
• Exchanging cyber incidents and other information relating to attacks and vulnerabilities with the Indian Computer Emergency Response Team and other concerned organisations in the field.
• In the event of any threat to critical information infrastructure, the National CII Protection Centre may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.

 

Check our Programs