In news–The websites and applications related to the decennial Census exercise and the National Population Register (NPR) were recently notified as “protected system” or “Critical Information Infrastructure” under the Information Technology Act, 2008.
- As per the notification, any tampering or unauthorised access to the data associated with Census applications, NPR database or the data centres of the Registrar General of India (RGI) will be punishable by ten years imprisonment.
- The RGI notified that under Section 70 of the IT Act, the Central Government declared the following are considered to be ‘Protected Systems’ for the purposes of the said Act
- Computer resources relating to the Census Monitoring & Management Svstem (CMMS) Web Portal.
- Self Enumeration (SE) Web Portal.
- Civil RegIstration System Web Portal, Mobile applications for House Listing (HL).
- Population Enumeration (PE) and National Population Register (NPR) Updation and lined Databases including NPR Database.
- Census Database and CRS Database.
- Computer resources setup/installed at National Data Centre (NDC), RGI, Delhi and Disaster Recovery Site (DRS) & Data Centre (DC) at Bengaluru and Lucknow and the computer resources of their associated dependencies.
What is a Critical Information Infrastructure(CII)?
- The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a “computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.
- Section 70 of the IT Act states that the appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system.
- According to the act, Critical Information Infrastructure means the computer resource, the incapacitation or destruction of which , shall have debilitating impact on national security, economy, public health, or safety.
How are CIIs protected in India?
- Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking all measures to protect the nation’s critical information infrastructure.
- It is mandated to guard CIIs from “unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction”.
- NCIIPC monitors and forecasts national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts. The basic responsibility for protecting the CII system shall lie with the agency running that CII.
- In the event of any threat to critical information infrastructure the NCIIPC may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.