What is ‘Critical Information Infrastructure’?

Make PDF

About Critical Information Infrastructure (CII)

• The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a “computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.
• The government, under the Act, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.
• Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.

Protection of CII’s in India-

• Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking all measures to protect the nation’s CII.

• It is mandated to guard CIIs from “unauthorised access, modification, use, disclosure, disruption, incapacitation or distraction”.
• NCIIPC monitors and forecasts national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts. 
• As per NCIIPC, the basic responsibility for protecting the CII system shall lie with the agency running that CII.
• In the event of any threat to critical information infrastructure the NCIIPC may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.

Make PDF