In news- The Union Ministry of Electronics and IT (MeitY) has recently declared IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘critical information infrastructure (CII)’.
About Critical Information Infrastructure (CII)
- The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a “computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.
- The government, under the Act, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.
- Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.
Protection of CII’s in India-
- Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking all measures to protect the nation’s CII.
- It is mandated to guard CIIs from “unauthorised access, modification, use, disclosure, disruption, incapacitation or distraction”.
- NCIIPC monitors and forecasts national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.
- As per NCIIPC, the basic responsibility for protecting the CII system shall lie with the agency running that CII.
- In the event of any threat to critical information infrastructure the NCIIPC may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.
National Critical Information Infrastructure Protection Centre (NCIIPC)-
- It is an organisation of the Government of India created under the Section 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16 January 2014.
- Based in New Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information Infrastructure Protection.
- It is a unit of the National Technical Research Organisation (NTRO) and therefore comes under the Prime Minister’s Office (PMO).
NCIIPC has broadly identified the following as ‘Critical Sectors’:
- Power & Energy.
- Banking, Financial Services & Insurance.
- Strategic & Public Enterprises.