Explained: What is ‘critical information infrastructure’, who protects it?

What is the News?

The Union Ministry of Electronics and IT (MeitY) has declared the IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘Critical Information Infrastructure’. 

What is Critical Information Infrastructure?

Definition: The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a computer resource, the incapacitation or destruction of which shall have a debilitating impact on national security, economy, public health or safety.

Under the Act, the government has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.

Penalty: Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.

How are CIIs protected in India?

National Critical Information Infrastructure Protection Centre(NCIIPC) was created in 2014. It is the nodal agency for taking all measures to protect the nation’s Critical Information Infrastructure(CII).

Functions of NCIIPC: 1) To guard CIIs from unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction and 2) To monitor and forecast national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.

Source: The post is based on the article “Explained: What is ‘critical information infrastructure’, who protects it?” published in Indian Express on 19th June 2022.