- The Union Ministry of Electronics and IT (MeitY) has declared the IT assets of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘critical information infrastructure’.
- On June 16, the notification to this effect was issued.
What and who protects ‘critical information infrastructure’?
- The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a “computer resource, the incapacitation or destruction of which shall have a debilitating effect on countrywide security, economy, public health or safety”.
- The authorities, under the Act, have the power to claim any data, database, IT network or communications infrastructure as CII to protect that virtual asset. Any individual who secures access or tries to secure access to a protected device in violation of the regulation may be punished with a prison time period of up to ten years.
Why are CII classification and safety necessary?
- World over governments has been shifting with alacrity to guard their critical data infrastructure. IT resources form the spine of countless vital operations in a country’s infrastructure and given their interconnectedness, disruptions may have a cascading impact throughout sectors. An information technology failure at a power grid can result in extended outages crippling different sectors like healthcare, and banking services.
- In 2007, a wave of denial-of-service assaults, allegedly from Russian IP addresses, hit primary Estonian banks, government bodies – ministries and parliament, and media outlets. It was cyber aggression of the type that the world had not seen before, and it got here in the wake of Estonia’s choice to move a memorial to the Soviet Red Army to the vicinity of much less prominence. The assaults played havoc in one of the most networked countries in the world for nearly 3 weeks.
- On October 12, 2020, as India battled the pandemic, the electrical grid supply to Mumbai unexpectedly snapped hitting the mega city’s hospitals, trains and businesses. Later, a study through a US company that looks into using the internet by states, claimed that this electricity outage might have been a cyber attack, allegedly from a China-connected group, aimed at critical infrastructure.
- The authorities, however, were quick to disclaim any cyber assault in Mumbai. But the incident underlined the possibility of antagonistic state and non-state actors probing internet-structured vital systems in different nations, and the need to enhance such assets.
How are CIIs protected in India?
- Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal organization for taking all measures to guard the nation’s critical records infrastructure.
- “In the occasion of any hazard to critical records infrastructure the National Critical Information Infrastructure Protection Centre can also additionally name for information and deliver guidelines to the critical sectors or individuals serving or having a vital impact on Critical Information Infrastructure,” the NCIIPC internet site adds.