Home   »   National Security Policy   »   Critical Information Infrastructure (CII)

Critical Information Infrastructure (CII): Definition, Need and Protection

Critical Information Infrastructure (CII)- Relevance for UPSC Exam

Critical Information Infrastructure (CII): Critical Information Infrastructure (CII) are important part of national security. Ensuring safety and security of Critical Information Infrastructure (CII) is important for proper governance and functioning of the Country. Critical Information Infrastructure (CII) is important part of UPSC Mains GS Paper 2 (Government policies and interventions for development in various sectors and issues arising out of their design and implementation) and GS Paper 3 (Challenges to internal security through communication networks).

Critical Information Infrastructure (CII): Definition, Need and Protection_30.1


Critical Information Infrastructure (CII) in News

  • Recently, the Union Ministry of Electronics and IT (MeitY) has declared IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘critical information infrastructure’.

Critical Information Infrastructure (CII): Definition, Need and Protection_40.1


What is Critical Information Infrastructure (CII)?

  • The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a “computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.

Payment Infrastructure Development Fund Scheme


Who can declare an Infrastructure as Critical Information Infrastructure (CII)?

  • The Union Ministry of Electronics and IT (MeitY) under the Information Technology Act 2000, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.


What is the punishment for violating the Critical Information Infrastructure (CII) security?

  • Any person who secures access or attempts to secure access to a protected system- Critical Information Infrastructure (CII), in violation of the law can be punished with a jail term of up to 10 years.


Need for Protecting Critical Information Infrastructure (CII)

  • Interconnections: IT resources form the backbone of countless critical operations in a country’s infrastructure, and given their interconnectedness, disruptions can have a cascading effect across sectors.
    • World over governments have been moving with alacrity to protect their critical information infrastructure.
  • Protecting Infrastructure: An information technology failure at a power grid can lead to prolonged outages crippling other sectors like healthcare, banking services.
  • Protecting from Outside threats: possibility of hostile state and non-state actors probing internet-dependent critical systems in other countries, and the necessity to fortify such assets requires protecting the Critical Information Infrastructure (CII).
    • For example, On October 12, 2020 as India battled the pandemic, the electric grid supply to Mumbai suddenly snapped hitting the mega city’s hospitals, trains and businesses.
    • Later, a study by a US firm that looks into the use of the internet by states, claimed that this power outage could have been a cyberattack, allegedly from a China-linked group, aimed at critical infrastructure.
    • However, Indian Government denied the attack.


Who is entrusted with protecting Critical Information Infrastructure (CII) in India?

  • The National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking all measures to protect the nation’s critical information infrastructure.
  • National Critical Information Infrastructure Protection Centre (NCIIPC) is mandated to guard CIIs from “unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction”.
  • NCIIPC will monitor and forecast national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts. The basic responsibility for protecting the CII system shall lie with the agency running that CII.
  • In the event of any threat to critical information infrastructure the NCIIPC may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.

National Security Policy

National Security Policy

Sharing is caring!