The Union Ministry of Electronics and IT (MeitY) has declared IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘critical information infrastructure’.
Try this PYQ:
In India, the term “Public Key Infrastructure” is used in the context of
(a) Digital security infrastructure
(b) Food security infrastructure
(c) Health care and education infrastructure
(d) Telecommunication and transportation infrastructure
[wpdiscuz-feedback id=”2d4o8z90sm” question=”Please leave a feedback on this” opened=”1″]Post your answers here.[/wpdiscuz-feedback]
What is Critical Information Infrastructure (CIC)?
- The Information Technology Act, 2000 explicitly gives definition of CIC.
- It defines CIC as a computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety.
- It basically aims to protect the digital assets.
- The government, under the Act, has the power to declare any data, database, IT network or communications infrastructure as CII.
- Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.
Why is CII classification and protection necessary?
- IT resources form the backbone of countless critical operations in a country’s infrastructure.
- Given their interconnectedness, disruptions can have a cascading effect across sectors.
What led to the classification of CICs?
- In 2007, a wave of denial-of-service attacks, allegedly from Russian IP addresses, hit major Estonian banks, government bodies – ministries and parliament, and media outlets.
- It was cyber aggression of the kind that the world had not seen before.
- The attacks played havoc in one of the most networked countries in the world for almost three weeks.
Recent incidents of CIC incapacitation
- In October, 2020 as India battled the pandemic, the electric grid supply to Mumbai suddenly stopped.
- It hit the mega city’s hospitals, trains and businesses.
- Later, a study by a US firm claimed that this power outage could have been a cyber-attack, allegedly from a China-linked group.
- The government, however, was quick to deny any cyber-attack in Mumbai. But prospects cannot be denied.
- The incident underlined the possibility of hostile state and non-state actors probing internet-dependent critical systems in other countries, and the necessity to fortify such assets.
How are CIIs protected in India?
- Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency.
- It takes all measures to protect the nation’s critical information infrastructure.
- It is mandated to guard CIIs from “unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction”.
- NCIIPC monitors and forecasts national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.
UPSC 2023 countdown has begun! Get your personal guidance plan now! (Click here)
