The Information Technology Act, 2000 defines Critical Information Infrastructure (CII) as “those computer resource, the destruction of which, shall have debilitating impact on national security, economy, public health or safety”.
National Critical Information Infrastructure Protection Centre (NCIIPC) has identified the following as ‘Critical Sectors’: –
- Power & Energy
- Banking, Financial Services & Insurance
- Telecom
- Transport
- Government
- Strategic & Public Enterprises
Present Status:
- Instances of cyberattacks by national/state actors targeting critical infrastructure and nationally important establishments are becoming more common.
- A string of high-profile cyberattacks in recent months has exposed vulnerabilities in the critical infrastructure of even advanced nations.
- This has reinforced the need for improved defences against cyberattacks across continents.
- Defending civilian targets, and more so critical infrastructure, against cyberattacks such as ransomware and phishing will stretch the capability and resources of governments across the globe.
Measures Needed:
- A Defence Cyber Agency could be the first step the government plans to for critical infrastructure and military networks that are increasingly becoming dependent on the Internet, thus increasing vulnerabilities.
- Equally important is cyber propaganda. During the Doklam conflict, China tried its best to unleash cyber propaganda on India and indulged in complex psychological operations (psy-ops).
- Critical cyber infrastructure needs to be defended and the establishment of the National Critical Information Infrastructure Protection Centre (NCIIPC) is a good step in this direction.
- A robust ecosystem must be built to secure India from acts of state and non-state actors, including protocol for grievance redressal in international forums.
A national gold standard should be created, which ensures that Indian hardware and software companies adhere to the highest safety protocols
