Current News Science & Technology

Critical Information Infrastructure


Recently, Union Ministry of Electronics and IT has declared IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as critical information infrastructure (CII).

About CII

  • The Information Technology Act of 2000 defines “Critical Information Infrastructure" as a “computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.
  • The government, under the IT Act of 2000, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.
  • Any person who attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.

Need for CII Classification

  • World over governments have been moving with alacrity to protect their critical information infrastructure.
  • IT resources form the backbone of countless critical operations in a country’s infrastructure, and given their interconnectedness, disruptions can have a cascading effect across sectors.
  • An information technology failure at a power grid can lead to prolonged outages crippling other sectors like healthcare, banking services.
  • In October 2020 as India battled the pandemic, the electric grid supply to Mumbai suddenly snapped hitting the mega city’s hospitals, trains and businesses.
  • It underlined the possibility of hostile state and non-state actors probing internet-dependent critical systems in other countries.

Protection of CII in India

  • The National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking all measures to protect the nation’s critical information infrastructure.
  • It was created in January, 2014.
  • It is mandated to guard CIIs from “unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction”.
  • It monitors and forecast national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.