The Union Ministry of Electronics and IT (MeitY) has declared IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘critical information infrastructure’.

Try this PYQ:

In India, the term “Public Key Infrastructure” is used in the context of

(a) Digital security infrastructure

(b) Food security infrastructure

(c) Health care and education infrastructure

(d) Telecommunication and transportation infrastructure

 

Post your answers here.

8

Please leave a feedback on thisx

What is Critical Information Infrastructure (CIC)?

• The Information Technology Act, 2000 explicitly gives definition of CIC.
• It defines CIC as a computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety.
• It basically aims to protect the digital assets.
• The government, under the Act, has the power to declare any data, database, IT network or communications infrastructure as CII.
• Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.

Why is CII classification and protection necessary?

• IT resources form the backbone of countless critical operations in a country’s infrastructure.
• Given their interconnectedness, disruptions can have a cascading effect across sectors.

What led to the classification of CICs?

• In 2007, a wave of denial-of-service attacks, allegedly from Russian IP addresses, hit major Estonian banks, government bodies – ministries and parliament, and media outlets.
• It was cyber aggression of the kind that the world had not seen before.
• The attacks played havoc in one of the most networked countries in the world for almost three weeks.

Recent incidents of CIC incapacitation

• In October, 2020 as India battled the pandemic, the electric grid supply to Mumbai suddenly stopped.
• It hit the mega city’s hospitals, trains and businesses.
• Later, a study by a US firm claimed that this power outage could have been a cyber-attack, allegedly from a China-linked group.
• The government, however, was quick to deny any cyber-attack in Mumbai. But prospects cannot be denied.
• The incident underlined the possibility of hostile state and non-state actors probing internet-dependent critical systems in other countries, and the necessity to fortify such assets.

How are CIIs protected in India?

• Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency.
• It takes all measures to protect the nation’s critical information infrastructure.
• It is mandated to guard CIIs from “unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction”.
• NCIIPC monitors and forecasts national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.

UPSC 2023 countdown has begun! Get your personal guidance plan now! (Click here)

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now