Critical Information Infrastructure and Protected Systems in India
What is Critical Information Infrastructure?
As per the Explanation under section 70 of the Information Technology Act, 2000 – Critical Information Infrastructure means the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety.
Examples of Critical Information Infrastructure in India
The following are Critical information Infrastructure in India
- Email Infrastructure of the National Informatics Centre
- resources of ICICI Bank, NPCI and HDFC Bank, Bank of Baroda, Union Bank, Punjab National Bank, SBI, Kotak Mahindra Bank, Canara Bank, Axis Bank.
- few resources belonging to the Telecom sector
What are Protected Systems?
As per section 70 of the Information Technology Act, 2000 – The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a Protected System.
Examples of Protected Systems in India
The following are Protected Systems in India
- TETRA Secured Wireless Communication System Network of Govt. of NCT of Delhi
- UIDAI’s Central Identities Data Repository (CIDR) facilities, Information Assets, Logistics Infrastructure and Dependencies Installed at UIDAI
- certain computer resources of Punjab National Bank
- certain computer resources of Bank of Baroda
- certain computer resources of Union Bank of india
- certain resources of State Bank of India
- certain resources of AXIS Bank
- certain resources of Kotak Mahindra Bank
- certain resources of Canara Bank
- computer resources relating to the email infrastructure of the National Informatics Centre
Are Critical Information Infrastructure and Protected Systems the same?
Protected Systems are a subset of Critical Information Infrastructure. Although there maybe several computer systems which require to be protected and form part of Critical Information Infrastructure, only the ones specifically notified by the government are considered to be protected systems.
Which laws is the Critical Information Infrastructure in India governed by?
There are several Rules which deal with Critical Information Infrastructure namely:
- Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
- 16-01-2014 Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013
- 21-12-2015 Declaration of UIDAI-CIDR critical information under section 70A of IT Act.
- 11-01-2023 declares the computer resources relating to the email infrastructure of the National Informatics Centre, being Critical Information Infrastructure of the National Informatics Centre, and the computer resources of its associated dependencies, to be protected systems for the purpose of the said Act