National Critical Information Infrastructure Protection Centre

Last updated

National Critical Information Infrastructure Protection Centre
Emblem of India.svg
Agency overview
Formed16 Jan 2014
Headquarters New Delhi, Delhi
Agency executive
  • Navin Kumar Singh, Director General
Parent department National Technical Research Organisation
Website https://www.nciipc.gov.in/

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created under Section 70A of the Information Technology Act, 2000 (amended 2008), through a gazette notification on 16 January 2014. [1] [2] [3] Based in New Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information Infrastructure Protection. [4] It is a unit of the National Technical Research Organisation (NTRO) and therefore comes under the Prime Minister's Office (PMO). [5]

Contents

Critical Information Infrastructure

The Information Technology Act, 2000 defines Critical Information Infrastructure (CII) as “… those computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety". [2]

NCIIPC has broadly identified the following as ‘Critical Sectors’ :-

Information Security Practices and Procedures for Protected System Rules, 2018 [6] [7]

Vision

"To facilitate safe, secure and resilient Information Infrastructure for Critical Sectors of the Nation." [8]

Mission

"To take all necessary measures to facilitate protection of Critical Information Infrastructure, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction through coherent coordination, synergy and raising information security awareness among all stakeholders. " [8]

Functions and Duties

Operations

Programs

NCIIPC runs a number of programs to engage with its stakeholders. Some of them are as follows:

Initiatives

Some of the major NCIIPC initiatives are as follows:

NCIIPC Newsletter

NCIIPC releases its quarterly newsletter encompassing latest developments in the field of Critical Information Infrastructure (CII) and its protection along with various initiatives taken by NCIIPC to spread awareness and best practices and much more.

NCIIPC Guidelines

NCIIPC releases SOPs and Guidelines for CISOs, CII Organisations and others to enhance the cybersecurity defence posture. Below are the copies:

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Critical infrastructure</span> Infrastructure important to national security

Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security. Critical infrastructure has traditionally been viewed as under the scope of government due to its strategic importance, yet there's an observable trend towards its privatization, raising discussions about how the private sector can contribute to these essential services.

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

Information security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

<span class="mw-page-title-main">U.S. critical infrastructure protection</span>

In the U.S., critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or the nation. The American Presidential directive PDD-63 of May 1998 set up a national program of "Critical Infrastructure Protection". In 2014 the NIST Cybersecurity Framework was published after further presidential directives.

<span class="mw-page-title-main">Federal Office for Information Security</span> German federal agency

The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

The United Kingdom has a diverse cyber security community, interconnected in a complex network.

National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology (DeitY) It aims at protecting the public and private infrastructure from cyber attacks. The policy also intends to safeguard "information, such as personal information, financial and banking information and sovereign data". This was particularly relevant in the wake of US National Security Agency (NSA) leaks that suggested the US government agencies are spying on Indian users, who have no legal or technical safeguards against it. Ministry of Communications and Information Technology (India) defines Cyberspace as a complex environment consisting of interactions between people, software services supported by worldwide distribution of information and communication technology.

<span class="mw-page-title-main">National Cybersecurity and Critical Infrastructure Protection Act of 2013</span>

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

<span class="mw-page-title-main">National Disaster Management Authority (India)</span> Government body in India

National Disaster Management Authority (India), abbreviated as NDMA, is an apex Body of Government of India, with a mandate to lay down policies for disaster management. NDMA was established through the Disaster Management Act enacted by the Government of India on 23 December 2005. NDMA is responsible for framing policies, laying down guidelines and best-practices for coordinating with the State Disaster Management Authorities (SDMA's) to ensure a holistic and distributed approach to disaster management.

<span class="mw-page-title-main">National Cyber Security Centre (Ireland)</span>

The National Cyber Security Centre (NCSC) is a government computer security organisation in Ireland, an operational arm of the Department of the Environment, Climate and Communications. The NCSC was developed in 2013 and formally established by the Irish government in July 2015. It is responsible for Ireland's cyber security, with a primary focus on securing government networks, protecting critical national infrastructure, and assisting businesses and citizens in protecting their own systems. The NCSC incorporates the Computer Security Incident Response Team (CSIRT-IE).

<span class="mw-page-title-main">Cyber Security Agency</span> Singaporean government agency

The Cyber Security Agency (CSA) is a government agency under the Prime Minister's Office, but is managed by the Ministry of Digital Development and Information of the Government of Singapore. It provides centralised oversight of national cyber security functions and works with sector leads to protect Singapore's Critical Information Infrastructure (CII), such as the energy and banking sectors. Formed on 1 April 2015, the agency also engages with various industries and stakeholders to heighten cyber security awareness as well as to ensure the development of Singapore's cyber security. It is headed by the Commissioner of Cybersecurity, David Koh.

NIST Cybersecurity Framework (CSF) is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. The framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated to many languages, and is used by several governments and a wide range of businesses and organizations.

<span class="mw-page-title-main">Australian Cyber Security Centre</span> Australian Government lead agency for cybersecurity

The Australian Cyber Security Centre (ACSC), the successor to the Cyber Security Operations Centre, is the Australian Government's lead agency for cyber security. The ACSC is part of the Australian Signals Directorate and is based at the Australian Security Intelligence Organisation headquarters in Brindabella Business Park in Canberra. The Centre is overseen by the Cyber Security Operations Board and is the joint responsibility of the Minister for Defence.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

References

  1. "Archived copy" (PDF). Archived from the original (PDF) on 19 January 2017. Retrieved 4 January 2017.{{cite web}}: CS1 maint: archived copy as title (link)
  2. 1 2 "The Information Technology ACT" (PDF). 2008. Archived from the original (PDF) on 3 January 2017. Retrieved 3 January 2017.
  3. "Archived copy" (PDF). Archived from the original (PDF) on 25 January 2017. Retrieved 2 January 2017.{{cite web}}: CS1 maint: archived copy as title (link)
  4. "NCIIPC: It's Time to Step Forward And Protect Our Critical Infrastructures from Cyber Attacks".
  5. "Guidelines for Identification of Critical Information Infrastructure" (PDF). Archived from the original (PDF) on 13 May 2020. Retrieved 21 July 2020.
  6. "Archived copy" (PDF). Archived from the original (PDF) on 2 September 2018. Retrieved 22 October 2018.{{cite web}}: CS1 maint: archived copy as title (link)
  7. "The NCIIPC & Its Evolving Framework - Digital Policy Portal". www.digitalpolicy.org.
  8. 1 2 NCIIPC. "National Critical Information Infrastructure Protection Centre". Nciipc.gov.in. Retrieved 19 July 2018.