Govt Declares ICICI Bank’s IT Resources as ‘Critical Information Infrastructure’

Govt Declares ICICI Bank’s IT Resources as ‘Critical Information Infrastructure’

Subject: Science and Technology

Section: IT awareness

• The Ministry of Electronics and IT (MeitY), through a notification, declared the IT resources of the private sector lender as critical infrastructure under Section 70 of the IT Act, 2000.
• The order declares the computer resources relating to the Core Banking Solution, Real Time Gross Settlement and National Electronic Fund Transfer comprising Structured Financial Messaging Server, being Critical Information Infrastructure of the ICICI Bank, and the computer resources of its associated dependencies to be protected systems for the purpose of the said Act.

Critical information infrastructure

• The Information Technology Act of 2000 defines “Critical Information Infrastructure” as a “computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety”.
• The government, under the Act, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.
• Any person who secures access or attempts to secure access to a protected system in violation of the law can be punished with a jail term of up to 10 years.
• Need:
  • IT resources form the backbone of countless critical operations in a country’s infrastructure, and given their interconnectedness, disruptions can have a cascading effect across sectors.
  • An information technology failure at a power grid can lead to prolonged outages crippling other sectors like healthcare, banking services.

How are CIIs protected in India?

• Created in January 2014, the National Critical Information Infrastructure Protection Centre (NCIIPC) is the nodal agency for taking all measures to protect the nation’s critical information infrastructure.
• It is mandated to guard CIIs from “unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction”.
• NCIIPC will monitor and forecast national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.
• The basic responsibility for protecting the CII system shall lie with the agency running that CII.

In the event of any threat to critical information infrastructure the National Critical Information Infrastructure Protection Centre may call for information and give directions to the critical sectors