Critical Information Infrastructure

From CIPedia
Jump to navigation Jump to search

Critical Information Infrastructure is a complex concept consisting of three elements:

  1. The critical cross-sector ICT elements of Critical Infrastructures (e.g. same Process Control systems (hardware and software) used in CI (limited number of manufactures globally; same vulnerabilities and threats)
  2. Critical base-level services supporting the ICT CI (e.g. Top Level Domain services/registries, critical Domain Name services, trust services, internet exchanges, PNT (Position, Navigation and Timing), ...
  3. Critical applications and services (e.g. critical national information services of government, critical cloud services, critical search engines and social media, ...


Abbreviation

CII

Definitions

European Definitions

Council Communication COM(2011)163 final

No definition provided [1]

Council Directive 2016/1148

No definition provided, but addresses the cyber security of "essential" network and information systems across the Union. [2]

Other International Definitions

African Union

Critical Cyber/ICT Infrastructure means the cyber infrastructure that is essential to vital services for public safety, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace. [3]


OECD

Critical information infrastructure (CII) - OBSOLETE TERM per December 2019; to be replaced by 'Digital Security of Critical Activities'. [4] [5]


Critical information infrastructures (“CII”) should be understood as referring to those interconnected information systems and networks, the disruption or destruction of which would have serious impact on the health, safety, security, or economic well-being of citizens, or on the effective functioning of government or the economy. [6]


GFCE-MERIDIAN

Critical Information Infrastructure (CII) are those interconnected information and communication infrastructures which are essential for the maintenance of vital societal functions, (health, safety, security, economic or social well-being of people) - the disruption or destruction of which would have serious consequence. [7]


National Definitions

Albania

Infrastruktura kritike të informacionit – konsiderohen sistemet dhe rrjetet e informacionit dhe komunikimit, cënimi apo shkatërrimi i të cilave do të kishte impakt serioz në shëndetin, sigurinë, dhe/ose mirëqënien ekonomike të qytetarëve, dhe/ose funksionimin efektiv të ekonomisë të Republikës së Shqipërisë. [8]


“Critical Information Infrastructure” - means the entirety of networks and systems information, the violation or destruction of which would have a serious impact on health, security and / or economic well-being of citizens and / or the effective functioning of economy in the Republic of Albania.. [9]


Austria

Critical information infrastructures are those infrastructures or parts thereof which are of crucial importance for ensuring important social functions. Their failure or destruction has severe effects on the health, security or the economic and social wellbeing of the population or the functioning of governmental institutions. [10]


Bangladesh

“Critical Information Infrastructure” means any physical or virtual information infrastructure declared by the government which is capable of controlling, processing, circulating or preserving any information, data or electronic information and which if it is damaged or compromised may adversely affect
(i) public safety or financial security or public health,
(ii) national security or national integrity or sovereignty. [11]



Botswana

Critical Information Infrastructure refers to the digital infrastructure whose disruption or damage negatively affects the well-functioning of the economy. [12]



Brazil

Infraestruturas Críticas da Informação: subconjunto de ativos de informação que afetam diretamente a consecução e a continuidade da missão do Estado e a segurança da sociedade. [13]
Critical information Infrastructures are the subset of information assets that directly affect the achievement and continuity of state mission and the safety of society.



Bulgaria

Критична комуникационна и информационна инфраструктура (ККИИ) - системи, услуги, мрежи и инфраструктури, които са жизнено важна част от националната икономика и общество и осигуряващи важни стоки и услуги, деструктивното въздействие върху които би могло да има сериозно влияние на жизнено важни функции на обществото. [14]

Критична информационна инфраструктура са както мрежите, каналите и системите за управлението и поддържането им.



Cambodia

Critical information infrastructures are communications and/or information services whose availability, reliability and resilience are essential to the functioning of a modern economy. [15]



Chile

Infraestructura crítica de la información: las instalaciones, redes, servicios y equipos físicos y de tecnología de la información cuya afectación, degradación, denegación, interrupción o destrucción pueden tener una repercusión importante en la salud, la seguridad o el bienestar económico de los ciudadanos o en el eficaz funcionamiento de los gobiernos de los Estados. [16] [17]


Critical information infrastructure (CII) includes the installation, networks, services and physical and information technology equipment whose impairment, degradation, rejection, interruption or destruction may have an important impact on the security, health and wellbeing of people and on the effective operation of the State and the private sector. [18]



China

国家关键信息基础设施是指关系国家安全、国计民生,一旦数据泄露、遭到破坏或者丧失功能可能严重危害国家安全、公共利益的信息设施,包括但不限于提供公共通信、广播电视传输等服务的基础信息网络,能源、金融、交通、教育、科研、水利、工业制造、医疗卫生、社会保障、公用事业等领域和国家机关的重要信息系统,重要互联网应用系统等。 [19]

The national critical information infrastructure refers to the information facilities concerning the national security, the national economy and the people's livelihood, which may seriously damage the national security and the public interest if the data is divulged, destroyed or lost, including but not limited to providing public communications, broadcasting and television transmission and other services, information networks, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health, social security, public utilities and other important information systems and important Internet applications.



Colombia

Critical (Information) Infrastructure is the set of computers, computer systems, telecommunication networks, data and information, the destruction or interference may weaken or impact the safety of the economy, public health, or combination thereof, in a nation.

Infraestructura crítica: Es el conjunto de computadores, sistemas computacionales, redes de telecomunicaciones, datos e información, cuya destrucción o interferencia puede debilitar o impactar en la seguridad de la economía, salud pública, o la combinación de ellas, en una nación). [20]



Costa Rica

Infraestructura Crítica de Información: Son los activos, los sistemas y las redes, ya sean físicos o virtuales, que su incapacitación o destrucción tendría un efecto negativo. [21]


Infraestructura de información crítica: Sistemas y redes de información que en ocasión de fallo podrían tener un impacto serio en la salud, seguridad física y operacional, economía y el bienestar de los ciudadanos, o el efectivo funcionamiento del gobierno y la economía del país. [22]



Croatia

Critical communication and information infrastructure: communication and information systems whose disruption in the functioning of vital systems disrupts the operation of any or more of the identified critical national infrastructures.

Kritična komunikacijska i informacijska infrastruktura – komunikacijski i informacijski sustavi čiji bi poremećaj u funkcioniranju bitno poremetio rad pojedine ili više identificiranih nacionalnih kritičnih infrastruktura. [23]



Czech Republic

Kritická informační infrastruktura: Zákonem jasně vymezený komplex informačních systémů, jejichž nefunkčnost by měla závažný dopad na bezpečnost státu, ekonomiku, veřejnou správu a zabezpečení základních životních potřeb obyvatelstva. [24]

Critical information infrastructure: Complex of information systems clearly defined by law, whose unfunctionality would result in a serious impact on state security, economy, public administration and provision of the basic daily needs of population. [24]


Kritickou informační infrastrukturou prvek nebo systém prvků kritické infrastruktury v odvětví komunikační a informační systémy v oblasti kybernetické bezpečnosti. [25]

Within the field of cyber security, a critical infrastructure means an element or system of elements of the critical infrastructure in the sector of communication and information systems. [26]

Zákonem jasně vymezený komplex informačních systémů, jejichž nefunkčnost by měla závažný dopad na bezpečnost státu, ekonomiku, veřejnou správu a zabezpečení základních životních potřeb obyvatelstva.

Denmark

Kritisk it-infrastruktur Den delmængde af kritisk infrastruktur, der omfatter den digitale infrastruktur, der er nødvendig for at opretholde eller genoprette samfundsvigtige funktioner. [27]

Critical ICT infrastructure: The subset of critical infrastructure that includes the digital infrastructure needed to maintain or restore vital societal functions. [28]


Estonia

Critical information infrastructure (CII) means information and communication systems whose maintenance, reliability and safety are essential for the proper functioning of a country. The critical information infrastructure is a part of the critical infrastructure. [29]

The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations.

Finland

Critical information infrastructure refers to the structures and functions behind the information systems of the vital functions of society which electronically transmit, transfer, receive, store or otherwise process information (data). [30]


France

Systèmes d’information d’importance vitale (SIIV): Ce sont les « systèmes pour lesquels l’atteinte à la sécurité ou au fonctionnement risquerait de diminuer d’une façon importante le potentiel de guerre ou économique, la sécurité ou la capacité de survie de la Nation ». [31]


Iceland

CIIP – Critical Information Infrastructure refers to systems designed to guarantee state security, public well-being and a variety of channels for a variety of supplies necessary in modern society. [32]

The National Commissioner of Police further define those systems considered to be critical infrastructure.

India

Critical Information Infrastructure (CII) is defined as those facilities, systems or functions whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well-being of a nation. [33]


Gambia

National Critical Information infrastructure (NCII): Assets, data, flows or networks which are vital for achieving the services provided by the National Critical Infrastructure. [34]



Ghana

Critical Information Infrastructure (CII) constitutes assets (real/virtual), networks, systems, processes, information, and functions that are vital to the nation such that their incapacity or destruction would have a devastating impact on national security, the economic and social well-being of citizens. [35]



Indonesia

Infrastruktur Informasi Kritis: adalah Informasi dan data pada Sistem Elektronik dan Jaringan Sistem Elektronik yang saling terinterkoneksi yang apabila mendapatkan gangguan dan/atau kerusakan akan berdampak serius terhadap kepentingan umum, pelayanan publik, kelancaran penyelenggaraan negara, pertahanan dan keamanan Negara dan/atau perekonomian nasional. [36]


ICT Critical National Infrastructures are assets, services, objects in the form of physical or logical that involving the livelihood of many people, national interests and/or revenue of country that are strategic, in case of threats and attacks cause more loss of lives, destabilizing political, social, cultural and national economy as well as the sovereignty of the nation. [37]


Islamic Republic of Afghanistan

Critical Information Infrastructure: the infrastructures which host the information systems that can cause loss of lives, large scale economic damages, security vulnerabilities and disturbance of public order at national level when the confidentiality, integrity or accessibility of the information they process is compromised. [38]



Israel

(Critical cyber infrastructure) נכסי סייבר חיוניים הנקבעים ע"פ תבחינים ומתווספים לחוק הסדרת הבטחון [39]



Italy

Infrastruttura Critical Informatizzata: infrastruttura critica che utilizza per il suo controllo, o la sua gestione o il suo esercizio una infrastruttura informatica. [40]



Japan

Critical Information Infrastructure (CII) is the backbone of national life and economic activities formed by businesses providing services that are extremely difficult to be substituted. If the function of the services is suspended, deteriorates or becomes unavailable, it could have a significant impact on the national life and economic activities. [41]

Japan defined the set of 13 Japanese CII sectors as [42], [43]:

  1. Information and communication services (情報通信)
  2. Financial services (金融)
  3. Aviation services (航空)
  4. Railway services (鉄道)
  5. Electric power supply services (電力)
  6. Gas supply services (ガス)
  7. Government and administrative services (including local public authorities)
    (政府・行政サービス(地方公共団体を含む))
  8. Medical services (医療)
  9. Water services (水道)
  10. Logistics services (物流)
  11. Chemical industries (化学)
  12. Credit card services (クレジット)
  13. Petroleum industries (び「石油)


Kenya

‘Critical Information Infrastructure (CII)’ refers to interconnected information systems and networks, the disruption of which would have serious impact on the economic well-being of customers, or on the effective functioning of payment service provider and the economy. [44]



Kosovo

Infrastruktura kritike e informacionit (IKI) Me infrastrukturë kritike të informacionit nënkuptojmë sistemet TIK që janë infrastruktura kritike për vetveten apo që janë thelbësore për funksionimin e infrastrukturave kritike (telekomunikacioni, kompjuterët/softuerët, Interneti, satelitët etj.). [45]

Critical Information Infrastructure (CII): ICT systems that are critical infrastructures for themselves or that are essential for the operation of critical infrastructures (telecommunications, computers/software, Internet, satellites, etc.). [46]



Kuwait

Critical Information Infrastructure (CII): the systems, services, networks and infrastructures that form a vital part of a nation's economy and society, providing essential goods and services. Their disruption or destruction would have a serious impact on vital societal functions. [47]



Kyrgyztan

критическая информационная инфраструктура Кыргызской Республики - совокупность государственных информационных систем, государственных информационно-телекоммуникационных сетей и автоматизированных систем управления технологическими процессами, функционирующих в секторе государственного управления и государственных электронных услуг, области здравоохранения, транспорта, телекоммуникаций и связи, кредитно-финансовой сфере, оборонном секторе, топливной промышленности, отрасли генерации и распределения электроэнергии, пищевой промышленности и горнодобывающей промышленности. [48]

Critical information infrastructure of the Kyrgyz Republic: a set of state information systems, state information and telecommunication networks and automated process control systems operating in the public administration and state electronic services, healthcare, transport, telecommunications and communications, credit and financial sector, defence sector, fuel industry, power generation and distribution, food processing industry and mining industry.



Lithuania

Critical information infrastructure shall mean an electronic communications network, information system or a group of information systems where an incident that occurs causes or may cause grave damage to national security, national economy or social well-being. [49]

Ypatingos svarbos informacinė infrastruktūra – elektroninių ryšių tinklas ar jo dalis, informacinė sistema ar jos dalis, informacinių sistemų grupė ar pramoninių procesų valdymo sistema ar jos dalis, nepaisant to, ar jos valdytojas yra privatus ar viešojo administravimo subjektas, kuriuose įvykęs kibernetinis incidentas gali padaryti didelę žalą nacionaliniam saugumui, šalies ūkiui, valstybės ir visuomenės interesams. [50]


Malaysia

Critical National Information Infrastructure (CNII) is defined as those assets (real and virtual), systems and functions that are vital to the nations that their incapacity or destruction would have a devastating impact on: (1) National economic strength; Confidence that the nation's key growth area can successfully compete in global market while maintaining favourable standards of living; (2) National image; Projection of national image towards enhancing stature and sphere of influence. (3) National defence and security; guarantee sovereignty and independence whilst maintaining internal security. (4) Government capability to functions; maintain order to perform and deliver minimum essential public services. (5) Public health and safety; delivering and managing optimal health care to the citizen. [51]


Mexico

Infraestructura(s) Crítica(s) de Información (ICI). ​Las infraestructuras de  información esenciales consideradas estratégicasporestarrelacionadasconlaprovisiónde bienes y de prestación de servicios públicos esenciales y cuya afectación pudiera comprometer​ ​la​ ​Seguridad​ ​Nacional​ ​en​ ​términos​ ​de​ ​la​ ​ley​ ​de​ ​la​ ​material. [52]



Mozambique

Infraestruturas Críticas da Informação: subconjunto de activos de informação que afectam diretamente a consecução e a continuidade da missão do Estado e a segurança da sociedade. [53]



North Macedonia

Критична информациска инфраструктура (КИИ) - кои би Критична информациска инфраструктура ло информацискокомуникациски системи чиешто одржување, сигурност и безбедност се критични за националната безбедност, економијата, јавната безбедност и здравје. Националната критична информациска инфраструктура е дел од критична инфраструктура (КИ). [54] [55]



Norway

Critical ICT infrastructure is defined as critical infrastructure for electronic communications. [56]
Kritisk IKT-infrastruktur defineres som kritisk infrastruktur for elektronisk kommunikasjon. [57]



Pakistan

"Critical infrastructure information system or data” means an information system, program or data that supports or performs a function with respect to a critical infrastructure. [58]


CII [Telecom Sector]: Critical Information Infrastructure includes systems, networks, or assets, whether physical or virtual, that are essential to the functioning of a society and the economy. The disruption or destruction of CII could have a significant impact on the availability of essential services, the well-being of the population, or national security. Examples of CII include power grids, transportation systems, healthcare facilities, financial systems, and communication networks. [59]


Critical Information Infrastructure (CII) - This generally includes the energy, telecom, finance, water & healthcare sectors. [60]



Philippines

Critical (information) infrastructure refers to the computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data and/or traffic data so vital to this country that the incapacity or destruction of or interference with such system and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters. [61]


Critical (information) infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the state that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. [62]


[actually defines Critical information infrastructure] Critical infrastructure refers to an electronic, magnetic, optical, electrochemical or data processing or communications device, or groupings of such devices, capable of performing logical, arithmetic, routing, or storage functions and which includes any storage facility or equipment or communications facility directly related to or operating in conjunction with such device. [63]

It covers any type of computer device including devices with data processing capabilities like mobile phones, smart phones, computer networks and other devices connected to the internet.

Portugal

[Definição] Infraestrutura Crítica da Informação: Refere-se a quaisquer sistemas de tecnologias da informação que suportem ativos fundamentais e serviços das infraestruturas nacionais. [64]



Qatar

The information and communications technology systems, services, and data assets that are critical to Qatar. [65] [66]

Criteria for being critical are:

  1. Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
  2. Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
  3. Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [65] [66].


Republic of Korea

"정보통신기반시설"이라 함은 국가안전보장·행정·국방·치안·금융·통신·운송·에너지 등의 업무와 관련된 전자적 제어·관리시스템 및 「정보통신망 이용촉진 및 정보보호 등에 관한 법률」 제2조제1항제1호의 규정에 의한 정보통신망을 말한다. [67]

The term "information and communications infrastructure" means electronic control and management system related to the national security, administration, defense, public security, finance, communications, transportation, energy, etc. and information and communications network under Article 2 (1) 1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.. [68]


Republic of Trinidad & Tobago

Critical (information) infrastructure means computer systems, devices, networks, computer programs, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, defence or international relations of the State; or provision of services directly related to national or economic security, banking and financial services, communications infrastructure, national public health and safety, public transportation, public key infrastructure or any combination of those matters. [69]


Russian Federation

Critical information infrastructure is a set of automated control systems and their interaction with information and telecommunications networks, designed to meet the challenges to good governance, defense, security, law and order, the violation (or termination) of their operation which can cause the onset of serious consequences.

критическая информационная инфраструктура Российской Федерации - совокупность автоматизированных систем управления КВО и обеспечивающих их взаимодействие информационно- телекоммуникационных сетей, предназначенных для решения задач государственного управления, обеспечения обороноспособности, безопасности и правопорядка, нарушение (или прекращение) функционирования которых может стать причиной наступления тяжких последствий. [70]


Rwanda

Ibikorwaremezo by’ikoranabuhanga byihariye: ibikorwaremezo byifashisha ikoranabuhanga mu gutanga serivisi ku baturage kandi bifite uruhare rukomeye ku iterambere ry’ubukungu, imibereho myiza n’umutekano by’Igihugu.

Critical information infrastructure: virtual and physical information systems that provide services to the citizens and serve as a backbone of development of the national economic, social and security life.

Infrastructures d’information critiques: systèmes d’informations virtuels et physiques qui fournissent des services aux citoyens et servent de pivot à l’éclosion de la vie économique, sociale et sécuritaire du pays. [71]


Singapore

“critical information infrastructure” means a computer or a computer system that is necessary for the continuous delivery of essential services which Singapore relies on, the loss or compromise of which will lead to a debilitating impact on the national security, defence, foreign relations, economy, public health, public safety or public order of Singapore. [72]


“critical information infrastructure” as defined in section 2 of the [Cyber Security] Act and in this Code , this term refers to all CII owned by a CIIO where the CIIO owns more than one CII. [73]



South Africa

[National] Critical Information Infrastructure means all ICT systems, data systems, data bases, networks (incl. people, buildings, facilities and processes), that are fundamental to the effective operation of the State. [74]


Spain

The Spanish CIP law does not make any kind of distinction between [Critical Infrastructure|CI]] and CII. The law establishes the concept of a comprehensive and integral security approach uniting the physical and cyber security in one single strategy.

Sri Lanka

CII: the computer or computer system is necessary for the continuous delivery of essential services for the public health, public safety, privacy, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace or for any other criteria as may be prescribed and the disruption or destruction of which would likely to have serious impact on the public health, public safety, privacy, national security, international stability or on the effective functioning of the government or the economy; and the computer or computer system is located wholly or partly in Sri Lanka. [75]



Türkiye

Critical (information) infrastructure is defined as the infrastructures which host the information systems that can cause: loss of lives, large scale economic damages, or security vulnerabilities and disturbance of public order at national level when the confidentiality, integrity or accessibility of the information they process is compromised. [76]

Kritik altyapılar: İşlediği bilginin gizliliği, bütünlüğü veya erişilebilirliği bozulduğunda, can kaybına, büyük ölçekli ekonomik zarara, ulusal güvenlik açıklarına veya kamu düzeninin bozulmasına, yol açabilecek bilişim sistemlerini barındıran altyapıları. [77] [78]


Uganda

Uganda uses the aformentioned ITU-T definition. [79]


Ukraine

критична інформаційна інфраструктура - сукупність об’єктів критичної інформаційної інфраструктури; об’єкт критичної інформаційної інфраструктури - комунікаційна або технологічна система об’єкта критичної інфраструктури, кібератака на яку безпосередньо вплине на стале функціонування такого об’єкта критичної інфраструктури.

{machine translation} critical information infrastructure - a set of objects of critical information infrastructure; the object of critical information infrastructure - a communication or technological system of the critical infrastructure object, the cyber attack of which will directly affect the sustainable functioning of such an object of critical infrastructure. [80]



United Arab Emirates

Critical Information infrastructure: All information assets that support carrying out of a critical function and the delivery of a critical service. [81]


United Kingdom

Critical information infrastructure (CII) may refer to any IT systems which support key assets and services within the national infrastructure. [82]


United States

DHS
Critical information infrastructure (CII) is any physical or virtual information system that controls, processes, transmits, receives or stores electronic information in any form including data, voice or video that is: (1) Vital to the functioning of critical infrastructure; (2) So vital to the United States that the incapacity or destruction of such systems would have a debilitating impact on national security, national economic security, or national public health or safety; or (3) Owned or operated by or on behalf of a State, local, tribal, or territorial government entity. (Adapted from the Administration’s cyber legislative proposal)]. [83]


Uruguay

Activos de información críticos del Estado: Son aquellos activos de información necesarios para asegurar y mantener el correcto funcionamiento de los servicios vitales para la operación del gobierno y la economía del país. [84]


Uzbekistan

Muhim axborot infratuzilmasi — muhim strategik va ijtimoiy-iqtisodiy ahamiyatga ega bo‘lgan avtomatlashtirilgan boshqaruv tizimlarining, axborot tizimlari hamda tarmoqlar va texnologik jarayonlar resurslarining majmui.

муҳим ахборот инфратузилмаси — муҳим стратегик ва ижтимоий-иқтисодий аҳамиятга эга бўлган автоматлаштирилган бошқарув тизимларининг, ахборот тизимлари ҳамда тармоқлар ва технологик жараёнлар ресурсларининг мажмуи.

(Critical information infrastructure - a complex of automated control systems, information systems and resources of networks and technological processes of great strategic and socio-economic importance) [85]


Zambia

Critical Information Infrastructure means all ICT systems, data systems, databases, networks (including people, buildings, facilities, and processes), that are fundamental to the effective operation of Zambia. [86]


Zimbabwe

Critical information infrastructure means computer systems, devices, networks, computer programmes, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, defence, economic and international affairs, public health and safety, or to essential services as defined in section 19 of the Criminal Law Code including the banking system and “critical data” shall be construed accordingly. [87]


Regional Definition

Victoria, Australia

The ICT component of Critical Infrastructure is referred to as Critical Information Infrastructure (CII). [88]



Standard Definition

IETF

Critical Information Infrastructure (CII) are those systems that are so vital to a nation that their incapacity or destruction would have a debilitating effect on national security, the economy, or public health and safety. [89]


See also

Notes

References

  1. COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’
  2. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 (NIS Directive
  3. African Union Convention on Cyber Security and Personal Data Protection, LC12490, Malabo, Guinea, 27th June 2014
  4. Recommendation of the Council on Digital Security of Critical Activities
  5. Recommandation du Conseil sur la sécurité numérique des activités critiques
  6. OECD Recommendation of the Council on the Protection of Critical Information Infrastructures C(2008)35
  7. The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers, November 2016
  8. Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
  9. ENERGY REGULATOR AUTHORITY REGULATION ON CYBER SECURITY OF CRITICAL INFRASTRUCTURES IN THE POWER SECTOR
  10. Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
  11. Digital Security Act (2018) Bangladesh
  12. National Cybersecurity Strategy (2021)
  13. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Portaria Nº 34, de 5 de agosto de 2009. Conselho de Defesa Nacional, Secretaria Executiva (2009).
  14. „Кибер устойчива България 2020” - Republic of Bulgaria: national cyber security strategy "Cyber Resilient Bulgaria 2020"(2016)
  15. Understanding of Korean CIIP
  16. BASES PARA UNA POLÍTICA NACIONAL DE CIBERSEGURIDAD, MARZO DE 2015, Chile
  17. Chile Política Nacional de Ciberseguridad (2017)
  18. Chilean National Cybersecurity Policy (2017)
  19. 网络空间安全战略 "National cyberspace security strategy" (full text) December 2016
  20. Lineamientos de política para la Ciberseguridad y Ciberdefensa, Conpes 3701 (2011) based on Resolución CRC 2258 from 2009.
  21. Estrategia Nacional de Ciberseguridad de Costa Rica (2023-2027)
  22. Estrategia Nacional de Ciberseguridad de Costa Rica (2017)
  23. National Cyber Security Strategy draft (2015)
  24. 24.0 24.1 [1]
  25. Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)
  26. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  27. National strategi for cyber- og informationssikkerhed 2022-2024 (2021)
  28. Danish Cyber and Information Security Strategy (2022-2024)

    National strategi for cyber- og informationssikkerhed 2022-2024 (2021)
  29. Critical Information Infrastructure Protection Estonia
  30. Finlands' Cyber Security Strategy
  31. ANSSI Glossaire
  32. Network and information security webpage
  33. Section 70(1) of the Information Technology Act Ammendment (2008)
  34. THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
  35. Directive for the Protection of Critical Information Infrastructure (CII) (2020)
  36. (presentation), 2016
  37. Z.A. Hasibuan, Indonesia National Cyber Security Strategy: Security and Sovereignty in Indonesia Cyberspace (presentation), 2013
  38. National Cyber Security Strategy of Afghanistan (2014)
  39. CERT.IL Glossary
  40. PROTEZIONE DELLE INFRASTRUTTURE CRITICHE INFORMATIZZATE La realtà Italiana (2004)
  41. The Basic Policy of Critical Information Infrastructure Protection (3rd Edition), Japan (2015)
  42. 重要インフラの情報セキュリティ対策に係る 第4次行動計画 (2018)
  43. The Cybersecurity Policy for Critical Infrastructure Protection (4th Edition) / (Tentative Translation) 2018
  44. GUIDELINES ON CYBERSECURITY FOR PAYMENT SERVICE PROVIDERS, AUGUST 2018
  45. Strategjia Shtetërore për Sigurinë Kibernetike dhe Plani i Veprimit 2016 – 2019
  46. National Cyber Security Strategy and Action Plan 2016 – 2019 (2016)
  47. Glossary Communication and Information Technology Regulatory
  48. СТРАТЕГИЯ кибербезопасности Кыргызской Республики на 2019-2023 годы
  49. GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 2011–2019
  50. LIETUVOS RESPUBLIKOS KIBERNETINIO SAUGUMO ĮSTATYMAS 2014 m. gruodžio 11 d. Nr. XII-1428 Vilnius
  51. Malaysia (2009)
  52. Estragia Nacional de Ciberseguridad (November 2017)
  53. Estratégia Nacional de Segurança Cibernética de Moçambique (2021-2024)
  54. НАЦИОНАЛНА СТРАТЕГИЈА ЗА САЈБЕР БЕЗБЕДНОСТ НА РЕПУБЛИКА МАКЕДОНИЈА 2018 -2022
  55. National Cyber Security Strategy of the Republic of Macedonia (2018)
  56. Cyber Security Strategy for Norway (2012)
  57. Nasjonal strategi for informasjonssikkerhet (2012)
  58. AS PASSED BY THE NATIONAL ASSEMBLY A Bill to make provisions for prevention of electronic crimes
  59. Cyber Security Strategy for Telecom Sector 2023-2028
  60. National Cyber Security Policy 2021
  61. Republic Act No. 10175, 2012
  62. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  63. National Cyber Security Plan 2022 (May 2017)
  64. Glossário Centro National de Cibersegurança Portugal
  65. 65.0 65.1 QATAR National Cyber Security Strategy (May 2014)
  66. 66.0 66.1 الاستراتيجية الوطنية للأمن السيبراني QATAR National Cyber Security Strategy - Arabic version (May 2014)
  67. Act on the protection of information and communications, no. 13590 (2015)
  68. Act on the protection of information and communications, no. 13590 (2015)
  69. Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
  70. NATIONAL SECURITY OF RUSSIA - Information security (February 3, 2012, № 803)
  71. https://cyber.gov.rw/documentation/ Rwanda cybercrime law
  72. (draft) Cybersecurity Bill 2017
  73. Cybersecurity Code of Practice for Critical Information Infrastructure
  74. South Africa Cyber Security Policy, Staatskoerant No. 32963, 10 Feb 2010
  75. Cyber Security bill 2019
  76. Turkey's National Cyber Security Strategy and 2013-2014 Action Plan
  77. UlUSAL SİBER GÜVENLİk STRATEJİSİ VE
  78. 2016-2019 ULUSAL SİBER GÜVENLİK STRATEJİSİ
  79. National Information Security Policy (2011)
  80. ЗАКОН УКРАЇНИ - Про основні засади забезпечення кібербезпеки України / THE LAW OF UKRAINE: About the basic principles of providing cyber security of Ukraine 2163-19
  81. https://u.ae/en/information-and-services%2Fjustice-safety-and-the-law%2F-%2Fmedia%2FDocuments-2023%2FCritical-Information-Infrastructure-Protection-CIIP-Policy.ashx CRITICAL INFORMATION INFRASTRUCTURE PROTECTION (CIIP) POLICY
  82. Cyber Security in the UK, Postnote Number 389, September 2011
  83. Blueprint for a secure cyber future, DHS Nov 2011
  84. Decreto No. 451/009 item No. 3
  85. Presidential Resolution No. PP-167 dated May 31, 2023, “On additional measures to improve the system of cybersecurity of critical information infrastructure facilities of the Republic of Uzbekistan”
  86. National Cyber Security Policy
  87. Draft Cybercrime and Cyber security bill (2017)
  88. Critical Information Infrastructure Risk Management, VICTORIAN GOVERNMENT CIO COUNCIL, 2012
  89. IETF RFC449 Internet Security Glossary 2