Difference between revisions of "Critical Information Infrastructure"
(→China) |
m (→China) |
||
Line 32: | Line 32: | ||
{{definition|Infraestructura crítica de la información: las instalaciones, redes, servicios y equipos físicos y de tecnología de la información cuya afectación, degradación, denegación, interrupción o destrucción pueden tener una repercusión importante en la salud, la seguridad o el bienestar económico de los ciudadanos o en el eficaz funcionamiento de los gobiernos de los Estados. <ref>[http://ciberseguridad.interior.gob.cl/media/2015/12/Documento-Bases-Pol%C3%ADtica-Nacional-sobre-Ciberseguridad.pdf BASES PARA UNA POLÍTICA NACIONAL DE CIBERSEGURIDAD, MARZO DE 2015, Chile ]</ref>}}<br/><br/> | {{definition|Infraestructura crítica de la información: las instalaciones, redes, servicios y equipos físicos y de tecnología de la información cuya afectación, degradación, denegación, interrupción o destrucción pueden tener una repercusión importante en la salud, la seguridad o el bienestar económico de los ciudadanos o en el eficaz funcionamiento de los gobiernos de los Estados. <ref>[http://ciberseguridad.interior.gob.cl/media/2015/12/Documento-Bases-Pol%C3%ADtica-Nacional-sobre-Ciberseguridad.pdf BASES PARA UNA POLÍTICA NACIONAL DE CIBERSEGURIDAD, MARZO DE 2015, Chile ]</ref>}}<br/><br/> | ||
==== [[China]] ==== | ==== [[China]] ==== | ||
− | {{definition|国家关键信息基础设施是指关系国家安全、国计民生,一旦数据泄露、遭到破坏或者丧失功能可能严重危害国家安全、公共利益的信息设施,包括但不限于提供公共通信、广播电视传输等服务的基础信息网络,能源、金融、交通、教育、科研、水利、工业制造、医疗卫生、社会保障、公用事业等领域和国家机关的重要信息系统,重要互联网应用系统等。<br/<br/>The national critical information infrastructure refers to the information facilities concerning the national security, the national economy and the people's livelihood, which may seriously damage the national security and the public interest if the data is divulged, destroyed or lost, including but not limited to providing public communications, broadcasting and television transmission and other services. Information network, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health, social security, public utilities and other important information systems and important Internet applications. <ref>[http://www.guancha.cn/politics/2016_12_27_386318.shtml 网络空间安全战略 China’s Cyber Security Strategy December 2016.]</ref>}}<br/><br/> | + | {{definition|国家关键信息基础设施是指关系国家安全、国计民生,一旦数据泄露、遭到破坏或者丧失功能可能严重危害国家安全、公共利益的信息设施,包括但不限于提供公共通信、广播电视传输等服务的基础信息网络,能源、金融、交通、教育、科研、水利、工业制造、医疗卫生、社会保障、公用事业等领域和国家机关的重要信息系统,重要互联网应用系统等。<br/><br/>The national critical information infrastructure refers to the information facilities concerning the national security, the national economy and the people's livelihood, which may seriously damage the national security and the public interest if the data is divulged, destroyed or lost, including but not limited to providing public communications, broadcasting and television transmission and other services. Information network, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health, social security, public utilities and other important information systems and important Internet applications. <ref>[http://www.guancha.cn/politics/2016_12_27_386318.shtml 网络空间安全战略 China’s Cyber Security Strategy December 2016.]</ref>}}<br/><br/> |
==== [[Colombia]] ==== | ==== [[Colombia]] ==== |
Revision as of 22:56, 27 December 2016
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Albania
- 1.3.2 Austria
- 1.3.3 Brazil
- 1.3.4 Bulgaria
- 1.3.5 Chile
- 1.3.6 China
- 1.3.7 Colombia
- 1.3.8 Croatia
- 1.3.9 Czech Republic
- 1.3.10 Estonia
- 1.3.11 Finland
- 1.3.12 Iceland
- 1.3.13 India
- 1.3.14 Indonesia
- 1.3.15 Islamic Republic of Afghanistan
- 1.3.16 Japan
- 1.3.17 Kosovo
- 1.3.18 Lithuania
- 1.3.19 Norway
- 1.3.20 Portugal
- 1.3.21 Qatar
- 1.3.22 Republic of Trinidad & Tobago
- 1.3.23 Russian Federation
- 1.3.24 South Africa
- 1.3.25 Turkey
- 1.3.26 Uganda
- 1.3.27 United Kingdom
- 1.3.28 United States
- 1.3.29 Uruguay
- 1.4 Regional Definition
- 1.5 Standard Definition
- 2 See also
- 3 Notes
Definitions
European Definitions
Council Communication COM(2011)163 final
Council Directive 2016/1148
Other International Definitions
African Union
OECD
GFCE-MERIDIAN
National Definitions
Albania
Austria
Brazil
Critical information Infrastructures are the subset of information assets that directly affect the achievement and continuity of state mission and the safety of society.
Bulgaria
Критична информационна инфраструктура са както мрежите, каналите и системите за управлението и поддържането им.
Chile
China
The national critical information infrastructure refers to the information facilities concerning the national security, the national economy and the people's livelihood, which may seriously damage the national security and the public interest if the data is divulged, destroyed or lost, including but not limited to providing public communications, broadcasting and television transmission and other services. Information network, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health, social security, public utilities and other important information systems and important Internet applications. [11]
Colombia
Infraestructura crítica: Es el conjunto de computadores, sistemas computacionales, redes de telecomunicaciones, datos e información, cuya destrucción o interferencia puede debilitar o impactar en la seguridad de la economía, salud pública, o la combinación de ellas, en una nación). [12]
Croatia
Kritična komunikacijska i informacijska infrastruktura – komunikacijski i informacijski sustavi čiji bi poremećaj u funkcioniranju bitno poremetio rad pojedine ili više identificiranih nacionalnih kritičnih infrastruktura. [13]
Czech Republic
Within the field of cyber security, a critical infrastructure means an element or system of elements of the critical infrastructure in the sector of communication and information systems. [15]
Zákonem jasně vymezený komplex informačních systémů, jejichž nefunkčnost by měla závažný dopad na bezpečnost státu, ekonomiku, veřejnou správu a zabezpečení základních životních potřeb obyvatelstva.
Estonia
The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations.
Finland
Iceland
The National Commissioner of Police further define those systems considered to be critical infrastructure.
India
Indonesia
Islamic Republic of Afghanistan
Japan
Japan defined the set of 13 Japanese CII sectors as [23]:
- information and communication services
- financial services
- aviation services
- railway services
- electric power supply services
- gas supply services
- government and administrative services (including municipal government),
- medical services
- water services
- logistics services
- chemical industries
- credit card services
- petroleum industries
Kosovo
Critical Information Infrastructure (CII): ICT systems that are critical infrastructures for themselves or that are essential for the operation of critical infrastructures (telecommunications, computers/software, Internet, satellites, etc.). [25]
Lithuania
Ypatingos svarbos informacinė infrastruktūra – elektroninių ryšių tinklas ar jo dalis, informacinė sistema ar jos dalis, informacinių sistemų grupė ar pramoninių procesų valdymo sistema ar jos dalis, nepaisant to, ar jos valdytojas yra privatus ar viešojo administravimo subjektas, kuriuose įvykęs kibernetinis incidentas gali padaryti didelę žalą nacionaliniam saugumui, šalies ūkiui, valstybės ir visuomenės interesams. [27]
Norway
Kritisk IKT-infrastruktur defineres som kritisk infrastruktur for elektronisk kommunikasjon. [29]
Portugal
Qatar
Criteria for being critical are:
- Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
- Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
- Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [31] [32].
Republic of Trinidad & Tobago
Russian Federation
критическая информационная инфраструктура Российской Федерации - совокупность автоматизированных систем управления КВО и обеспечивающих их взаимодействие информационно- телекоммуникационных сетей, предназначенных для решения задач государственного управления, обеспечения обороноспособности, безопасности и правопорядка, нарушение (или прекращение) функционирования которых может стать причиной наступления тяжких последствий. [34]
South Africa
Turkey
Kritik altyapılar: İşlediği bilginin gizliliği, bütünlüğü veya erişilebilirliği bozulduğunda, can kaybına, büyük ölçekli ekonomik zarara, ulusal güvenlik açıklarına veya kamu düzeninin bozulmasına, yol açabilecek bilişim sistemlerini barındıran altyapıları. [37] [38]
Uganda
United Kingdom
United States
DHS
Uruguay
Regional Definition
Victoria, Australia
Standard Definition
IETF
See also
- Critical Information Infrastructure Protection
- Critical Infrastructure
- Critical Infrastructure Protection
Notes
- ↑ COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 (NIS Directive
- ↑ AFRICAN UNION CONVENTION ON CYBER SECURITY AND PERSONAL DATA PROTECTION, LC12490, 27th June 2014
- ↑ OECD Recommendation of the Council on the Protection of Critical Information Infrastructures C(2008)35
- ↑ The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers, to appear November 2016
- ↑ Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
- ↑ Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Portaria Nº 34, de 5 de agosto de 2009. Conselho de Defesa Nacional, Secretaria Executiva (2009).
- ↑ „Кибер устойчива България 2020” - Republic of Bulgaria: national cyber security strategy "Cyber Resilient Bulgaria 2020"(2016)
- ↑ BASES PARA UNA POLÍTICA NACIONAL DE CIBERSEGURIDAD, MARZO DE 2015, Chile
- ↑ 网络空间安全战略 China’s Cyber Security Strategy December 2016.
- ↑ Lineamientos de política para la Ciberseguridad y Ciberdefensa, Conpes 3701 (2011) based on Resolución CRC 2258 from 2009.
- ↑ National Cyber Security Strategy draft (2015)
- ↑ Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Critical Information Infrastructure Protection Estonia
- ↑ Finlands' Cyber Security Strategy
- ↑ Network and information security webpage
- ↑ Section 70(1) of the Information Technology Act Ammendment (2008)
- ↑ Z.A. Hasibuan, Indonesia National Cyber Security Strategy: Security and Sovereignty in Indonesia Cyberspace (presentation), 2013
- ↑ National Cyber Security Strategy of Afghanistan (2014)
- ↑ The Basic Policy of Critical Information Infrastructure Protection (3rd Edition), Japan (2015)
- ↑ [http://www.nisc.go.jp/eng/pdf/actionplan_ci_eng_v3.pdf The Basic Policy of Critical Information Infrastructure Protection (3rd Edition) – tentative translation, Japan, 2014.
- ↑ Strategjia Shtetërore për Sigurinë Kibernetike dhe Plani i Veprimit 2016 – 2019
- ↑ National Cyber Security Strategy and Action Plan 2016 – 2019 (2016)
- ↑ GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 2011–2019
- ↑ LIETUVOS RESPUBLIKOS KIBERNETINIO SAUGUMO ĮSTATYMAS 2014 m. gruodžio 11 d. Nr. XII-1428 Vilnius
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ 31.0 31.1 QATAR National Cyber Security Strategy (May 2014) Cite error: Invalid
<ref>
tag; name "Qatar" defined multiple times with different content - ↑ 32.0 32.1 الاستراتيجية الوطنية للأمن السيبراني QATAR National Cyber Security Strategy - Arabic version (May 2014) Cite error: Invalid
<ref>
tag; name "Q2" defined multiple times with different content - ↑ Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
- ↑ NATIONAL SECURITY OF RUSSIA - Information security (February 3, 2012, № 803)
- ↑ South Africa Cyber Security Policy, Staatskoerant No. 32963, 10 Feb 2010
- ↑ Turkey's National Cyber Security Strategy and 2013-2014 Action Plan
- ↑ UlUSAL SİBER GÜVENLİk STRATEJİSİ VE
- ↑ 2016-2019 ULUSAL SİBER GÜVENLİK STRATEJİSİ
- ↑ National Information Security Policy (2011)
- ↑ Cyber Security in the UK, Postnote Number 389, September 2011
- ↑ Blueprint for a secure cyber future, DHS Nov 2011
- ↑ Decreto No. 451/009 item No. 3
- ↑ Critical Information Infrastructure Risk Management, VICTORIAN GOVERNMENT CIO COUNCIL, 2012
- ↑ IETF RFC449 Internet Security Glossary 2