Critical Information Infrastructure

From CIPedia
Revision as of 14:55, 27 September 2016 by Eluiijf (talk | contribs)
Jump to navigation Jump to search

Definitions

European Definitions

Council Communication COM(2011)163 final

No definition provided [1]

Other International Definitions

African Union

Critical Cyber/ICT Infrastructure means the cyber infrastructure that is essential to vital services for public safety, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace. [2]


OECD

Critical information infrastructures (“CII”) should be understood as referring to those interconnected information systems and networks, the disruption or destruction of which would have serious impact on the health, safety, security, or economic well-being of citizens, or on the effective functioning of government or the economy. [3]


National Definitions

Australia

The ICT component of Critical Infrastructure is referred to as Critical Information Infrastructure (CII). [4]


Austria

Critical information infrastructures are those infrastructures or parts thereof which are of crucial importance for ensuring important social functions. Their failure or destruction has severe effects on the health, security or the economic and social wellbeing of the population or the functioning of governmental institutions. [5]


Brazil

Infraestruturas Críticas da Informação: subconjunto de ativos de informação que afetam diretamente a consecução e a continuidade da missão do Estado e a segurança da sociedade. [6]
Critical information Infrastructures are the subset of information assets that directly affect the achievement and continuity of state mission and the safety of society.


Bulgaria

Критична комуникационна и информационна инфраструктура (ККИИ) - системи, услуги, мрежи и инфраструктури, които са жизнено важна част от националната икономика и общество и осигуряващи важни стоки и услуги, деструктивното въздействие върху които би могло да има сериозно влияние на жизнено важни функции на обществото. [7]

Критична информационна инфраструктура са както мрежите, каналите и системите за управлението и поддържането им.


Colombia

Critical Infrastructure is the set of computers, computer systems, telecommunication networks, data and information, the destruction or interference may weaken or impact the safety of the economy, public health, or combination thereof, in a nation (Infraestructura crítica: Es el conjunto de computadores, sistemas computacionales, redes de telecomunicaciones, datos e información, cuya destrucción o interferencia puede debilitar o impactar en la seguridad de la economía, salud pública, o la combinación de ellas, en una nación). [8]


Croatia

Kritična komunikacijska i informacijska infrastruktura – komunikacijski i informacijski sustavi čiji bi poremećaj u funkcioniranju bitno poremetio rad pojedine ili više identificiranih nacionalnih kritičnih infrastruktura.

Critical communication and information infrastructure: communication and information systems whose disruption in the functioning of vital disrupted the operation of any or more of the identified critical national infrastructure. [9]


Czech Republic

Kritickou informační infrastrukturou prvek nebo systém prvků kritické infrastruktury v odvětví komunikační a informační systémy v oblasti kybernetické bezpečnosti. [10]

Within the field of cyber security, a critical infrastructure means an element or system of elements of the critical infrastructure in the sector of communication and information systems. [11]

Zákonem jasně vymezený komplex informačních systémů, jejichž nefunkčnost by měla závažný dopad na bezpečnost státu, ekonomiku, veřejnou správu a zabezpečení základních životních potřeb obyvatelstva.

Estonia

Critical information infrastructure (CII) means information and communication systems whose maintenance, reliability and safety are essential for the proper functioning of a country. The critical information infrastructure is a part of the critical infrastructure. [12]


Finland

Critical information infrastructure refers to the structures and functions behind the information systems of the vital functions of society which electronically transmit, transfer, receive, store or otherwise process information (data). [13]


India

Critical Information Infrastructure (CII) is defined as a computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety. [14]


Indonesia

ICT Critical National Infrastructures are assets, services, objects in the form of physical or logical that involving the livelihood of many people, national interests and/or revenue of country that are strategic, in case of threats and attacks cause more loss of lives, destabilizing political, social, cultural and national economy as well as the sovereignty of the nation. [15]


Islamic Republic of Afghanistan

The infrastructures which host the information systems that can cause loss of lives, large scale economic damages, security vulnerabilities and disturbance of public order at national level when the confidentiality, integrity or accessibility of the information they process is compromised. [16]


Japan

CII is the backbone of national life and economic activities formed by businesses providing services that are extremely difficult to be substituted. If the function of the services is suspended, deteriorates or becomes unavailable, it could have a significant impact on the national life and economic activities. [17]


Lithuania

Critical information infrastructure shall mean an electronic communications network, information system or a group of information systems where an incident that occurs causes or may cause grave damage to national security, national economy or social well-being. [18]

Ypatingos svarbos informacinė infrastruktūra – elektroninių ryšių tinklas ar jo dalis, informacinė sistema ar jos dalis, informacinių sistemų grupė ar pramoninių procesų valdymo sistema ar jos dalis, nepaisant to, ar jos valdytojas yra privatus ar viešojo administravimo subjektas, kuriuose įvykęs kibernetinis incidentas gali padaryti didelę žalą nacionaliniam saugumui, šalies ūkiui, valstybės ir visuomenės interesams. [19]


Norway

Critical ICT infrastructure is defined as critical infrastructure for electronic communications. [20]
Kritisk IKT-infrastruktur defineres som kritisk infrastruktur for elektronisk kommunikasjon. [21]


Qatar

The information and communications technology systems, services, and data assets that are critical to Qatar. [22] [23]

Criteria for being critical are:

  1. Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
  2. Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
  3. Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [22] [23].


Republic of Trinidad & Tobago

Critical (information) infrastructure means computer systems, devices, networks, computer programs, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, defence or international relations of the State; or provision of services directly related to national or economic security, banking and financial services, communications infrastructure, national public health and safety, public transportation, public key infrastructure or any combination of those matters. [24]


Russian Federation

Critical information infrastructure is a set of automated control systems and their interaction with information and telecommunications networks, designed to meet the challenges to good governance, defense, security, law and order, the violation (or termination) of their operation which can cause the onset of serious consequences.

критическая информационная инфраструктура Российской Федерации - совокупность автоматизированных систем управления КВО и обеспечивающих их взаимодействие информационно- телекоммуникационных сетей, предназначенных для решения задач государственного управления, обеспечения обороноспособности, безопасности и правопорядка, нарушение (или прекращение) функционирования которых может стать причиной наступления тяжких последствий. [25]


South Africa

Critical Information Infrastructure means all ICT systems, data systems, data bases, networks (incl. people, buildings, facilities and processes), that are fundamental to the effective operation of the State. [26]


Turkey

Critical (information) infrastructure is defined as the infrastructures which host the information systems that can cause: loss of lives, large scale economic damages, or security vulnerabilities and disturbance of public order at national level when the confidentiality, integrity or accessibility of the information they process is compromised. [27]

Kritik altyapılar: İşlediği bilginin gizliliği, bütünlüğü veya erişilebilirliği bozulduğunda, can kaybına, büyük ölçekli ekonomik zarara, ulusal güvenlik açıklarına veya kamu düzeninin bozulmasına, yol açabilecek bilişim sistemlerini barındıran altyapıları. [28] [29]


Uganda

Uganda uses the aformentioned ITU-T definition. [30]


United Kingdom

Critical information infrastructure (CII) may refer to any IT systems which support key assets and services within the national infrastructure. [31]


Uruguay

Activos de información críticos del Estado: Son aquellos activos de información necesarios para asegurar y mantener el correcto funcionamiento de los servicios vitales para la operación del gobierno y la economía del país. [32]




Standard Definition

IETF

Those systems that are so vital to a nation that their incapacity or destruction would have a debilitating effect on national security, the economy, or public health and safety. [33]


See also

Notes

  1. COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’
  2. AFRICAN UNION CONVENTION ON CYBER SECURITY AND PERSONAL DATA PROTECTION, LC12490, 27th June 2014
  3. [1] OECD Recommendation of the Council on the Protection of Critical Information Infrastructures C(2008)35]
  4. Critical Information Infrastructure Risk Management, VICTORIAN GOVERNMENT CIO COUNCIL, 2012
  5. Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
  6. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Portaria Nº 34, de 5 de agosto de 2009. Conselho de Defesa Nacional, Secretaria Executiva (2009).
  7. „Кибер устойчива България 2020” - Republic of Bulgaria: national cyber security strategy "Cyber Resilient Bulgaria 2020"(2016)
  8. Lineamientos de política para la Ciberseguridad y Ciberdefensa, Conpes 3701 (2011) based on Resolución CRC 2258 from 2009.
  9. National Cyber Security Strategy draft (2015)
  10. http://www.nbu.cz/download/nodeid-1384/ Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)
  11. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  12. Critical Information Infrastructure Protection Estonia
  13. Finlands' Cyber Security Strategy
  14. Section 70(1) of the Information Technology Act Ammendment (2008)
  15. Indonesia's National Cyber Security Strategy
  16. National Cyber Security Strategy of Afghanistan (2014)
  17. The Basic Policy of Critical Information Infrastructure Protection (3rd Edition), Japan (2015)
  18. GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 2011–2019
  19. LIETUVOS RESPUBLIKOS KIBERNETINIO SAUGUMO ĮSTATYMAS 2014 m. gruodžio 11 d. Nr. XII-1428 Vilnius
  20. Cyber Security Strategy for Norway (2012)
  21. Nasjonal strategi for informasjonssikkerhet (2012)
  22. 22.0 22.1 QATAR National Cyber Security Strategy (May 2014) Cite error: Invalid <ref> tag; name "Qatar" defined multiple times with different content
  23. 23.0 23.1 الاستراتيجية الوطنية للأمن السيبراني QATAR NCSS - Arabic version (May 2014) Cite error: Invalid <ref> tag; name "Q2" defined multiple times with different content
  24. Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
  25. NATIONAL SECURITY OF RUSSIA - Information security (February 3, 2012, № 803)
  26. South Africa Cyber Security Policy, Staatskoerant No. 32963, 10 Feb 2010
  27. Turkey's National Cyber Security Strategy and 2013-2014 Action Plan
  28. UlUSAL SİBER GÜVENLİk STRATEJİSİ VE
  29. [http://www.udhb.gov.tr/doc/siberg/2016-2019guvenlik.pdf 2016-2019 ULUSAL SİBER GÜVENLİK STRATEJİSİ
  30. National Information Security Policy (2011)
  31. Cyber Security in the UK, Postnote Number 389, September 2011
  32. Decreto No. 451/009 item No. 3
  33. IETF RFC449 Internet Security Glossary 2
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Critical_Information_Infrastructure&oldid=5427"